Community discussions

MUM Europe 2020
 
greenhill
just joined
Topic Author
Posts: 7
Joined: Mon Mar 12, 2018 11:10 pm

Cant get vlans to work [SOLVED]

Sun Mar 18, 2018 9:25 pm

Hello,

Im new to routeros, recently bought a CRS109 to try it out but im having problems getting vlans to work on mikrotik. At home im running a pfsense router on hyperv where I have set up an interface on pfsense with vlan tag 20 and on hyper v I configured an external virtual switch with vlan tag 20 (also on the hyperv machine). Pfsense is also my DNS and DHCP server.

I followed some videos on vlans with routeros on youtube but im not able to get my pfsense to connect to mikrotik using a vlan with tag 20. I hope someone here can help me out with my problem. The goal of this vlan is to be able to seperate my internal network with a new secondary network using a vlan while still being able to use pfsense for dhcp, dns and firewalling. If I can get this working I also plan to use this for a guest wifi.

Im uncertain if the configuration/steps I used are missing something or it might be something with my pfsense.. all other vlans on my pfsense working ..

I made a small diagram of my network:
Image

On the mikrotik I have set up a vlan20:
Image

Next I set up a bridge:
Image

Added the bridge to the ports list:
Image

Configured an address in the IP addresses list:
Image

Also set up a static route in the route table:
Image

My current interface list:
Image

Im not sure what im missing or did wrong, is there anyone who can give me some pointers ?
Thanks in advance!
Last edited by greenhill on Fri Mar 23, 2018 9:41 pm, edited 1 time in total.
 
skuykend
Member Candidate
Member Candidate
Posts: 270
Joined: Tue Oct 06, 2015 7:28 am

Re: Cant get vlans to work

Sun Mar 18, 2018 10:46 pm

You're going to want only the one bridge, don't add a second. The vlan20 interface should use the main bridge.

Then use the switch menu to set up which ports are tagged and untagged and what vlans are allowed.

https://wiki.mikrotik.com/wiki/Manual:S ... p_Features
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 1554
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Randburg
Contact:

Re: Cant get vlans to work

Mon Mar 19, 2018 12:50 am

Not sure how you created the vlan on the virtual switch. As far as my knowledge goes, you can't create a trunk port vie GUI in hyper-v, you must do it via powershell.
There are instructions on how to do this, just google for it
MTCNA, MTCTCE, MTCRE & MTCINE
 
User avatar
az1984
newbie
Posts: 28
Joined: Thu Sep 14, 2017 3:58 pm
Location: Germany

Re: Cant get vlans to work

Mon Mar 19, 2018 9:14 am

I found few things which you have to check:

1.) Have you enabled "VLAN filtering" on the VLAN-tab in the bridge settings?

2.) You have to add the IP-address to the VLAN20-interface, not to the bridge. Maybe I will work the way you did if you have only one VLAN on your bridge, but I would assign the IPs allways to the VLAN-interface.

3.) As skuykend said, you have to check which physical ports are on your bridge. For now, you don't have any physical ports within your VLAN-Bridge. So, add at least one port to it, or add the VLAN20-interface to your default-bridge.

Btw.: I think naming your Bridge BR-VLAN20 is a bit unlucky/uncorrect: Think of this bridge as a "VLAN-Trunk-bridge" on which you can add several VLANs and not a bridge for only VLAN20.

If you work on newer RouterOS-version you have a VLANs-tab in the bridge window. There you can see and configure, which VLANs are tagged/untagged on which ports or interfaces.
 
greenhill
just joined
Topic Author
Posts: 7
Joined: Mon Mar 12, 2018 11:10 pm

Re: Cant get vlans to work

Tue Mar 20, 2018 9:40 am

Thanks for the replies and suggestions. The vlan filtering on the bridge wasnt enabled, I enabled it and left it to default pvid 1. Also removed the vlan bridge and instead connected it to the port my hyperv server is connected to, this port also still has pvid1. Moved the IP for the vlan to the vlan itself instead of the vlan bridge. Unfortunately it is not working yet.

I reset the configuration and started over a few times, I opened a ping on my pfsense box but im not yet able to ping the ip address set on the vlan on the switch. The address is set to 192.168.20.253/24 with 192.168.20.0 as network. Is this correct ? Or should it be just 192.168.20.253/192.168.20.253 ?

Also I noticed on the VLANs tab in the bridge menu the ports are not being tagged ?
If I set pvid on ether4 to 20 my connection drops so it is doing something, how can I set up a trunk on this port so my connection wont drop ?

VLANs tab on bridge, no tags?
Image

Interface tab for the bridge
Image

Switch/vlan menu:
Image

Thanks again!
 
User avatar
az1984
newbie
Posts: 28
Joined: Thu Sep 14, 2017 3:58 pm
Location: Germany

Re: Cant get vlans to work

Tue Mar 20, 2018 11:03 am

If you set PVID 20 on ether4 this will mean, you set VLAN 20 as untagged to that port - and I don't think that's what you want.
You want to set VLAN1 as untagged and VLAN20 as tagged on ether4 (or any other ports).

So you gonna leave the PVID on ether4 at "1" (again, thats the untagged VLAN). To add VLAN20 tagged to ether4, you go to the Bridge - VLANs tab and add an entry:
VLAN ID = 20
tagged ports = ether4 (or which port you want, you could also use your default bridge)
 
User avatar
nichky
Long time Member
Long time Member
Posts: 546
Joined: Tue Jun 23, 2015 2:35 pm

Re: Cant get vlans to work

Tue Mar 20, 2018 11:08 am

maybe the new version looks kind of different, i will recommend to follow this presentation.

https://mum.mikrotik.com/presentations/ ... omeini.pdf
Nikola Suminoski
MikroTik Consultan
MTCRE l MTCWE

!) Safe Mode is your friend;
 
greenhill
just joined
Topic Author
Posts: 7
Joined: Mon Mar 12, 2018 11:10 pm

[SOLVED] Re: Cant get vlans to work

Fri Mar 23, 2018 9:39 pm

Hello,

I finally got it working :D very nice.
The solution to the problem I had, in case anyone else struggles with the same problem of not getting vlans to talk from mikrotik to pfsense over hyperv, was I got my trunk set up wrong on hyperv and also the VLAN in pfsense itself. I set up the vlan in pfsense as a seperate interface with a VLAN which I should have set up on the LAN interface directly, creating a trunk in pfsense I guess.

A print of my interface assignments now in pfsense:

Image

I also had to set up a trunk with an allowed vlan list on hyperv on the LAN interface allowing tagged traffic in using powershell, I had previously set this on an individual interface connected to an individual internal hyper v switch instead of the LAN interface in the pfsense hyperv machine:

Get-VMNetworkAdapter -VMName "VMNAME" | Where-Object {$_.MacAddress -eq "MAC#ADDR"} | Set-VMNetworkAdapterVlan -Trunk -AllowedVlanIdList "1-25" -NativeVlanId 1

Next mistake was setting up the VLAN in mikrotik on the guest wifi interface 3g, my hyperv server is connected on ether4 on the mikrotik switch so I put it there :

Image

Also set the PVID on the VLAN20 to 20 in the ports menu

Image

Added VLAN20 to the VLANs menu and tagged the 3g interface with vlan20 and ether4 on 1 as suggested by az1984

Image

I set the IP address on the vlan interface

Image

And also the suggestions above, enabling vlan filtering on the bridge. Thanks again for the suggestions/help.

Who is online

Users browsing this forum: No registered users and 40 guests