Community discussions

MikroTik App
 
TopHatProductions115
newbie
Topic Author
Posts: 30
Joined: Fri Dec 10, 2021 2:44 am

Revising VLAN Setup (New Equipment)

Thu Apr 20, 2023 3:32 am

After almost three months of planning, research, and experimentation, (at least for the VLAN part) I finally have a rough idea of what I may need for my current setup. To summarise the the requirements, the final solution needs to be able to:
  • wirelessly connect to ISP-provided router that's on a different floor
  • host VLANs, with bridge VLAN filtering enabled
  • have enough SFP+ (10GbE) ports for current and future configurations

Optionally, 3G/LTE/5G failover would be convenient (in case the ISP router drops out again). But that isn't as important.

I have the following hardware to work with:
  • Chateau 5G ax
  • RB4011iGS+5HacQ2HnD-IN
  • CCR2004-1G-12S+2XS
  • CRS317-1G-16S+RM

The RB4011i and CCR2004 are holdovers from a previous network setup. From what I've red thus far, I think the Chateau and RB4011i both have the ability to act as wireless clients - especially in CPE mode. The CRS317 should be able to handle the Bridge VLAN table and filter rules. While I would like to make use of the CCR2004, I don't know if it's redundant at this point. I have 9 VLANs planned for this, and won't be able to (practically) rely on tagging by physical access ports because of how vSphere handles VM and service traffic. I'd need at least 8 physical access ports to account for individual VMs alone - which ignores vSphere services like vSAN and vMotion (each of which should be on its own VLAN). I currently have the VMs tagging their own traffic, in opposed to the vSwitch or MikroTik appliance(s). VMware calls this VGT. As a result, I've only had to use VST for vSphere services (vMotion, vSAN, Provisioning, Replication, etc.). The only thing that currently needs a physical access port to be tagged is HP iLO.

While the current setup is usable, it becomes unusable whenever there's a lot of activity (downloading software updates, moving large files). The RB4011i isn't taking it too well (runs noticeably warm), and I want to move my VLAN setup to the CRS317. For routing and IP services, I'm torn between the RB4011i and the CCR2004. I think that the CCR2004 would outdo the RB4011i in this scenario, but I still need to connect to the ISP router. Is it possible to have the RB4011i act as nothing more than a wireless client for the rest of the equipment, while having the CCR2004 handle most of my internal routing and firewall needs?

I have a few drafts (RCS files) for what I'm trying to do, but they're pretty rough. They're probably riddled with errors.
 
TopHatProductions115
newbie
Topic Author
Posts: 30
Joined: Fri Dec 10, 2021 2:44 am

Re: Revising VLAN Setup (New Equipment)

Fri Apr 21, 2023 8:57 am

After a few more days of trial-and-error, I have the first major draft for my bridge VLAN filter config. Due to the way that vSphere handles VM network traffic over physical ports, I ended up making some interesting observations:
  • tagging by physical access port probably only works if you assign individual pNICs to your VMs
  • probably can't spare enough pNICs for proper access port tagging
  • all physical ports facing the ESXi host may need to be treated as trunk ports

Here is an inexhaustive list of sources that I used in the creation of this draft:
I ended up using Safe Mode quite a bit as I worked on the filtering rules. All of my testing has been done solely on the CRS317-1G-16S+. However, I plan to split this up between it and the CCR2004-1G-12S+2XS in the near future. Once I've managed to do so, the majority of my work should be finished. Still waiting on a few more components (delivery running late) before I can test it out properly.

EDIT: Removed previous attachment for sanitisation. Will re-upload newer version in a few hours.
Last edited by TopHatProductions115 on Fri Apr 21, 2023 9:35 am, edited 1 time in total.
 
holvoetn
Forum Guru
Forum Guru
Posts: 5317
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Revising VLAN Setup (New Equipment)

Fri Apr 21, 2023 9:08 am

Q:
I have a conceptual problem with "wirelessly connect to ISP router on different floor" and "have enough SFP+ (10GbE) ports for current and future configurations"
Your wireless link will be the bottle-neck for everything going external, why the focus on 10Gb ports then ?
Just wondering.
 
TopHatProductions115
newbie
Topic Author
Posts: 30
Joined: Fri Dec 10, 2021 2:44 am

Re: Revising VLAN Setup (New Equipment)

Fri Apr 21, 2023 9:34 am

Q:
I have a conceptual problem with "wirelessly connect to ISP router on different floor" and "have enough SFP+ (10GbE) ports for current and future configurations"
Your wireless link will be the bottle-neck for everything going external, why the focus on 10Gb ports then ?
Just wondering.
The 10GbE ports still benefit apps/services running on my private network. Any time I transfer large files, stream multimedia, etc., between nodes on that network, it makes a difference. I can also use it for services like vMotion and vSAN (using vSphere ESXi). If there's going to be a bottleneck, I'd rather it not be on my side of the wall. When I move out, that bottleneck will cease to exist.
 
TopHatProductions115
newbie
Topic Author
Posts: 30
Joined: Fri Dec 10, 2021 2:44 am

Re: Revising VLAN Setup (New Equipment)

Sat Apr 22, 2023 3:16 am

Here is my current config. As it is now, I'm only able to connect to the bridge itself. Can't reach any of the VLANs, so I think that I messed up my filter rules.
# jan/02/1970 20:31:00 by RouterOS 7.8
#
# model = CRS317-1G-16S+

/interface bridge
add admin-mac=48:A9:8A:98:DA:60 auto-mac=no comment=defconf name=vbridge0 \
    vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] comment="Dedicated Admin/Management port"
set [ find default-name=sfp-sfpplus1 ] comment=\
    "Used to bridge this switch with the CCR2004-1G-12S+2XS"
set [ find default-name=sfp-sfpplus2 ] comment=\
    "Dedicated iLO port (VLAN ID 51)"
/interface vlan
add interface=vbridge0 name=IDM vlan-id=51
add interface=vbridge0 name=IVFT vlan-id=21
add interface=vbridge0 name=IVM vlan-id=2
add interface=vbridge0 name=IVP vlan-id=3
add interface=vbridge0 name=IVR vlan-id=4
add interface=vbridge0 name=IVS vlan-id=5
add interface=vbridge0 name=SPM vlan-id=6
add interface=vbridge0 name=SQN vlan-id=7
add interface=vbridge0 name=XAN vlan-id=8
/interface list
add name=WAN
add name=LAN
add name=VLANs
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=vBridge0pool ranges=12.0.0.20-12.0.0.254
add name=IDMpool ranges=10.0.0.5-10.0.0.127,10.0.0.129-10.0.0.254
add name=IVMpool ranges=10.0.1.2-10.0.1.254
add name=IVPpool ranges=10.0.2.2-10.0.2.254
add name=IVRpool ranges=10.0.3.2-10.0.3.254
add name=IVSpool ranges=10.0.4.2-10.0.4.254
add name=IVFTpool ranges=10.0.5.2-10.0.5.254
add name=SPMpool ranges=10.12.8.9-10.12.8.254
add name=SQNpool ranges=10.12.7.7-10.12.7.254
add name=XANpool ranges=10.12.6.17-10.12.6.254
/ip dhcp-server
add address-pool=IDMpool interface=IDM name=IDMdhcp
add address-pool=vBridge0pool interface=vbridge0 name=vBridge0dhcp
add address-pool=IVMpool interface=IVM name=IVMdhcp
add address-pool=IVPpool interface=IVP name=IVPdhcp
add address-pool=IVRpool interface=IVR name=IVRdhcp
add address-pool=IVSpool interface=IVS name=IVSdhcp
add address-pool=SPMpool interface=SPM name=SPMdhcp
add address-pool=SQNpool interface=SQN name=SQNdhcp
add address-pool=XANpool interface=XAN name=XANdhcp
add address-pool=IVFTpool interface=IVFT name=IVFTdhcp
/port
set 0 name=serial0
/routing bgp template
set default disabled=no output.network=bgp-networks
/routing ospf instance
add disabled=no name=default-v2
/routing ospf area
add disabled=yes instance=default-v2 name=backbone-v2
/interface bridge port
add bridge=vbridge0 comment=defconf interface=ether1
add bridge=vbridge0 comment=defconf interface=sfp-sfpplus1
add bridge=vbridge0 comment=defconf frame-types=admit-only-vlan-tagged \
    interface=sfp-sfpplus2 pvid=51
add bridge=vbridge0 comment=defconf interface=sfp-sfpplus3
add bridge=vbridge0 comment=defconf interface=sfp-sfpplus4
add bridge=vbridge0 comment=defconf interface=sfp-sfpplus5
add bridge=vbridge0 comment=defconf interface=sfp-sfpplus6
add bridge=vbridge0 comment=defconf interface=sfp-sfpplus7
add bridge=vbridge0 comment=defconf interface=sfp-sfpplus8
add bridge=vbridge0 comment=defconf interface=sfp-sfpplus9
add bridge=vbridge0 comment=defconf interface=sfp-sfpplus10
add bridge=vbridge0 comment=defconf interface=sfp-sfpplus11
add bridge=vbridge0 comment=defconf interface=sfp-sfpplus12
add bridge=vbridge0 comment=defconf interface=sfp-sfpplus13
add bridge=vbridge0 comment=defconf interface=sfp-sfpplus14
add bridge=vbridge0 comment=defconf interface=sfp-sfpplus15
add bridge=vbridge0 comment=defconf interface=sfp-sfpplus16
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface bridge vlan
add bridge=vbridge0 tagged=vbridge0,ether1
add bridge=vbridge0 tagged="sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus\
    4,sfp-sfpplus5,sfp-sfpplus6,sfp-sfpplus7,sfp-sfpplus8,sfp-sfpplus9,sfp-sfp\
    plus10,sfp-sfpplus11,sfp-sfpplus12,sfp-sfpplus13,sfp-sfpplus14,sfp-sfpplus\
    15,sfp-sfpplus16" vlan-ids=51
add bridge=vbridge0 tagged="sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus\
    4,sfp-sfpplus5,sfp-sfpplus6,sfp-sfpplus7,sfp-sfpplus8,sfp-sfpplus9,sfp-sfp\
    plus10,sfp-sfpplus11,sfp-sfpplus12,sfp-sfpplus13,sfp-sfpplus14,sfp-sfpplus\
    15,sfp-sfpplus16" vlan-ids=21
add bridge=vbridge0 tagged="sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus\
    4,sfp-sfpplus5,sfp-sfpplus6,sfp-sfpplus7,sfp-sfpplus8,sfp-sfpplus9,sfp-sfp\
    plus10,sfp-sfpplus11,sfp-sfpplus12,sfp-sfpplus13,sfp-sfpplus14,sfp-sfpplus\
    15,sfp-sfpplus16" vlan-ids=2
add bridge=vbridge0 tagged="sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus\
    4,sfp-sfpplus5,sfp-sfpplus6,sfp-sfpplus7,sfp-sfpplus8,sfp-sfpplus9,sfp-sfp\
    plus10,sfp-sfpplus11,sfp-sfpplus12,sfp-sfpplus13,sfp-sfpplus14,sfp-sfpplus\
    15,sfp-sfpplus16" vlan-ids=3
add bridge=vbridge0 tagged="sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus\
    4,sfp-sfpplus5,sfp-sfpplus6,sfp-sfpplus7,sfp-sfpplus8,sfp-sfpplus9,sfp-sfp\
    plus10,sfp-sfpplus11,sfp-sfpplus12,sfp-sfpplus13,sfp-sfpplus14,sfp-sfpplus\
    15,sfp-sfpplus16" vlan-ids=4
add bridge=vbridge0 tagged="sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus\
    4,sfp-sfpplus5,sfp-sfpplus6,sfp-sfpplus7,sfp-sfpplus8,sfp-sfpplus9,sfp-sfp\
    plus10,sfp-sfpplus11,sfp-sfpplus12,sfp-sfpplus13,sfp-sfpplus14,sfp-sfpplus\
    15,sfp-sfpplus16" vlan-ids=5
add bridge=vbridge0 tagged="sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus\
    4,sfp-sfpplus5,sfp-sfpplus6,sfp-sfpplus7,sfp-sfpplus8,sfp-sfpplus9,sfp-sfp\
    plus10,sfp-sfpplus11,sfp-sfpplus12,sfp-sfpplus13,sfp-sfpplus14,sfp-sfpplus\
    15,sfp-sfpplus16" vlan-ids=6
add bridge=vbridge0 tagged="sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus\
    4,sfp-sfpplus5,sfp-sfpplus6,sfp-sfpplus7,sfp-sfpplus8,sfp-sfpplus9,sfp-sfp\
    plus10,sfp-sfpplus11,sfp-sfpplus12,sfp-sfpplus13,sfp-sfpplus14,sfp-sfpplus\
    15,sfp-sfpplus16" vlan-ids=7
add bridge=vbridge0 tagged="sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus\
    4,sfp-sfpplus5,sfp-sfpplus6,sfp-sfpplus7,sfp-sfpplus8,sfp-sfpplus9,sfp-sfp\
    plus10,sfp-sfpplus11,sfp-sfpplus12,sfp-sfpplus13,sfp-sfpplus14,sfp-sfpplus\
    15,sfp-sfpplus16" vlan-ids=8
add bridge=vbridge0 untagged="sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfppl\
    us4,sfp-sfpplus5,sfp-sfpplus6,sfp-sfpplus7,sfp-sfpplus8,sfp-sfpplus9,sfp-s\
    fpplus10,sfp-sfpplus11,sfp-sfpplus12,sfp-sfpplus13,sfp-sfpplus14,sfp-sfppl\
    us15,sfp-sfpplus16,vbridge0,ether1" vlan-ids=1
/interface list member
add interface=ether1 list=WAN
add interface=sfp-sfpplus1 list=LAN
add interface=sfp-sfpplus2 list=LAN
add interface=sfp-sfpplus3 list=LAN
add interface=sfp-sfpplus4 list=LAN
add interface=sfp-sfpplus5 list=LAN
add interface=sfp-sfpplus6 list=LAN
add interface=sfp-sfpplus7 list=LAN
add interface=sfp-sfpplus8 list=LAN
add interface=sfp-sfpplus9 list=LAN
add interface=sfp-sfpplus10 list=LAN
add interface=sfp-sfpplus11 list=LAN
add interface=sfp-sfpplus12 list=LAN
add interface=sfp-sfpplus13 list=LAN
add interface=sfp-sfpplus14 list=LAN
add interface=sfp-sfpplus15 list=LAN
add interface=sfp-sfpplus16 list=LAN
add interface=IDM list=VLANs
add interface=IVFT list=VLANs
add interface=IVM list=VLANs
add interface=IVP list=VLANs
add interface=IVR list=VLANs
add interface=IVS list=VLANs
add interface=SPM list=VLANs
add interface=SQN list=VLANs
add interface=XAN list=VLANs
/interface ovpn-server server
set auth=sha1,md5
/ip address
add address=12.0.0.4/8 comment=defconf interface=sfp-sfpplus1 network=\
    12.0.0.0
add address=10.0.0.128/24 interface=IDM network=10.0.0.0
add address=10.0.1.1/24 interface=IVM network=10.0.1.0
add address=10.0.2.1/24 interface=IVP network=10.0.2.0
add address=10.0.3.1/24 interface=IVR network=10.0.3.0
add address=10.0.4.1/24 interface=IVS network=10.0.4.0
add address=10.0.5.1/24 interface=IVFT network=10.0.5.0
add address=10.12.8.1/24 interface=SPM network=10.12.8.0
add address=10.12.7.1/24 interface=SQN network=10.12.7.0
add address=10.12.6.1/24 interface=XAN network=10.12.6.0
/ip dhcp-server network
add address=10.0.0.0/24 dns-server=10.0.0.4 domain=<REDACTED> gateway=\
    10.0.0.128 ntp-server=10.0.0.4
add address=10.0.1.0/24 dns-server=10.12.8.2 domain=<REDACTED> gateway=\
    10.0.1.1 ntp-server=10.12.8.2
add address=10.0.2.0/24 dns-server=10.12.8.2 domain=<REDACTED> gateway=\
    10.0.2.1 ntp-server=10.12.8.2
add address=10.0.3.0/24 dns-server=10.12.8.2 domain=<REDACTED> gateway=\
    10.0.3.1 ntp-server=10.12.8.2
add address=10.0.4.0/24 dns-server=10.12.8.2 domain=<REDACTED> gateway=\
    10.0.4.1 ntp-server=10.12.8.2
add address=10.0.5.0/24 dns-server=10.12.8.2 domain=<REDACTED> gateway=\
    10.0.5.1 ntp-server=10.12.8.2
add address=10.12.6.0/24 dns-server=1.1.1.1 domain=<REDACTED> gateway=\
    10.12.6.1
add address=10.12.7.0/24 dns-server=10.12.8.2 domain=<REDACTED> gateway=\
    10.12.7.1 ntp-server=10.12.8.2
add address=10.12.8.0/24 dns-server=10.12.8.2 domain=<REDACTED> gateway=\
    10.12.8.1 ntp-server=10.12.8.2
add address=12.0.0.0/8 dns-server=12.0.0.13 domain=<REDACTED> gateway=\
    12.0.0.1 ntp-server=12.0.0.13
/ip dns
set allow-remote-requests=yes servers=1.1.1.1
/ip firewall nat
add action=dst-nat chain=dstnat comment=SoftEtherVPN0 dst-port=443 \
    in-interface=vbridge0 protocol=tcp to-addresses=10.12.8.2 to-ports=443
add action=dst-nat chain=dstnat comment=SoftEtherVPN1 dst-port=992 \
    in-interface=vbridge0 protocol=tcp to-addresses=10.12.8.2 to-ports=992
add action=dst-nat chain=dstnat comment=SoftEtherVPN2 dst-port=26422 \
    in-interface=vbridge0 protocol=tcp to-addresses=10.12.8.2 to-ports=26422
add action=dst-nat chain=dstnat comment=SoftEtherVPN30 disabled=yes dst-port=\
    1194 in-interface=vbridge0 protocol=tcp to-addresses=10.12.8.2 to-ports=\
    1194
add action=dst-nat chain=dstnat comment=SoftEtherVPN31 dst-port=1194 \
    in-interface=vbridge0 protocol=udp to-addresses=10.12.8.2 to-ports=1194
add action=dst-nat chain=dstnat comment=SoftEtherVPN40 dst-port=500 \
    in-interface=vbridge0 protocol=udp to-addresses=10.12.8.2 to-ports=500
add action=dst-nat chain=dstnat comment=SoftEtherVPN41 dst-port=4500 \
    in-interface=vbridge0 protocol=udp to-addresses=10.12.8.2 to-ports=4500
add action=dst-nat chain=dstnat comment=SoftEtherMangt dst-port=5555 \
    in-interface=vbridge0 protocol=tcp to-addresses=10.12.8.2 to-ports=5555
add action=dst-nat chain=dstnat comment=hMailServSMTP dst-port=25 \
    in-interface=vbridge0 protocol=tcp to-addresses=10.12.8.2 to-ports=25
add action=dst-nat chain=dstnat comment=hMailServPOP3 dst-port=110 \
    in-interface=vbridge0 protocol=tcp to-addresses=10.12.8.2 to-ports=110
add action=dst-nat chain=dstnat comment=hMailServIMAP dst-port=143 \
    in-interface=vbridge0 protocol=tcp to-addresses=10.12.8.2 to-ports=143
add action=dst-nat chain=dstnat comment=hMailServSMTPS disabled=yes dst-port=\
    465 in-interface=vbridge0 protocol=tcp to-addresses=10.12.8.2 to-ports=\
    465
add action=dst-nat chain=dstnat comment=hMailServPOP3s disabled=yes dst-port=\
    110 in-interface=vbridge0 protocol=tcp to-addresses=10.12.8.2 to-ports=\
    110
add action=dst-nat chain=dstnat comment=hMailServIMAPS disabled=yes dst-port=\
    995 in-interface=vbridge0 protocol=tcp to-addresses=10.12.8.2 to-ports=\
    995
/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=12.0.0.1
/system clock
set time-zone-name=America/New_York
/system identity
set name=DC-10GbE-BridgeSwitch
/system ntp client
set enabled=yes
/system ntp client servers
add address=10.12.8.2
/system package update
set channel=long-term
/system routerboard settings
set boot-os=router-os
 
User avatar
Buckeye
Forum Veteran
Forum Veteran
Posts: 883
Joined: Tue Sep 11, 2018 2:03 am
Location: Ohio, USA

Re: Revising VLAN Setup (New Equipment)

Sat Apr 22, 2023 4:03 am

Here is my current config. As it is now, I'm only able to connect to the bridge itself. Can't reach any of the VLANs, so I think that I messed up my filter rules.
How (from what device, connected to what port) are you trying to connect?
 
TopHatProductions115
newbie
Topic Author
Posts: 30
Joined: Fri Dec 10, 2021 2:44 am

Re: Revising VLAN Setup (New Equipment)

Sat Apr 22, 2023 6:59 am

Here is my current config. As it is now, I'm only able to connect to the bridge itself. Can't reach any of the VLANs, so I think that I messed up my filter rules.
How (from what device, connected to what port) are you trying to connect?
Using a laptop with a physical Ethernet adapter currently. I also have a few RJ45-to-SFP+ transceivers, which is how I've been testing the SFP+ ports on the switch. Intel PROSet allows me to set the VLAN ID for the laptop.
 
User avatar
Buckeye
Forum Veteran
Forum Veteran
Posts: 883
Joined: Tue Sep 11, 2018 2:03 am
Location: Ohio, USA

Re: Revising VLAN Setup (New Equipment)

Sat Apr 22, 2023 8:15 am

What is the what is removing the vlan tags? I assume Intel PROSet when you set a vlan id uses tagged frames when sending and untags them when received?

Every port on the except sfp-sfpplus2 (which has pvid=51) has the default pvid=1. If you plug an RJ to SFP module into sfp-sfpplus2 does it get an address from the IDMpool?
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Revising VLAN Setup (New Equipment)

Sat Apr 22, 2023 3:01 pm

You have setup the SWITCH in the wrong format............... (one for routers and not for switches).
EDIT FIxed links!! Thanks Buckeye P. SWITCH CHIP VLANS
Switch Chip Features - https://help.mikrotik.com/docs/display/ ... p+Features
CRS1 / CRS2 -Switches - https://help.mikrotik.com/docs/pages/vi ... =103841835
CRS3 / CRS5 / CCR2 Switches - https://help.mikrotik.com/docs/display/ ... p+features
L3 Hardware Offloading - https://help.mikrotik.com/docs/display/ ... Offloading
Other Devices (older) Basic - https://help.mikrotik.com/docs/display/ ... switchchip

other refs:
https://www.youtube.com/watch?v=Rj9aPoyZOPo - Vlans using the Switch Chip
https://www.youtube.com/watch?v=rvQ6o4RfnoU - Configure Vlan on Switch Chip
https://www.youtube.com/watch?v=YLtGQAQ8iS0 - CRS3XX Step by Step
Last edited by anav on Sun Apr 23, 2023 2:00 am, edited 1 time in total.
 
TopHatProductions115
newbie
Topic Author
Posts: 30
Joined: Fri Dec 10, 2021 2:44 am

Re: Revising VLAN Setup (New Equipment)

Sat Apr 22, 2023 8:20 pm

What is the what is removing the vlan tags? I assume Intel PROSet when you set a vlan id uses tagged frames when sending and untags them when received?

Every port on the except sfp-sfpplus2 (which has pvid=51) has the default pvid=1. If you plug an RJ to SFP module into sfp-sfpplus2 does it get an address from the IDMpool?

  • I'm not sure if I understood the question, but I'll do my best to answer. I'm attempting to use Intel PROSet for setting the VLAN ID on my laptop (client device).
  • I've hadn't any success with DHCP from IDMpool. I'll be changing the config, so that VLAN ID 51 is the only VLAN available on sfp-sfpplus2 (also untagged), once I get home. It won't be used for anything else.

From what I've seen in Device Manager (client device), my network adapter supports [Packet Priority and VLAN]. I even have it enabled. However, there is no corresponding field for [VLAN ID] present. That prevents me from directly setting the desired VLAN ID easily. In the VMs running on my server, I can set desired VLAN ID without issue. I'm beginning to wonder if some of my troubles during testing are just my laptop. I can connect to the bridge (untagged) pretty easily, but no other VLANs.
Last edited by TopHatProductions115 on Sun Apr 23, 2023 4:41 am, edited 3 times in total.
 
User avatar
Buckeye
Forum Veteran
Forum Veteran
Posts: 883
Joined: Tue Sep 11, 2018 2:03 am
Location: Ohio, USA

Re: Revising VLAN Setup (New Equipment)

Sat Apr 22, 2023 11:59 pm

You have setup the SWITCH in the wrong format............... (one for routers and not for switches).
P. SWITCH CHIP VLANS
Switch Chip Features - https://help.mikrotik.com/docs/display/ ... p+Features
CRS1 / CRS2 -Switches - https://help.mikrotik.com/docs/pages/vi ... =103841835
CRS3 / CRS5 / CCR2 Switches - https://help.mikrotik.com/docs/display/ ... p+features <-------
L3 Hardware Offloading - https://help.mikrotik.com/docs/display/ ... Offloading
Other Devices (older) Basic - https://help.mikrotik.com/docs/display/ ... switchchip
@anav These links do not work as is. My guess is that you copy/pasted without first going into edit mode before copying.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Revising VLAN Setup (New Equipment)

Sun Apr 23, 2023 2:00 am

Thanks fixed here...... and above.......

P. SWITCH CHIP VLANS
Switch Chip Features - https://help.mikrotik.com/docs/display/ ... p+Features
CRS1 / CRS2 -Switches - https://help.mikrotik.com/docs/pages/vi ... =103841835
CRS3 / CRS5 / CCR2 Switches - https://help.mikrotik.com/docs/display/ ... p+features
L3 Hardware Offloading - https://help.mikrotik.com/docs/display/ ... Offloading
Other Devices (older) Basic - https://help.mikrotik.com/docs/display/ ... switchchip

other refs:
https://www.youtube.com/watch?v=Rj9aPoyZOPo - Vlans using the Switch Chip
https://www.youtube.com/watch?v=rvQ6o4RfnoU - Configure Vlan on Switch Chip
https://www.youtube.com/watch?v=YLtGQAQ8iS0 - CRS3XX Step by Step
 
TopHatProductions115
newbie
Topic Author
Posts: 30
Joined: Fri Dec 10, 2021 2:44 am

Re: Revising VLAN Setup (New Equipment)

Sun Apr 23, 2023 3:57 am

Thanks fixed here...... and above.......

P. SWITCH CHIP VLANS
Switch Chip Features - https://help.mikrotik.com/docs/display/ ... p+Features
CRS1 / CRS2 -Switches - https://help.mikrotik.com/docs/pages/vi ... =103841835
CRS3 / CRS5 / CCR2 Switches - https://help.mikrotik.com/docs/display/ ... p+features
L3 Hardware Offloading - https://help.mikrotik.com/docs/display/ ... Offloading
Other Devices (older) Basic - https://help.mikrotik.com/docs/display/ ... switchchip

other refs:
https://www.youtube.com/watch?v=Rj9aPoyZOPo - Vlans using the Switch Chip
https://www.youtube.com/watch?v=rvQ6o4RfnoU - Configure Vlan on Switch Chip
https://www.youtube.com/watch?v=YLtGQAQ8iS0 - CRS3XX Step by Step
I'll have to (re-)review those in a bit. I know I've red at least the first, third, and fifth wiki links before. Also checked my YouTube watch history. I've viewed most of the third YouTube link, so I'll re-watch that one as well.

Going off the first sentence from the previous version of your reply ("one for routers and not for switches"), I checked the wiki again and found the (pair of) switch chips used in the CCR2004-16G-2S+: 2x 88E6191X .

Unfortunately, I have no choice but to do my initial testing on the CRS317 first. The CCR2004 is currently in-use in my rack. Throwing untested configs on it would offline my entire network. So, I have to test everything on a device that isn't in the rack yet. I don't know if I've mentioned this already, but I'll split the config (once it's working) so that the router portion is on the CCR2004 and the switch portion stays with the CRS317.

EDIT: Found where I previously mentioned the reason(s) for my testing solely on the switch.

Who is online

Users browsing this forum: No registered users and 33 guests