Community discussions

MikroTik App
 
geekdadSTC
just joined
Topic Author
Posts: 5
Joined: Fri May 15, 2020 10:03 pm

RB2011UiAS-IN VLANs on second switch bank

Fri May 15, 2020 10:30 pm

I already have a hEX up and running with no issues and inherited an RB201 with the second set of switch ports (Ether 6 to 10). I'm trying to configure each port to be a member of a different VLAN. IE: ether6 = VLAN10, ether7=VLAN15, ether8=VLAN20, etc. Each port being an access port. The RB201 has DHCP set up currently the same as my hEX but the new ports aren't getting IP Addresses. I also noticed they don't seem to be bridging to the first switch. I tried assigning a static address to a laptop on one of the ports and no luck.

I've tried setting up a second bridge and putting the second switch on that bridge but no luck there either.

I'm obviously missing something here. I use Winbox and just can't seem to figure out the VLAN process for a RouterBoard with two switches..Ports 1 WAN, Ports 2-4 VLAN1, Port 5 Trunk with VLAN's 10-40. Then Ports 6 to 10 assigned as untagged members of individual VLAN's and getting IP addressing formthe existing DHCP server I have set up.

I see several examples of adding untagged VLANs but not on a dual switch RouterBoard. I did dump the configuration and have been trying to match it up but coming up dry.
You do not have the required permissions to view the files attached to this post.
 
anav
Forum Guru
Forum Guru
Posts: 4261
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: RB2011UiAS-IN VLANs on second switch bank

Sat May 16, 2020 3:07 am

All you need to do is on teh RB2011 is create a bridge,
Add the vlan interfaces to the bridge
Setup the bridge ports and the vlan bridge interfaces (to reflect access ports)
enable vlan filtering
Note: No need for DHCP on the RB2011

All you need is one trunk port assigned coming from the hex (also part of the bridge, and bridgeport-vlan bridge interface setup).
On the hex, the port going to the 2011 is also a trunk port..........
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
tdw
Member
Member
Posts: 367
Joined: Sat May 05, 2018 11:55 am

Re: RB2011UiAS-IN VLANs on second switch bank

Sat May 16, 2020 1:43 pm

You also have a mix of bridge and switch VLAN configuration. Either use a VLAN-aware bridge OR hardware switching mixing them can have unintentional side-effects, currently the /interface bridge port PVID settings are ignored and /interface bridge vlan does nothing.

Unless you need wirespeed switching on ether1-5 a single VLAN-aware bridge is the best option https://wiki.mikrotik.com/wiki/Manual:I ... _Filtering

If you do require hardware switching https://wiki.mikrotik.com/wiki/Manual:S ... p_Examples - note that the 8327 switch chip for ether1-5 and 8227 for ether6-10 are different, the 8227 ports require vlan-header setting appropriately and do not support hybrid operation. Also be aware the two switch chips communicate via the CPU which has issues https://wiki.mikrotik.com/wiki/Manual:L ... itch_chips

If you are using this device effectively as a managed switch you only need a single IP address attached to one VLAN in order to access it.
 
anav
Forum Guru
Forum Guru
Posts: 4261
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: RB2011UiAS-IN VLANs on second switch bank

Sat May 16, 2020 2:44 pm

The best reference for vlan bridge filtering is
viewtopic.php?f=13&t=143620
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
geekdadSTC
just joined
Topic Author
Posts: 5
Joined: Fri May 15, 2020 10:03 pm

Re: RB2011UiAS-IN VLANs on second switch bank

Sun May 17, 2020 8:46 pm

I'll take another look at the config.I thought you needed to bridge the two switches within the RB2011.

I'd want to use ether1 or sfp1 depending on what my situation is. This is intended as a backup if the hEX fails. Just swap it out.

I want to be able to use the sfp port as I do have another switch (ProCurve 3400cl) that also has sfp ports, One of which is trunk port that I can use to connect to the RB2011.
 
geekdadSTC
just joined
Topic Author
Posts: 5
Joined: Fri May 15, 2020 10:03 pm

Re: RB2011UiAS-IN VLANs on second switch bank

Tue May 19, 2020 9:02 pm

I gave up on the RB2011. I just defaulted it and kept it as a simple router with no VLAN's. I just couldn't get the second switch to work right.

I'm going to try this with a CRS125-24G-15-IN. I see it handles VLAN's differently from looking at Winbox. I have a simple router config running and will start with that as a baseline.
 
tdw
Member
Member
Posts: 367
Joined: Sat May 05, 2018 11:55 am

Re: RB2011UiAS-IN VLANs on second switch bank

Tue May 19, 2020 9:31 pm

If you do not need wire-speed switching between ports the RB2011 is fine with a VLAN-aware bridge and no hardware offload.

The CRS1xx/2xx switching is very different to the RB devices, the wiki examples are a good starting point. Normally I would say that the CRS devices are intended to be L2 switches with some L3 functions as they performance-limited by the CPU, but the CRS-24G-1S-IN and RB2011UiAS-IN have exactly the same CPU, clock rate and RAM.
 
geekdadSTC
just joined
Topic Author
Posts: 5
Joined: Fri May 15, 2020 10:03 pm

Re: RB2011UiAS-IN VLANs on second switch bank

Tue May 19, 2020 10:02 pm

Thanks for the advice. This is just for lab testing of various network scenarios. No heavy lifting.

What's so confusing is there are so many places where VLAN configurations are found. It's difficult to figure out where the correct parameters are set. Bridge or Switch?
 
tdw
Member
Member
Posts: 367
Joined: Sat May 05, 2018 11:55 am

Re: RB2011UiAS-IN VLANs on second switch bank

Wed May 20, 2020 2:03 am

Yes, you do get the impression that Mikrotik just created a UI exposing a load of switch chip registers and left people to figure it out. Originally switch configuration was completely separate from bridges, but they have gradually been merging so the bridge becomes a placeholder for configuring and monitoring the hardware switched ports. The CRS3xx hardware acceleration of ports on a VLAN-aware bridge is pretty seamless, but does have a few oddities.

That leaves three groups of devices:
RB devices with Mediatek/Realtek switch chips - no hardware VLAN switching (could possibly be implemented if Mikrotik wished to).
RB devices with Atheros switch chips - VLAN-aware bridge or non-VLAN-aware bridge + hardware VLAN switching (limitations on devices with multiple switch chips).
CRS1xx/2xx - non-VLAN-aware bridge + hardware VLAN switching but completely differently to Atheros switch chips.

There is quite a lot going on behind the UI / CLI as typically the CPU has a single ethernet interface to the switch chip, and the etherX interfaces visible to the user are actually multiplexed with port-based VLANs to the physical ethernet ports. If you have a mix, e.g. ether1, ether2 separate and ether 3-5 switched together then there can be strange interactions between the port-based and 802.1Q VLANs.
 
geekdadSTC
just joined
Topic Author
Posts: 5
Joined: Fri May 15, 2020 10:03 pm

Re: RB2011UiAS-IN VLANs on second switch bank

Fri May 22, 2020 12:35 am

I moved to the CRS125125-24G-IN and used the example for router+switch found here: viewtopic.php?f=13&t=143620

I tried to match as closely as possible but the syntax is different from the CRS125. I ended up using Terminal Mode as could not translate the config file to the equivalent pages in Winbox.

I was able to at least get the DHCP Server to stop indicating invalid though (It helps when you remember to set the network for the server correctly).

I created just a single VLAN. Untagged on port 17 and tagged on the trunk port. I still can't get it to hand out an address to a device on port 17. The remaining ports on the basic 192.168.88.1 subnet are fine.

I have a feeling It's something very simple...
You do not have the required permissions to view the files attached to this post.
 
tdw
Member
Member
Posts: 367
Joined: Sat May 05, 2018 11:55 am

Re: RB2011UiAS-IN VLANs on second switch bank

Sat May 23, 2020 5:27 pm

The VLAN interfaces giving the CPU to access VLANs in /interface vlan must be attached to the parent interface not members, so bridge not ether17.

That setup will work, but will not use hardware switching.

Who is online

Users browsing this forum: roe1974 and 34 guests