Community discussions

MUM Europe 2020
 
nmc
just joined
Topic Author
Posts: 4
Joined: Wed Jul 10, 2019 7:50 am

Getting trouble while creating VLANs and bonding interface between an RB3011 and CRS328

Sun Aug 04, 2019 12:38 am

Hi,

I'm trying to build a new network with VLAN and bonding and i'm having a lot of trouble getting it up and running.


I have a RB3011 as the main router, which has been working fine for the last 3 years. The current network setuped on this router is 10.50.0.1/24

I just bought a new CRS328-24P-4S+RM to use as my main switch.

I want to create 2 new VLAN where i will move all my machines to eventually. VLAN 100 (10.80.0.0/22) and VLAN 200 (10.80.4.0/22)
Also want a bonding interface between both the switch and router.

Here is a diagram of how i would like things plugued.
Blank Diagram.jpeg
I have tried this. Here is my current config:


RB3011

Code: Select all

# jul/28/2019 18:16:05 by RouterOS 6.45.1
# software id = LM13-4QY3
#
# model = RouterBOARD 3011UiAS
/interface bridge
add admin-mac=xx arp=proxy-arp auto-mac=no fast-forward=no \
name=bridge-local vlan-filtering=yes

/interface bonding
add mode=802.3ad name=router-switch slaves=\
ether4-slave-local,ether5-slave-local

/interface vlan
add interface=router-switch name=vlan-srv-100 vlan-id=100

/interface bridge port
add bridge=bridge-local interface=ether2-master-local
add bridge=bridge-local interface=ether3-slave-local
add bridge=bridge-local ingress-filtering=yes interface=router-switch

/interface bridge settings
set use-ip-firewall-for-vlan=yes

/interface bridge vlan
add bridge=bridge-local tagged=router-switch vlan-ids=100

/ip address
add address=10.13.37.1/16 comment="default configuration" interface=\
ether2-master-local network=10.13.0.0
add address=69.70.215.78/30 interface=ether1-internet network=69.70.215.76
add address=10.80.0.1/22 interface=vlan-srv-100 network=10.80.0.0

CRS328

Code: Select all

# jan/02/1970 00:30:35 by RouterOS 6.45.1
# software id = R141-ZR7S
#
# model = CRS328-24P-4S+
/interface bridge
add admin-mac=xx auto-mac=no comment=defconf name=bridge \
vlan-filtering=yes

/interface ethernet
set [ find default-name=ether2 ] mac-address=xx

/interface vlan
add interface=bridge name=vlan-srv-100 vlan-id=100

/interface bonding
add mode=802.3ad name=router-switch slaves=ether1,ether2

/interface wireless security-profiles

/interface bridge port
add bridge=bridge frame-types=admit-only-vlan-tagged ingress-filtering=yes \
interface=router-switch

/interface bridge vlan
add bridge=bridge tagged=bridge,router-switch vlan-ids=100

/ip address
add address=10.80.0.2/22 interface=vlan-srv-100 network=10.80.0.0

/ip route
add distance=1 dst-address=0.0.0.0/32 gateway=10.80.0.1

The bonding seems to work fine and i'm able to ping to 10.80.0.1 which is the adress of the router VLAN 100. However i cannot ping the switch or anything else on this network.

Anything i'm missing ? Let me know if you need more information.



Thank you.
You do not have the required permissions to view the files attached to this post.
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1796
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: Getting trouble while creating VLANs and bonding interface between an RB3011 and CRS328

Sun Aug 04, 2019 1:08 am

Hey

There is an extensive vlan how-to on this forum, have a look. (viewtopic.php?f=13&t=143620&hilit=vlan)

Some remarks:
* why need for proxy-arp on bridge?
* vlan-filtering=yes (on non-CRS3xx hardware) is in software, if you want it hardware, you'll need to do it through "switch" functions
* if only vlan should pass over bond, why make it part of bridge and then filter everything away? just keep it independent interface
* do you plan on using that "use-ip-firewall-for-vlan=yes"?
* in "/interface bridge vlan" bridge-local should also be in the tagged list of interfaces (like you did for crs config)

Added info: vlan howto + vlan-filtering clarification
Last edited by sebastia on Sun Aug 04, 2019 1:56 am, edited 1 time in total.
 
nmc
just joined
Topic Author
Posts: 4
Joined: Wed Jul 10, 2019 7:50 am

Re: Getting trouble while creating VLANs and bonding interface between an RB3011 and CRS328

Sun Aug 04, 2019 1:36 am

Thanks for the reply,

I forgot to mention that I tried to follow this guide : https://wiki.mikrotik.com/wiki/Manual:C ... with_Bonds
Can you link to the VLAN howto you mentioned ? Thanks.

* proxy-arp, I don't remember when and why I activated this, could it be because of VPN or mDNS ? should I remove it ?
* Ok that's what I tough, but that weren't mentioned in the how-to linked above. But i think the RB3011 cannot do VLAN over the bonding interface.
* I followed the how-to above, and it adds bond to the bridge if I understand it correctly.
* I plan on using rules in firewall to block some traffic between subnets, isn't it what this does ?
* OK I will try to add this in bridge vlan.
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1796
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: Getting trouble while creating VLANs and bonding interface between an RB3011 and CRS328

Sun Aug 04, 2019 2:07 am

* proxy-arp, I don't remember when and why I activated this, could it be because of VPN or mDNS ? should I remove it ?
* Ok that's what I tough, but that weren't mentioned in the how-to linked above. Will try a different config with this.
* I followed the how-to above, and it adds bond to the bridge if I understand it correctly.
* I plan on using rules in firewall to block some traffic between subnets, isn't it what this does ?
* OK I will try to add this in bridge vlan.
* proxy-arp will result in transmission of every packet through bridge. Could be useful for vpn, but for bridge??? I would remove / disable for time being, until specific usecase arrises.
* clarified that its in software for all non-CRS3xx hardware: you're fine on the switch, but not on router
* there is no bridging of bond on the router in the how-to. anyway you always have to evaluate such examples on what YOU need
* between subnets -> routing firewall, what you have now is bridge firewall = filtering of traffic within same subnet
 
nmc
just joined
Topic Author
Posts: 4
Joined: Wed Jul 10, 2019 7:50 am

Re: Getting trouble while creating VLANs and bonding interface between an RB3011 and CRS328

Sun Aug 04, 2019 3:51 am

Hey, i was able to make it work ! thank you. I'll do more testing tonight but at least i'm able to use vlan between a bonding interface with the switch and router.

However i kept software vlan on the router because i don't think the rb3011 support this feature on a bonding interface. See: https://wiki.mikrotik.com/wiki/Manual:I ... Offloading

Thanks again for your help !

Who is online

Users browsing this forum: kivimart, operatortt and 59 guests