3011 - Access Port - Untagged

dima1002 · Sat Oct 08, 2022 4:05 pm

Hello,

how do i get port 10 to an accessport? or untagged?

# model = RB3011UiAS
/interface bridge
add name=BRIDGE protocol-mode=none
/interface ethernet
set [ find default-name=ether2 ] name=WAN2
set [ find default-name=sfp1 ] auto-negotiation=no
/interface vlan
add comment=FIRMA interface=sfp1 name=VLAN_100 vlan-id=100
add comment=GAST interface=sfp1 name=VLAN_200 vlan-id=200
add comment=DMZ interface=sfp1 name=VLAN_300 vlan-id=300
add comment=HOTSPOT interface=sfp1 name=VLAN_400 vlan-id=400
add comment=PRIVAT interface=sfp1 name=VLAN_500 vlan-id=500
add interface=ether1 name=vlan1_PPPoE vlan-id=200
/interface pppoe-client
add add-default-route=yes disabled=no interface=vlan1_PPPoE keepalive-timeout=60 name=WAN1 user=test
/interface ethernet switch port
set 9 default-vlan-id=100
/interface bridge port
add bridge=BRIDGE frame-types=admit-only-vlan-tagged interface=ether5
add bridge=BRIDGE frame-types=admit-only-vlan-tagged interface=ether6
add bridge=BRIDGE frame-types=admit-only-vlan-tagged interface=ether7
add bridge=BRIDGE frame-types=admit-only-vlan-tagged interface=ether8
add bridge=BRIDGE frame-types=admit-only-vlan-tagged interface=ether9
add bridge=BRIDGE frame-types=admit-only-vlan-tagged interface=sfp1
add bridge=BRIDGE interface=ether10 pvid=100
/interface bridge vlan
add bridge=BRIDGE disabled=yes tagged=BRIDGE,ether5,ether6,ether7,ether8,ether9,sfp1 vlan-ids=99
add bridge=BRIDGE disabled=yes tagged=BRIDGE,ether5,ether6,ether7,ether8,ether9,ether10,sfp1 vlan-ids=100
add bridge=BRIDGE disabled=yes tagged=BRIDGE,ether5,ether6,ether7,ether8,ether9,sfp1 vlan-ids=200
add bridge=BRIDGE disabled=yes tagged=BRIDGE,ether5,ether6,ether7,ether8,ether9,sfp1 vlan-ids=300
add bridge=BRIDGE disabled=yes tagged=BRIDGE,ether5,ether6,ether7,ether8,ether9,sfp1 vlan-ids=400
add bridge=BRIDGE disabled=yes tagged=BRIDGE,ether5,ether6,ether7,ether8,ether9,sfp1 vlan-ids=500
/interface ethernet switch vlan
add independent-learning=yes ports=ether10,switch2-cpu switch=switch2 vlan-id=100

tdw · Sat Oct 08, 2022 6:32 pm

The /interface bridge vlan section, plus the pvid and vlan filtering settings under /interface bridge port, have no effect unless the bridge has vlan-filtering=yes.

Do not attempt to use a VLAN-aware bridge and switch chip at the same time, and given the issues with hardware VLAN switching on devices with multiple switch chips https://help.mikrotik.com/docs/display/ ... witchchips stick with the VLAN-aware bridge method.

You have incorrectly specified a bridge port, in this case sfp1, under /interface vlan - you should use the parent bridge, not a member.

Also ether10 is in the tagged list for vlan-ids=100 under /interface bridge vlan - it should either be absent, in which case untagged membership is dynamically added based on the port PVID, or explicitly added with untagged=ether10.

dima1002 · Sat Oct 08, 2022 6:54 pm

According to the wiki, the Mikrotik 3011 has no VLAN filtering. Or am I wrong?
Where do I have to configure the 3011 untagged?
/interface bridge port ?
or here
/interface ethernet switch vlan?

is this better?
ether 10 should be an access port

# model = RB3011UiAS
/interface bridge
add name=BRIDGE protocol-mode=none
/interface ethernet
set [ find default-name=sfp1 ] auto-negotiation=no
/interface vlan
add comment=FIRMA interface=BRIDGE name=VLAN_100 vlan-id=100
add comment=GAST interface=BRIDGE name=VLAN_200 vlan-id=200
add comment=DMZ interface=BRIDGE name=VLAN_300 vlan-id=300
add comment=HOTSPOT interface=BRIDGE name=VLAN_400 vlan-id=400
add comment=PRIVAT interface=BRIDGE name=VLAN_500 vlan-id=500
add interface=ether1 name=vlan1_PPPoE vlan-id=200
/interface pppoe-client
add add-default-route=yes disabled=no interface=vlan1_PPPoE keepalive-timeout=60 name=WAN1 user=test
/interface bridge port
add bridge=BRIDGE frame-types=admit-only-vlan-tagged interface=ether5
add bridge=BRIDGE frame-types=admit-only-vlan-tagged interface=ether6
add bridge=BRIDGE frame-types=admit-only-vlan-tagged interface=ether7
add bridge=BRIDGE frame-types=admit-only-vlan-tagged interface=ether8
add bridge=BRIDGE frame-types=admit-only-vlan-tagged interface=ether9
add bridge=BRIDGE frame-types=admit-only-vlan-tagged interface=sfp1
add bridge=BRIDGE interface=ether10 pvid=100

/interface ethernet switch port set 10 default-vlan-id=100
/interface ethernet switch vlan
add independent-learning=yes ports=ether10,switch2-cpu switch=switch2 vlan-id=100

anav · Sat Oct 08, 2022 8:15 pm

stop guessing, its more important to learn.

Read these first. --- > https://help.mikrotik.com/docs/display/ ... VLAN+Table
viewtopic.php?t=143620

Then look at Para C here - viewtopic.php?t=182373

tdw · Sat Oct 08, 2022 8:41 pm

According to the wiki, the Mikrotik 3011 has no VLAN filtering. Or am I wrong?
Where do I have to configure the 3011 untagged?
/interface bridge port ?
or here
/interface ethernet switch vlan?

It has no hardware-offloaded VLAN-aware bridge support. This is only an issue if you have significant traffic between ports in the same VLAN, all the traffic from VLANs to internet and between VLANs has to be handled by the CPU in any case.

By far the simplest setup is to use a single VLAN-aware bridge per the referneces from @anav. On non-CRS Mikrotiks with a single switch chip it is possible to configure the chip to handle the VLAN tagging/untagging/filtering per the example in the Mikrotik help / wiki pages, but on devices with multiple switch chips there are issues as described in the link of my previous post.

Also, on the 3011 the SFP traffic always passes through the CPU, see https://i.mt.lv/cdn/product_files/RB301 ... 160313.png

3011 - Access Port - Untagged

3011 - Access Port - Untagged

Re: 3011 - Access Port - Untagged

Re: 3011 - Access Port - Untagged

Re: 3011 - Access Port - Untagged

Re: 3011 - Access Port - Untagged

Who is online