Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

RouterOS New Install - Trouble with tagged VLANs

Post Reply
 
professor39
just joined
Topic Author
Posts: 3
Joined: Sat Feb 18, 2023 8:28 pm

RouterOS New Install - Trouble with tagged VLANs

Sat Feb 18, 2023 9:17 pm

Hello everyone. This deployment is for my homelab and I have no production services. No real impact other than a few upset kids that can't get to their internal minecraft server from wifi.

I'm brand new to MikroTik; however, I've been working with network devices for quite a while. I'm moving away from a design that used the UniFi USG for L3 inter-vlan routing to a CRS326 running RouterOS v7.7. The main reason for this new design is to offload inter-vlan media server streaming traffic from the USG by keeping it within the CRS326. I also needed a few extra ports.

I thought everything was working as expected until I started to connect my WAPs. Did some troubleshooting for a bit and after testing VLAN tagging from a VM, I have narrowed down the issue to tagged VLANs not passing traffic if they're not assigned PVID on trunk ports.

My test was to create a VM using VLAN20 on an vSphere host on ether21,22. No DHCP. Configured static address and can not reach VLAN20 gateway.
The host is currently connected via tagged management network and the existing VMs inside are tagged VLAN25 as well.

I can ping VLAN20 gateway from a computer on access port (untagged) ether3.
Code: Select all
en9: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	options=6467<RXCSUM,TXCSUM,VLAN_MTU,TSO4,TSO6,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM>
	ether 60:32:b1:23:a8:2e 
	inet6 fe80::c17:209f:530b:3ab4%en9 prefixlen 64 secured scopeid 0xd 
	inet 192.168.17.107 netmask 0xffffff00 broadcast 192.168.17.255
	nd6 options=201<PERFORMNUD,DAD>
	media: autoselect (1000baseT <full-duplex>)
	status: active
	
$ ping 192.168.20.1
PING 192.168.20.1 (192.168.20.1): 56 data bytes
64 bytes from 192.168.20.1: icmp_seq=0 ttl=64 time=0.471 ms
64 bytes from 192.168.20.1: icmp_seq=1 ttl=64 time=0.698 ms
64 bytes from 192.168.20.1: icmp_seq=2 ttl=64 time=0.655 ms
64 bytes from 192.168.20.1: icmp_seq=3 ttl=64 time=0.617 ms
^C
--- 192.168.20.1 ping statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.471/0.610/0.698/0.085 ms
Configuration
Code: Select all
# feb/18/2023 13:40:39 by RouterOS 7.7
# software id = INT8-8NDU
#
# model = CRS326-24G-2S+
# serial number = <redacted>
/interface bridge
add admin-mac=48:A9:8A:0F:26:E8 auto-mac=no comment=defconf name=bridge
add name=bridge1 pvid=25 vlan-filtering=yes
/interface ethernet
set [ find default-name=ether21 ] l2mtu=9216 mtu=9000
set [ find default-name=ether22 ] l2mtu=9216 mtu=9000
set [ find default-name=ether23 ] l2mtu=9216 mtu=9000
set [ find default-name=ether24 ] l2mtu=9216 mtu=9000
/interface vlan
add interface=bridge1 name=VLAN17 vlan-id=17
add interface=bridge1 name=VLAN20 vlan-id=20
add interface=bridge1 name=VLAN25 vlan-id=25
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/port
set 0 name=serial0
/interface bridge port
add bridge=bridge1 comment=WAP01 interface=ether2 pvid=25
add bridge=bridge1 comment=defconf interface=ether3 pvid=17
add bridge=bridge1 comment=defconf interface=ether4 pvid=17
add bridge=bridge1 comment=defconf interface=ether5 pvid=25
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=ether10
add bridge=bridge comment=defconf interface=ether11
add bridge=bridge comment=defconf interface=ether12
add bridge=bridge comment=defconf interface=ether13
add bridge=bridge comment=defconf interface=ether14
add bridge=bridge comment=defconf interface=ether15
add bridge=bridge comment=defconf interface=ether16
add bridge=bridge comment=defconf interface=ether17
add bridge=bridge comment=defconf interface=ether18
add bridge=bridge comment=defconf interface=ether19
add bridge=bridge comment=defconf interface=ether20
add bridge=bridge1 comment="esx-node01 - vkernel" interface=ether21 pvid=25
add bridge=bridge1 comment="esx-node01 - vkernel" interface=ether22 pvid=25
add bridge=bridge1 comment="NAS Adapter 3" interface=ether23 pvid=25
add bridge=bridge1 comment="NAS Adapter 4" interface=ether24 pvid=25
add bridge=bridge comment=defconf interface=sfp-sfpplus1
add bridge=bridge comment=defconf interface=sfp-sfpplus2
/interface bridge vlan
add bridge=bridge1 tagged=bridge1 untagged=ether3,ether4 vlan-ids=17
add bridge=bridge1 tagged=bridge1 vlan-ids=20
add bridge=bridge1 tagged=ether21,ether22 untagged=bridge1 vlan-ids=25
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0
add address=192.168.17.1/24 interface=VLAN17 network=192.168.17.0
add address=192.168.15.2/29 interface=ether1 network=192.168.15.0
add address=192.168.20.1/24 interface=VLAN20 network=192.168.20.0
add address=192.168.25.1/24 interface=VLAN25 network=192.168.25.0
/ip dhcp-relay
add dhcp-server=192.168.25.101,192.168.25.102 disabled=no interface=VLAN17 name=VLAN17
add dhcp-server=192.168.25.101,192.168.25.102 disabled=no interface=VLAN20 name=VLAN20
/ip dns
set servers=192.168.25.101,192.168.25.102
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.15.1 pref-src="" routing-table=main suppress-hw-offload=no
/system clock
set time-zone-name=<redacted>
/system routerboard settings
set boot-os=router-os
Network diagram:
homelab-230218.png
I need help with the trunk on ether21,22. I know my UniFi WAPs need a hybrid port (trunk with native VLAN) and I can take care of that once tagging is working as expected on ether21,22. I've read several posts and I thought I had it until I went to test wifi.

Thanks in advance. 🙂
You do not have the required permissions to view the files attached to this post.
Top
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 2877
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: RouterOS New Install - Trouble with tagged VLANs

Sat Feb 18, 2023 9:24 pm

Simple search search.php?keywords=vlan+tagged+routeros
leads to viewtopic.php?p=706996#p706996 as a "must read".
Top
 
professor39
just joined
Topic Author
Posts: 3
Joined: Sat Feb 18, 2023 8:28 pm

Re: RouterOS New Install - Trouble with tagged VLANs

Sat Feb 18, 2023 9:36 pm

Simple search search.php?keywords=vlan+tagged+routeros
leads to viewtopic.php?p=706996#p706996 as a "must read".
Thank you. I've read viewtopic.php?p=706996#p706996. That's how I've gotten this far. I thought I had done everything suggested by the post. My use case may be a little different? I don't need the VLANs to escape the CRS326. My uplink to the USG, ether1, is a routed interface.

I believe my only deviation was to not set frame-types=admit-only-vlan-tagged. I am using admit all. And I have PVID set to values other than 1. I'll make that adjustment and report back.
Top
 
professor39
just joined
Topic Author
Posts: 3
Joined: Sat Feb 18, 2023 8:28 pm

Re: RouterOS New Install - Trouble with tagged VLANs

Sat Feb 18, 2023 10:37 pm

Ok. I figured it out. This took a while to sink in so I'm going to explain it here in case others come along.

I failed to realize when I added bridge1 as tagged in interface/bridge/vlans that it wouldn't add all interfaces in bridge1 as well. I thought the bridge was acting as a group and tagging/untagging would apply as such.

For clarity, here's the section:
Code: Select all
#######################################
#
# -- Trunk Ports --
#
#######################################

# ingress behavior
/interface bridge port

# Purple Trunk. Leave pvid set to default of 1
add bridge=BR1 interface=ether2
add bridge=BR1 interface=ether3
add bridge=BR1 interface=ether4
add bridge=BR1 interface=ether5
add bridge=BR1 interface=ether6
add bridge=BR1 interface=ether7
add bridge=BR1 interface=sfp1

# egress behavior
/interface bridge vlan

# Purple Trunk. These need IP Services (L3), so add Bridge as member
add bridge=BR1 tagged=BR1,ether2,ether3,ether4,ether5,ether6,ether7,sfp1 vlan-ids=10
add bridge=BR1 tagged=BR1,ether2,ether3,ether4,ether5,ether6,ether7,sfp1 vlan-ids=20
add bridge=BR1 tagged=BR1,ether2,ether3,ether4,ether5,ether6,ether7,sfp1 vlan-ids=30
add bridge=BR1 tagged=BR1,ether2,ether3,ether4,ether5,ether6,ether7,sfp1 vlan-ids=99

I added the interfaces for my trunk to tagged and it came right up. Simple fix. Thanks for your help and to whoever created the write-up.

I've worked with several manufacturers over the years and MikroTik is quite different. I wouldn't have been able to do this without you all spending time in the forums to help others out.

Cheers!!
Top
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19322
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:
Contact anav

Re: RouterOS New Install - Trouble with tagged VLANs

Sat Feb 18, 2023 11:53 pm

Yeah that little bit bites many in the buttocks :-)

You may find reading Para C somewhat helpful after the fact.......
viewtopic.php?t=182373
Top
Post Reply

Who is online

Users browsing this forum: Bing [Bot] and 36 guests
  4. RouterOS
  5. Beginner Basics