Community discussions

MikroTik App
 
miankamran7100
Member Candidate
Member Candidate
Topic Author
Posts: 251
Joined: Tue Sep 17, 2019 9:28 am

SwOS vlan problem/Issues/understanding

Mon Dec 19, 2022 7:50 am

Dear Concern,
Hope you will be fine it is stated that I have a Mikrotik switch css326-24g-2s+rm. I want to configure the VLAN on switch.
Topology
on switch port-1 I have a PPPoE server LAN from the router.
I want to expand the PPPoE service through the VLAN on port 2.
and dial 10 PPPoE wan in pfsense.
So it's a request to you please help me.
Thanks
You do not have the required permissions to view the files attached to this post.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11383
Joined: Thu Mar 03, 2016 10:23 pm

Re: SwOS vlan problem/Issues/understanding

Mon Dec 19, 2022 10:32 am

So port 1 will be access port of one of VLANs. You select which VLAN by setting value as "default VLAN ID". Port can not be access port of multiple VLANs because switch can not distinguish between ingress frames as to which VLAN should receive each one.

As to multiple PPPoE sessions (if I understand it correctly): if pfsense can "play games" with PPPoE server, e.g. by using multiple different MAC addresses, then it's doable. But not otherwise ... PPPoE runs directly on top of ethernet (optionally VLAN) so server distinguishes clients by their MAC addresses.
 
User avatar
Buckeye
Forum Veteran
Forum Veteran
Posts: 883
Joined: Tue Sep 11, 2018 2:03 am
Location: Ohio, USA

Re: SwOS vlan problem/Issues/understanding

Mon Dec 19, 2022 10:49 am

@mkx you must be much better at mind reading than I am.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11383
Joined: Thu Mar 03, 2016 10:23 pm

Re: SwOS vlan problem/Issues/understanding

Mon Dec 19, 2022 11:39 am

Well, I'm into guessing game today :wink:
 
miankamran7100
Member Candidate
Member Candidate
Topic Author
Posts: 251
Joined: Tue Sep 17, 2019 9:28 am

Re: SwOS vlan problem/Issues/understanding

Mon Dec 19, 2022 12:19 pm

So port 1 will be access port of one of VLANs. You select which VLAN by setting value as "default VLAN ID". Port can not be access port of multiple VLANs because switch can not distinguish between ingress frames as to which VLAN should receive each one.

As to multiple PPPoE sessions (if I understand it correctly): if pfsense can "play games" with PPPoE server, e.g. by using multiple different MAC addresses, then it's doable. But not otherwise ... PPPoE runs directly on top of ethernet (optionally VLAN) so server distinguishes clients by their MAC addresses.
I have deployed this configuration in Mikrotik.
put Isp LAN in ether-2 Make VLANs under ether-3 and ether-4
connect ether-3 to ether-4 with external cat-6 wire
and Dial PPPoE client on bridge interface (Like user router).
This is working fine.
But now I want on Mikrotik switch just VLANs and dial on pfsense for load balancing.
You do not have the required permissions to view the files attached to this post.
 
User avatar
Buckeye
Forum Veteran
Forum Veteran
Posts: 883
Joined: Tue Sep 11, 2018 2:03 am
Location: Ohio, USA

Re: SwOS vlan problem/Issues/understanding

Mon Dec 19, 2022 12:49 pm

@miankamran7100 I wrote this before your latest post. What "MikroTik" is that? That just raised more questions. Where does that fit into the diagram in your original post?

When posting MikroTik ROS router configs, please use export format. With SwOS, you have no option for a text mode config, but you do with ROS, and it is a much more "compact" way to post the "whole picture" concerning the config. Screen shots can give some non config information, (like packet counts, mac addresses, etc.) but at this point the /export hide-sensitive output would be much more useful to people that are likely to help.

I don't have a CSS326, but I would have guessed the bottom row ports were "odd" and the upper "even". (based on the POE IN which I would guess is on port 1)

But you have both ports configured the same.

That's one reason I don't understand exactly what you are attempting to do.

To me it appears you have the switch set up with both port 1 and port 2 configured as hybrid "trunk" ports with native untagged vlan 1, and tagged for 14 vlans, 101-114. Although I am not 100% sure what the switch will do with untagged. You don't have strict defined, so even though you don't have vlan 1 in the "vlan database" (it does not exist in the listed vlans on the VLANs tab).

Also it isn't clear what you mean by "no vlan" for the top "pppoe server LAN". I assume you mean untagged. But on the switch, every frame will belong to a specific vlan, and the vlans will be kept separated from each other. The only way that data will get from one vlan to the other is if there is a router that is vlan-aware, and it has "vlan interfaces" connected to the "tagged" vlans, and the router is allowed to route the traffic (there is a valid ip address on the vlan interfaces, a valid route (for connnected subnets there will be connected routes created automatically) and the firewall is not blocking the traffic.

Have you ever used vlans? If not, I suggest understanding what they are before trying to configure the switch. My favorite "intro to vlans" is Ed Harmoush's Virtual Local Area Networks (VLANs) Ed also has a video covering the same info VLANs – the simplest explanation Here's an index to the vlan pages on PracticalNetworking
 
miankamran7100
Member Candidate
Member Candidate
Topic Author
Posts: 251
Joined: Tue Sep 17, 2019 9:28 am

Re: SwOS vlan problem/Issues/understanding

Mon Dec 19, 2022 1:14 pm

@miankamran7100 I wrote this before your latest post. What "MikroTik" is that? That just raised more questions. Where does that fit into the diagram in your original post?

When posting MikroTik ROS router configs, please use export format. With SwOS, you have no option for a text mode config, but you do with ROS, and it is a much more "compact" way to post the "whole picture" concerning the config. Screen shots can give some non config information, (like packet counts, mac addresses, etc.) but at this point the /export hide-sensitive output would be much more useful to people that are likely to help.

I don't have a CSS326, but I would have guessed the bottom row ports were "odd" and the upper "even". (based on the POE IN which I would guess is on port 1)

But you have both ports configured the same.

That's one reason I don't understand exactly what you are attempting to do.

To me it appears you have the switch set up with both port 1 and port 2 configured as hybrid "trunk" ports with native untagged vlan 1, and tagged for 14 vlans, 101-114. Although I am not 100% sure what the switch will do with untagged. You don't have strict defined, so even though you don't have vlan 1 in the "vlan database" (it does not exist in the listed vlans on the VLANs tab).

Also it isn't clear what you mean by "no vlan" for the top "pppoe server LAN". I assume you mean untagged. But on the switch, every frame will belong to a specific vlan, and the vlans will be kept separated from each other. The only way that data will get from one vlan to the other is if there is a router that is vlan-aware, and it has "vlan interfaces" connected to the "tagged" vlans, and the router is allowed to route the traffic (there is a valid ip address on the vlan interfaces, a valid route (for connnected subnets there will be connected routes created automatically) and the firewall is not blocking the traffic.

Have you ever used vlans? If not, I suggest understanding what they are before trying to configure the switch. My favorite "intro to vlans" is Ed Harmoush's Virtual Local Area Networks (VLANs) Ed also has a video covering the same info VLANs – the simplest explanation Here's an index to the vlan pages on PracticalNetworking

This is the configuration on my MikroTik Router
working fine.


/interface vlan
add interface=ether3_Loop name=vlan101 vlan-id=101
add interface=ether3_Loop name=vlan102 vlan-id=102
add interface=ether3_Loop name=vlan103 vlan-id=103
add interface=ether3_Loop name=vlan104 vlan-id=104
add interface=ether3_Loop name=vlan105 vlan-id=105
add interface=ether3_Loop name=vlan106 vlan-id=106
add interface=ether3_Loop name=vlan107 vlan-id=107
add interface=ether3_Loop name=vlan108 vlan-id=108
add interface=ether3_Loop name=vlan109 vlan-id=109
add interface=ether3_Loop name=vlan110 vlan-id=110
add interface=ether3_Loop name=vlan111 vlan-id=111
add interface=ether3_Loop name=vlan112 vlan-id=112
add interface=ether3_Loop name=vlan113 vlan-id=113
add interface=ether3_Loop name=vlan114 vlan-id=114

add interface=ether4_Loop name=vlan201 vlan-id=101
add interface=ether4_Loop name=vlan202 vlan-id=102
add interface=ether4_Loop name=vlan203 vlan-id=103
add interface=ether4_Loop name=vlan204 vlan-id=104
add interface=ether4_Loop name=vlan205 vlan-id=105
add interface=ether4_Loop name=vlan206 vlan-id=106
add interface=ether4_Loop name=vlan207 vlan-id=107
add interface=ether4_Loop name=vlan208 vlan-id=108
add interface=ether4_Loop name=vlan209 vlan-id=109
add interface=ether4_Loop name=vlan210 vlan-id=110
add interface=ether4_Loop name=vlan211 vlan-id=111
add interface=ether4_Loop name=vlan212 vlan-id=112
add interface=ether4_Loop name=vlan213 vlan-id=113
add interface=ether4_Loop name=vlan214 vlan-id=114

/interface bridge
add admin-mac=4A:E1:F7:DE:09:E4 auto-mac=no name=Bridge_WAN1
add admin-mac=5A:E1:F7:ED:59:E5 auto-mac=no name=Bridge_WAN2
add admin-mac=6E:E9:F7:ED:09:E6 auto-mac=no name=Bridge_WAN3
add admin-mac=6E:E8:F7:ED:09:E7 auto-mac=no name=Bridge_WAN4
add admin-mac=70:E1:F7:ED:09:E8 auto-mac=no name=Bridge_WAN5
add admin-mac=78:66:27:24:B3:FD auto-mac=no name=Bridge_WAN6
add admin-mac=88:D1:F7:ED:09:E9 auto-mac=no name=Bridge_WAN7
add admin-mac=90:E9:F7:ED:01:E0 auto-mac=no name=Bridge_WAN8
add admin-mac=19:E8:F7:ED:0C:1D auto-mac=no name=Bridge_WAN9
add admin-mac=33:88:CB:B4:03:E5 auto-mac=no name=Bridge_WAN10
add admin-mac=A3:E3:34:D3:AD:14 auto-mac=no name=Bridge_WAN11
add admin-mac=B9:ED:34:D3:AD:15 auto-mac=no name=Bridge_WAN12
add admin-mac=D6:FD:34:D3:AD:16 auto-mac=no name=Bridge_WAN13
add admin-mac=E5:FD:34:D3:AD:17 auto-mac=no name=Bridge_WAN14
add admin-mac=80:F4:F9:ED:09:E5 auto-mac=no name=Bridge_ether2


/interface bridge port
add bridge=Bridge_ether2 interface=ether2_WAN
add bridge=Bridge_ether2 interface=vlan101
add bridge=Bridge_ether2 interface=vlan102
add bridge=Bridge_ether2 interface=vlan103
add bridge=Bridge_ether2 interface=vlan104
add bridge=Bridge_ether2 interface=vlan105
add bridge=Bridge_ether2 interface=vlan106
add bridge=Bridge_ether2 interface=vlan107
add bridge=Bridge_ether2 interface=vlan108
add bridge=Bridge_ether2 interface=vlan109
add bridge=Bridge_ether2 interface=vlan110
add bridge=Bridge_ether2 interface=vlan111
add bridge=Bridge_ether2 interface=vlan112
add bridge=Bridge_ether2 interface=vlan113
add bridge=Bridge_ether2 interface=vlan114
 
miankamran7100
Member Candidate
Member Candidate
Topic Author
Posts: 251
Joined: Tue Sep 17, 2019 9:28 am

Re: SwOS vlan problem/Issues/understanding

Mon Dec 19, 2022 1:15 pm

@miankamran7100 I wrote this before your latest post. What "MikroTik" is that? That just raised more questions. Where does that fit into the diagram in your original post?

When posting MikroTik ROS router configs, please use export format. With SwOS, you have no option for a text mode config, but you do with ROS, and it is a much more "compact" way to post the "whole picture" concerning the config. Screen shots can give some non config information, (like packet counts, mac addresses, etc.) but at this point the /export hide-sensitive output would be much more useful to people that are likely to help.

I don't have a CSS326, but I would have guessed the bottom row ports were "odd" and the upper "even". (based on the POE IN which I would guess is on port 1)

But you have both ports configured the same.

That's one reason I don't understand exactly what you are attempting to do.

To me it appears you have the switch set up with both port 1 and port 2 configured as hybrid "trunk" ports with native untagged vlan 1, and tagged for 14 vlans, 101-114. Although I am not 100% sure what the switch will do with untagged. You don't have strict defined, so even though you don't have vlan 1 in the "vlan database" (it does not exist in the listed vlans on the VLANs tab).

Also it isn't clear what you mean by "no vlan" for the top "pppoe server LAN". I assume you mean untagged. But on the switch, every frame will belong to a specific vlan, and the vlans will be kept separated from each other. The only way that data will get from one vlan to the other is if there is a router that is vlan-aware, and it has "vlan interfaces" connected to the "tagged" vlans, and the router is allowed to route the traffic (there is a valid ip address on the vlan interfaces, a valid route (for connnected subnets there will be connected routes created automatically) and the firewall is not blocking the traffic.

Have you ever used vlans? If not, I suggest understanding what they are before trying to configure the switch. My favorite "intro to vlans" is Ed Harmoush's Virtual Local Area Networks (VLANs) Ed also has a video covering the same info VLANs – the simplest explanation Here's an index to the vlan pages on PracticalNetworking
I want to configure this configuration on SWOS
/interface VLAN
add interface=ether3_Loop name=vlan101 vlan-id=101
add interface=ether3_Loop name=vlan102 vlan-id=102
add interface=ether3_Loop name=vlan103 vlan-id=103
add interface=ether3_Loop name=vlan104 vlan-id=104
add interface=ether3_Loop name=vlan105 vlan-id=105
add interface=ether3_Loop name=vlan106 vlan-id=106
add interface=ether3_Loop name=vlan107 vlan-id=107
add interface=ether3_Loop name=vlan108 vlan-id=108
add interface=ether3_Loop name=vlan109 vlan-id=109
add interface=ether3_Loop name=vlan110 vlan-id=110
add interface=ether3_Loop name=vlan111 vlan-id=111
add interface=ether3_Loop name=vlan112 vlan-id=112
add interface=ether3_Loop name=vlan113 vlan-id=113
add interface=ether3_Loop name=vlan114 vlan-id=114

/interface bridge port
add bridge=Bridge_ether2 interface=ether2_WAN
add bridge=Bridge_ether2 interface=vlan101
add bridge=Bridge_ether2 interface=vlan102
add bridge=Bridge_ether2 interface=vlan103
add bridge=Bridge_ether2 interface=vlan104
add bridge=Bridge_ether2 interface=vlan105
add bridge=Bridge_ether2 interface=vlan106
add bridge=Bridge_ether2 interface=vlan107
add bridge=Bridge_ether2 interface=vlan108
add bridge=Bridge_ether2 interface=vlan109
add bridge=Bridge_ether2 interface=vlan110
add bridge=Bridge_ether2 interface=vlan111
add bridge=Bridge_ether2 interface=vlan112
add bridge=Bridge_ether2 interface=vlan113
add bridge=Bridge_ether2 interface=vlan114
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11383
Joined: Thu Mar 03, 2016 10:23 pm

Re: SwOS vlan problem/Issues/understanding

Mon Dec 19, 2022 3:29 pm

You can't configure SwOS the way you have it in ROS, SwOS only supports what's known as "single vlan-enabled bridge" in ROS.

And even if you could do it, the magic of running N PPPoE clients is on the router - running one PPPoE client per bridge (on those you set MAC addresses to different values).

Who is online

Users browsing this forum: No registered users and 6 guests