Community discussions

MikroTik App
 
elexx
just joined
Topic Author
Posts: 2
Joined: Wed May 05, 2021 2:43 pm

VLANs are not switched between trunk ports?

Sat Jan 08, 2022 11:36 am

Hello!

The idea
The setup is heavily based on pcunite's guide to VLANs viewtopic.php?t=143620 with added support for CAPsMAN in local forwarding mode, the idea being CAPsMAN uses the BASE_VLAN (99) for configuration and the actual VLANs for user-wifi-data.

RB3011 (called Main)
Main-20220108-0014.rsc
Working as router between the VLANs and WAN. Connected to WAN (ether1), trunks (ether6 and ether9), accessport vlan10 (ether10)

RB952Ui (called EG)
EG-20220108-0014.rsc
Working as accesspoint+switch: connected to trunk (ether1 -> Main-ether6), accessports vlan10 (ether 2-5)

RBD52G (called DG)
DG-20220108-0014.rsc
Basically the same as EG
Working as accesspoint+switch connected to trunk (ether1 -> Main-ether9), accessports vlan10 (ether 2-4), accessport vlan 99 (ether5 - this is just for debugging, once everything works this will be vlan 10 too)

Problem
My problem is: When connected to WIFIintern (vlan 10) or EG/DG accessport for vlan10, I cannot reach Main-ether10.
Also, if I'm connected to my vlan99 debugging port (DG-ether5), I can only reach DG and Main via Winbox/Web, but not EG.

What I tried so far
As you can see, there is currently a rather strange and unexpected firewall rule in the forward chain: "add action=accept chain=forward comment="WHY\?!" in-interface=BR1". Once I added this rule I was able to get both problems resolved, BUT this also activated VLAN<->VLAN routing, which I don't want. Once the rule is disabled I can only reach "1 hop" basically, but it looks like Main is not switching between the 2 Main-trunk ports (Main-ether6/9) or between the trunks and the accessport (Main-ether10)

I also noticed a dynamically added entry in /interface bridge vlan print (on all 3 devices, output below is from Main, entry #4), which I don't understand. Where does this come from? Is this the culprit?
[admin@Main] > /interface bridge vlan print 
Flags: X - disabled, D - dynamic 
 #   BRIDGE                      VLAN-IDS  CURRENT-TAGGED                      CURRENT-UNTAGGED                     
 0   BR1                         10        BR1                                 ether10                              
                                           ether6                             
                                           ether9                             
 1   BR1                         20        BR1                                
                                           ether6                             
                                           ether9                             
 2   BR1                         30        BR1                                
                                           ether6                             
                                           ether9                             
 3   BR1                         99        BR1                                
                                           ether6                             
                                           ether9                             
 4 D BR1                         1                                             BR1                   

I'm stuck and would really appreciate your help!
elexx
You do not have the required permissions to view the files attached to this post.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: VLANs are not switched between trunk ports?  [SOLVED]

Thu Jan 13, 2022 4:53 am

You most likely don't want use-ip-firewall=yes use-ip-firewall-for-vlan=yes on bridge. That's for advanced use only and can produce very unexpected results otherwise. Like what you're seeing.
 
elexx
just joined
Topic Author
Posts: 2
Joined: Wed May 05, 2021 2:43 pm

Re: VLANs are not switched between trunk ports?

Thu Jan 13, 2022 8:47 am

Wow, that was easy! Setting those 2 to no fixed the problem. Thank you very very much!

Who is online

Users browsing this forum: anav, Bing [Bot], Google [Bot] and 63 guests