Community discussions

MikroTik App
 
miksu103
just joined
Topic Author
Posts: 10
Joined: Fri Jan 28, 2022 10:01 pm

RB5009 Bridge VLAN access port egress packets tagged

Tue Feb 01, 2022 9:34 pm

Hi!

While trying to configure my RB5009 I found a reproduceable bug that I could not find existing mentions of.
Original discussion in: viewtopic.php?t=182719
I have seen this issue on 7.1.1, 7.2rc1 and 7.2rc3

Configuration steps:
I used the default configuration as a base.

#Change to my subnet and disable DHCP
/ip/address/
add address=10.10.10.4/24 network=10.10.10.0 interface=bridge
remove numbers=0
/ip/dhcp-server/disable defconf

#Add VLANs and assign to bridge
/interface/vlan/
add interface=bridge name=VLAN10_LAN vlan-id=10
add interface=bridge name=VLAN20_WAN vlan-id=20

#Set bridge ports
/interface/bridge/port/
set bridge=bridge interface=ether2 pvid=20 numbers=0
set bridge=bridge interface=ether8 pvid=10 numbers=6

#Set bridge VLANs
/interface/bridge/vlan/
add bridge=bridge tagged=bridge untagged=ether2 vlan-ids=20
add bridge=bridge tagged=bridge untagged=ether8 vlan-ids=10

#Set interface list WAN to VLAN20_WAN
/interface/list/
#This I messed up with command line but fixed in WinBox
add interface=VLAN20_WAN list=WAN

#Change WAN DHCP client from ether1 to VLAN20_WAN
/ip/dhcp-client/
set ether1 interface=VLAN20_WAN

#Enable VLAN filtering on the bridge
/interface/bridge/set bridge vlan-filtering=yes

#Enabled DHCP server for VLAN10_LAN to make packet capture easier

#Configure packet sniffer
/tool/sniffer/
set filter-interface=ether2 streaming-enabled=yes streaming-server=10.10.88.254
start

#Ping public IP and capture in Wireshark
/tool/ping 8.8.8.8

Problem verified by enabling Packet Sniffer and looking at eth2 packets in Wireshark.
Egress packets are VLAN tagged even though Bridge VLANs page shows ether2 as "Currently Untagged".

wireshark egress packet.jpg

Bridge VLANs page shows ether2 as "Currently Untagged"

bridge interface port and vlan.jpg

Packets are immediately sent correctly without VLAN tag if I disable hardware offloading.
VLAN tag comes back if I re-enable hardware offloading on ether2

/interface/bridge/port/
set [find interface=ether2] hw=no 
set [find interface=ether3] hw=no 
set [find interface=ether4] hw=no 
set [find interface=ether5] hw=no 
set [find interface=ether6] hw=no 
set [find interface=ether7] hw=no 
set [find interface=ether8] hw=no 
You do not have the required permissions to view the files attached to this post.
 
User avatar
jbl42
Member Candidate
Member Candidate
Posts: 214
Joined: Sun Jun 21, 2020 12:58 pm

Re: RB5009 Bridge VLAN access port egress packets tagged

Wed Feb 02, 2022 5:02 am

I could solve similar issues on RB5009 and 7.1.1 by setting
frame-types=admit-only-untagged-and-priority-tagged
for the untagged access ports.

This setting should not be necessary and should have affect on ingress only.
But still it helped for me to get rid of wrong egress tags for HW offloaded access ports...

Who is online

Users browsing this forum: No registered users and 12 guests