Community discussions

MikroTik App
 
jmeavric
just joined
Topic Author
Posts: 11
Joined: Thu Oct 22, 2020 8:49 pm

CRS112 and problem with vlans

Sat Oct 09, 2021 11:12 am

Hi
I have simple configuration my network:


computer1 -> switch with taged ports ->CRS112-> BCS

computer is in vlan200 and have IP 10.10.5.2/24
BCS is in vlan30 and have UP 10.10.2.200

CRS112 have config:
vlans:
Flags: X - disabled, R - running
# NAME MTU ARP VLAN-ID INTERFACE
0 R vlan30_mon 1500 enabled 30 bridge_szkielet
1 R vlan200_prac 1500 enabled 200 bridge_szkielet
IP address
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
0 10.10.2.1/24 10.10.2.0 vlan30_mon
1 10.10.5.254/24 10.10.5.0 vlan200_prac

bridge ports
Flags: X - disabled, I - inactive, D - dynamic, H - hw-offload
# INTERFACE BRIDGE HW PVID PRIORITY PATH-COST INTERNAL-PATH-COST HORIZO
0 H 4_omni bridge_szkielet yes 1 0x80 10 10 non
1 H 5_rejestrator_GI_R01 bridge_szkielet yes 1 0x80 10 10 non

interface eth vlan
Flags: X - disabled, I - invalid, D - dynamic
# VLAN-ID PORTS SVL LEARN FLOOD INGRESS-MIRROR QOS-GROUP
0 30 switch1-cpu no yes no no none
4_omni
5_rejestrator_GI_R01
1 200 switch1-cpu no yes no no none
4_omni

interface ethernet switch egress-vlan-tag> print
Flags: X - disabled, I - invalid, D - dynamic
# VLAN-ID TAGGED-PORTS
0 200 switch1-cpu
4_omni
1 30 switch1-cpu
4_omni

/interface ethernet switch ingress-vlan-translation print
Flags: X - disabled, I - invalid, D - dynamic
0 ports=5_rejestrator_GI_R01 service-vlan-format=any customer-vlan-format=any customer-vid=0 new-customer-vid=30 pcp-propagation=no sa-learning=yes

and when i try to ping my BCS from 192.168.5.2 to 192.168.2.200 i have 1 ping ok and many lost. When i change device BCS to other computer it works ok. I change my BCS to other device BCS and this same problem - many ping lost.
When i change my vlans configuration to software then works ok but cpu 100%:(
What is wrong in my config? I bad configured my untage vlan30 ?
When i ping other device in vlan30 but plugin to other switch it works ok.
I thing that problem is in untag port BCS and routing.

Please someone help me my ideas has ends.
Last edited by jmeavric on Mon Oct 11, 2021 8:56 am, edited 1 time in total.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 8705
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: CRS112 and problem with vlans

Sat Oct 09, 2021 4:50 pm

Your network is a bit confusing, Wat is the switch in between the PC an the Mikrotik switch the CRS112.
What is a BCS???

please post any configurations for MT devices using this
/export hide-sensitive file=anynameyouwish
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
jmeavric
just joined
Topic Author
Posts: 11
Joined: Thu Oct 22, 2020 8:49 pm

Re: CRS112 and problem with vlans

Sat Oct 09, 2021 9:25 pm

switch between is RB 326
BCS = recorder CCTV

/interface bridge
add name=bridge1
add name=bridge_szkielet protocol-mode=none
/interface ethernet
set [ find default-name=ether4 ] name=4_omni poe-out=off
set [ find default-name=ether5 ] name=5_rejestrator_GI_R01 poe-out=off \
rx-flow-control=auto tx-flow-control=auto

/interface vlan
add interface=bridge_szkielet name=vlan30_mon vlan-id=30
add interface=bridge_szkielet name=vlan200_prac vlan-id=200
/interface ethernet switch
set drop-if-invalid-or-src-port-not-member-of-vlan-on-ports=\
5_rejestrator_GI_R01
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface bridge port
add bridge=bridge_szkielet interface=4_omni
add bridge=bridge_szkielet interface=5_rejestrator_GI_R01

/interface ethernet switch egress-vlan-tag

add tagged-ports=switch1-cpu,4_omni vlan-id=200
add tagged-ports=\
switch1-cpu,4_omni vlan-id=30
/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=30 ports=5_rejestrator_GI_R01
/interface ethernet switch vlan
add ports="switch1-cpu,4_omni,5_rejestrator_GI_R01" vlan-id=30
add ports=switch1-cpu,4_omni vlan-id=200
/ip address
add address=10.10.2.1/24 interface=vlan30_mon network=10.10.2.0
add address=10.10.5.254/24 interface=vlan200_prac network=10.10.5.0
/ip route
add distance=1 gateway=10.10.6.1
 
jmeavric
just joined
Topic Author
Posts: 11
Joined: Thu Oct 22, 2020 8:49 pm

Re: CRS112 and problem with vlans

Sun Oct 10, 2021 8:52 pm

Any ideas what is wrong in my config?
Mayby i bad untag ethernet port 5 or somthing wrong in routings?
Why when i connect computer all is fine and problem appire is when i plugin BCS CCTV?
It is strange that the problem appears with the hardware support of vlans (switch chip), when I configure everything about vlans in the / interface / bridge tab, everything works correctly only that the cpu is 100% with a traffic of about 100Mbit / s, so I suppose that I am doing something wrong in configuration / interface / ethernet / switch.
 
sindy
Forum Guru
Forum Guru
Posts: 7898
Joined: Mon Dec 04, 2017 9:19 pm

Re: CRS112 and problem with vlans

Sun Oct 10, 2021 9:10 pm

If you connect a Windows PC instead of the BCS and it works, the misconfiguration on the CRS 112 is in the egress direction.

The thing is that the network card drivers of Windows strip any VLAN tags received.

The CRS1xx/2xx manual is not really verbose regarding tag handling on egress, so maybe it is not sufficient that you do not list 5_rejestrator_GI_R01 in the tagged-ports list on the vlan-id=30 row under /interface ethernet switch egress-vlan-tag, and you also have to add a row to /interface ethernet switch egress-vlan-translation. But that's just a guess, I have no direct experience with the CRS1xx/2xx family.
Don't write novels, post /export hide-sensitive file=x. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
jmeavric
just joined
Topic Author
Posts: 11
Joined: Thu Oct 22, 2020 8:49 pm

Re: CRS112 and problem with vlans

Sun Oct 10, 2021 9:58 pm

I add to /interface ethernet switch egress-vlan-translation customer vid=0 and new customer vid=30 but still this same problem, ping works only from CRS112 or vlan30, not works from other network (routing).
 
sindy
Forum Guru
Forum Guru
Posts: 7898
Joined: Mon Dec 04, 2017 9:19 pm

Re: CRS112 and problem with vlans

Sun Oct 10, 2021 10:17 pm

In the egress direction, the rule has to be reverse - it must match on customer-vid=30 and assign new-customer-vid=0.
Don't write novels, post /export hide-sensitive file=x. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
jmeavric
just joined
Topic Author
Posts: 11
Joined: Thu Oct 22, 2020 8:49 pm

Re: CRS112 and problem with vlans

Sun Oct 10, 2021 10:44 pm

Yes i add revers and still this same priblem;(
 
sindy
Forum Guru
Forum Guru
Posts: 7898
Joined: Mon Dec 04, 2017 9:19 pm

Re: CRS112 and problem with vlans

Sun Oct 10, 2021 11:16 pm

I would say remove all the /interface ethernet switch config, and try the basic common configuration with bridge vlan filtering activated:

/interface bridge vlan
add bridge=bridge_szkielet vlan-ids=30 tagged=bridge_szkielet,4_omni
add bridge=bridge_szkielet vlan-ids=200 tagged=bridge_szkielet,4_omni

/interface bridge port
set [find interface=interface=5_rejestrator_GI_R01] pvid=30

/interface bridge set bridge_szkielet vlan-filtering=yes


The above should configure the switch chip silently as well, and the forwarding and tagging/untagging operations should still be done in hardware.

But if routing between the subnet in VLAN 30 and the subnet in VLAN 200 is done by the CPU of the CRS112, the high CPU load is caused by this, not by bridging in software. Your OP is a bit inconsistent - you wrote that the computer in VLAN 200 has IP 192.168.5.2/24 and the VCR in VLAN 30 has IP 192.168.2.200, but in the config export, the VLAN subinterfaces of bridge_szkielet have a 10.10. prefix instead of 192.168. If this is a half-done obfuscation, and the default gateway of the VCR is 10.10.2.1 (or 192.168.2.1) and the default gateway of the computer is 10.10.5.254 (or 192.168.5.254), this is the case. The CPU of this device is sufficient to route its own traffic, not the traffic of connected devices.
Don't write novels, post /export hide-sensitive file=x. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
jmeavric
just joined
Topic Author
Posts: 11
Joined: Thu Oct 22, 2020 8:49 pm

Re: CRS112 and problem with vlans

Mon Oct 11, 2021 10:13 am

Hi
Yes, correct subnets is: 10.10.2.0/24 for CTV and 10.10.5.0/24 for computers.
When i set vlans with bridge vlan filtering activated works ok but cpu = 100%.
Traffic is the same,which is why i think problem is in not use switch cpu.
Traffic between vlan30 and vlan200 is very small but i need sometimes connect to my BCS.
 
jmeavric
just joined
Topic Author
Posts: 11
Joined: Thu Oct 22, 2020 8:49 pm

Re: CRS112 and problem with vlans

Tue Oct 12, 2021 2:22 pm

Definitly problem is in CRS112 or in config CRS112.
I move IP 10.10.2.1 from CRS112 to other device CRS326 and there set IP 10.10.2.1 on vlan30 and change routing to subnet 10.10.2.0 on CRS326 it works fine.
CRS112 have problem with taged and untaged vlans and routing. Maybe i have bads in my config?
Any ideas?
 
sindy
Forum Guru
Forum Guru
Posts: 7898
Joined: Mon Dec 04, 2017 9:19 pm

Re: CRS112 and problem with vlans

Tue Oct 12, 2021 2:33 pm

Again - the hardware "offloading" on CRS 1xx is available only for L2 forwarding between ports in the same VLAN. If the CRS itself has to route between the subnets in the two VLANs, this is done by CPU, and the CPU in CRS1xx is weak, hence it reaches 100 % with relatively low traffic volume, much lower than the interface bandwidth.

So if you can route between the two subnets on another device that can see both subnets via a trunk, so that the CRS1xx would do what it has been designed for, you should have no CPU issues on it.
Don't write novels, post /export hide-sensitive file=x. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
jmeavric
just joined
Topic Author
Posts: 11
Joined: Thu Oct 22, 2020 8:49 pm

Re: CRS112 and problem with vlans

Tue Oct 12, 2021 3:44 pm

OK i solved this problem. Problem was in config bridge. I unset allow fast path and now its works great, i can login to 10.10.2.200 and cpu is max 40%.
Thanks for all answers.

Who is online

Users browsing this forum: Baidu [Spider], k6ccc, Semrush [Bot] and 17 guests