Community discussions

MikroTik App
 
jbutterman
just joined
Topic Author
Posts: 4
Joined: Mon Nov 15, 2021 6:59 pm

trunk vlans across wireless bridge

Mon Nov 15, 2021 7:21 pm

I have a simple setup, 2 Routerboards running 6.45.8. Ethernet 1 connects to the lan on each side, and the wireless interface extends the network between 2 switches. Ether 1 & wireless interface are bridged. Cisco switches configured for trunking on the connecting port with a native vlan 8.

I just want the two switches to form a trunk across the wireless connection that is bridged together. Making the wireless connection is no problem. Getting the trunk to work across it has been a challenge.

vlan 8 is native vlan for trunk, so would like this to be the untagged bridged interface IP
vlan 5,6,7,10,44 should be tagged across the bridge/wireless link to the other switch

tried many combinations to accomplish this simple task, but cannot make it work. The config is rather simple and currently looks like this on both devices:


/interface bridge
add name=bridge1 protocol-mode=none

/interface wireless
set [ find default-name=wlan1 ] ssid=MikroTik

/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" management-protection=\
allowed mode=dynamic-keys name=5GBH supplicant-identity="" \
wpa2-pre-shared-key=xxxxxxxxxx

/interface wireless
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
20/40/80mhz-Ceee country="united states3" disabled=no frequency=auto \
frequency-mode=manual-txpower mode=ap-bridge name=xx-xxx-5G-AP \
radio-name=xx-xxx-5G-AP security-profile=5GBH ssid=A3Prod5GBH vlan-mode=\
use-tag wireless-protocol=802.11

/interface wireless nstreme
set xx-xxx-5G-AP enable-nstreme=yes

/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=xx-xxx-5G-AP

/interface bridge vlan
add bridge=bridge1 tagged=ether1,xx-xxx-5G-AP vlan-ids=7
add bridge=bridge1 tagged=ether1,xx-xxx-5G-AP vlan-ids=44
add bridge=bridge1 tagged=ether1,xx-xxx-5G-AP vlan-ids=5
add bridge=bridge1 tagged=ether1,xx-xxx-5G-AP vlan-ids=6
add bridge=bridge1 tagged=ether1,xx-xxx-5G-AP vlan-ids=10
add bridge=bridge1 untagged=ether1,xx-xxx-5G-AP vlan-ids=8

/ip address
add address=x.x.x.x/24 interface=bridge1 network=x.x.x.x

/ip route
add distance=1 gateway=x.x.x.x


What am I missing to allow trunk to establish across wireless bridge?
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: trunk vlans across wireless bridge

Mon Nov 15, 2021 7:58 pm

Description is too vague/confusing, draw a network diagram.
For MT devices provide config
/export hide-sensitive file=anynameyouwish
 
jbutterman
just joined
Topic Author
Posts: 4
Joined: Mon Nov 15, 2021 6:59 pm

Re: trunk vlans across wireless bridge

Mon Nov 15, 2021 8:18 pm

not sure why you say it's too vague

I'm simply trying to extend the network between 2 switches using 2 radios in bridge mode, and it needs to be a layer 2 trunk

diagram attached.
You do not have the required permissions to view the files attached to this post.
 
jbutterman
just joined
Topic Author
Posts: 4
Joined: Mon Nov 15, 2021 6:59 pm

Re: trunk vlans across wireless bridge

Mon Nov 15, 2021 8:19 pm

also full config is already included in original post, there's not much too it.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: trunk vlans across wireless bridge

Mon Nov 15, 2021 8:21 pm

If you want the section /interface bridge vlan to have any effect what so ever, you need to /interface bridge set [ find name=bridge1 ] vlan-filtering=yes. If management interface (bridge1 interface) should be member of anything else than VID=1, then you should set appropriate pvid, e.g. /interface bridge set [ find name=bridge1 ] pvid=8.
 
jbutterman
just joined
Topic Author
Posts: 4
Joined: Mon Nov 15, 2021 6:59 pm

Re: trunk vlans across wireless bridge

Mon Nov 15, 2021 8:38 pm

ok, so if I turn on filtering then it should work, my config looks ok otherwise?

I'm pretty sure I tried that already, but can try again


from the switches perspective, vlan 8 is untagged/native vlan
the mikrotik bridge interface has an IP that corresponds with the subnet of vlan 8
if vlan 8 is untagged towards the mikrotik, would I still need to change the PVID to 8?
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: trunk vlans across wireless bridge

Mon Nov 15, 2021 11:49 pm

Good thing, I only support native vlan1 and not for carrying any data either. ;-)
My contract does not cover native vlan8.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: trunk vlans across wireless bridge

Tue Nov 16, 2021 10:30 am

from the switches perspective, vlan 8 is untagged/native vlan
the mikrotik bridge interface has an IP that corresponds with the subnet of vlan 8
if vlan 8 is untagged towards the mikrotik, would I still need to change the PVID to 8?

MT doesn't know that untagged frames, entering through ether1 (and wlan1) are considered as "native VLAN 8" on other devices in LAN, those frames are simply untagged. You're tagging them on ingress (PVID setting on corresponding bridge ports under /interface bridge port) and untagging on egress (untagged members of corresponding VLAN under /interface bridge vlan). But as you tag frames on ingress through e.g. ether1, those frames are tagged inside bridge (the switch-like personality) and, if PVID is not set on bridge interface, they are expected to be tagged on bridge interface (read more about bridge personalities) ... Only that bridge interface in your case is not member of VID 8 in any way (neither untagged nor tagged), bridge interface has implicit default setting of pvid=1 which means that default mikrotik configuration has VLAN ID 1 as "native". If you want to have VID=8 native, you have to reconfigure ROS in 3 places.

To better understand how VLANs are done in ROS, read through this excellent tutorial.

As I wrote: as long as bridge doesn't have vlan-filtering=yes, it won't do tagging/untagging and untagged frames from switches will indeed get to bridge interface untagged and things seem to work fine. If you enable vlan-filtering, then you'll loose management access to device (you'll get upset and consider things not working and revert the setting). Unless you fix the bridge interface vlan settings.

Who is online

Users browsing this forum: Ponytred and 20 guests