Community discussions

MikroTik App
 
wpsd2006
just joined
Topic Author
Posts: 22
Joined: Sat Feb 04, 2017 11:15 am

Inter Switch VLAN

Sat May 14, 2022 10:40 am

Hi I have a problem regarding VLAN connection across switch. I'm using gns3 to simulate the problem.
The main purpose is to let Client A connect to Client B through high speed connection (FO) when using specific IP

This is the topology
Screenshot_2022-05-14_14-18-51.png
Note :
  • VLAN 100 are for internet
  • VLAN 300 are network device management port
  • VLAN 131 are high speed switch (FO)
  • All network device use Mikrotik CHR-6.48.5

The Client A and Client B using static ip for both VLAN 100 and VLAN 131 under single port

Client A cannot ping to INTERSWITCH (192.168.130.1)
Client B can ping to INTERSWITCH (192.168.130.1)

If I remove the connection either SITE1-SWITCH to INETSWITCH or SITE2-SWITCH to INETSWITCH
then both Client A and Client B can communicate to each other using VLAN 131, but at the cost of Client A cannot connect to the internet ( VLAN 100 )

It seems like there is a loop somewhere. But I'm unable to find the problem.

This is the configuration

ROUTER
/interface bridge
add ingress-filtering=yes name=bridge vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] disable-running-check=no
set [ find default-name=ether2 ] disable-running-check=no
/interface vlan
add interface=bridge name=vlan-100 vlan-id=100
add interface=bridge name=vlan-300 vlan-id=300
/ip pool
add name=pool0 ranges=172.16.1.2-172.16.1.100
/ip dhcp-server
add address-pool=pool0 disabled=no interface=vlan-100 name=dhcp-compute
/interface bridge port
add bridge=bridge interface=ether2 pvid=300
/interface bridge vlan
add bridge=bridge tagged=bridge,ether2 vlan-ids=100,300
/ip address
add address=192.168.88.1/24 interface=vlan-300 network=192.168.88.0
add address=172.16.1.1/24 interface=vlan-100 network=172.16.1.0
/ip dhcp-client
add disabled=no interface=ether1
/ip dhcp-server network
add address=172.16.1.0/24 gateway=172.16.1.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1

INETSWITCH
/interface bridge
add ingress-filtering=yes name=bridge vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] disable-running-check=no
set [ find default-name=ether2 ] disable-running-check=no
set [ find default-name=ether3 ] disable-running-check=no
/interface vlan
add interface=bridge name=vlan-100 vlan-id=100
add interface=bridge name=vlan-300 vlan-id=300
/interface bridge port
add bridge=bridge interface=ether1 pvid=300
add bridge=bridge interface=ether2 pvid=300
add bridge=bridge interface=ether3 pvid=300
/interface bridge vlan
add bridge=bridge tagged=bridge,ether1,ether2,ether3 vlan-ids=131,100,300
/ip address
add address=192.168.88.100/24 interface=vlan-300 network=192.168.88.0

SITE1-SWITCH
/interface bridge
add ingress-filtering=yes name=bridge vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] disable-running-check=no
set [ find default-name=ether2 ] disable-running-check=no
set [ find default-name=ether3 ] disable-running-check=no
set [ find default-name=ether4 ] disable-running-check=no
/interface vlan
add interface=bridge loop-protect=on name=vlan-100 vlan-id=100
add interface=bridge loop-protect=on name=vlan-131 vlan-id=131
add interface=bridge loop-protect=on name=vlan-300 vlan-id=300
/interface bridge port
add bridge=bridge interface=ether1 pvid=300
add bridge=bridge interface=ether2 pvid=100
add bridge=bridge interface=ether3 pvid=100
add bridge=bridge interface=ether4 pvid=131
/interface bridge vlan
add bridge=bridge tagged=bridge,ether2,ether3,ether4 vlan-ids=131
add bridge=bridge tagged=bridge,ether1,ether2,ether3 vlan-ids=100
add bridge=bridge tagged=bridge,ether1 vlan-ids=300
/ip address
add address=192.168.88.101/24 interface=vlan-300 network=192.168.88.0

SITE2-SWITCH
/interface bridge
add ingress-filtering=yes name=bridge vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] disable-running-check=no
set [ find default-name=ether2 ] disable-running-check=no
set [ find default-name=ether3 ] disable-running-check=no
set [ find default-name=ether4 ] disable-running-check=no
/interface vlan
add interface=bridge loop-protect=on name=vlan-100 vlan-id=100
add interface=bridge loop-protect=on name=vlan-131 vlan-id=131
add interface=bridge loop-protect=on name=vlan-300 vlan-id=300
/interface bridge port
add bridge=bridge interface=ether1 pvid=300
add bridge=bridge interface=ether2 pvid=100
add bridge=bridge interface=ether3 pvid=100
add bridge=bridge interface=ether4 pvid=131
/interface bridge vlan
add bridge=bridge tagged=bridge,ether1 vlan-ids=300
add bridge=bridge tagged=bridge,ether1,ether2,ether3 vlan-ids=100
add bridge=bridge tagged=bridge,ether2,ether3,ether4 vlan-ids=131
/ip address
add address=192.168.88.102/24 interface=vlan-300 network=192.168.88.0

INTERSWITCH
/interface bridge
add ingress-filtering=yes name=bridge vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] disable-running-check=no
set [ find default-name=ether2 ] disable-running-check=no
/interface vlan
add interface=bridge name=vlan-131 vlan-id=131
/interface bridge port
add bridge=bridge interface=ether1 pvid=131
add bridge=bridge interface=ether2 pvid=131
/interface bridge vlan
add bridge=bridge tagged=bridge,ether1,ether2 vlan-ids=131
/ip address
add address=192.168.130.1/23 interface=vlan-131 network=192.168.130.0
You do not have the required permissions to view the files attached to this post.
 
tdw
Forum Guru
Forum Guru
Posts: 1843
Joined: Sat May 05, 2018 11:55 am

Re: Inter Switch VLAN

Sat May 14, 2022 2:30 pm

One of the paths forming the inetswitch - site1switch - interswitch - site2switch loop will be disabled by spanning tree, and as you do not have the same VLANs configured on each path connectivity will be lost.

If you wish to have redundant paths with blocks on different links for some VLANs you will have to configure MSTP. Otherwise if you have no layer2 loops for each VLAN you can disable spanning tree either by setting protocol-mode=none on each bridge, although this results in the bridges no longer being 802.1D compliant, or setting edge=yes on each bridge port.
 
wpsd2006
just joined
Topic Author
Posts: 22
Joined: Sat Feb 04, 2017 11:15 am

Re: Inter Switch VLAN

Sat May 14, 2022 5:08 pm

Hi, thanks for the info I still getting my head around MSTP.

Currently in this case I don't need redundant connection between SITE1 and SITE2
the purpose is for VLAN131 packet go to interswitch, it will be use to communicate internally between site
also it will be used by specific software in the client, and it doesn't need to touch inetswitch and other vlan
 
wpsd2006
just joined
Topic Author
Posts: 22
Joined: Sat Feb 04, 2017 11:15 am

Re: Inter Switch VLAN

Sat May 14, 2022 5:50 pm

So I added mstp info, but not sure why this is working.
All bridge frame-type is admit-all maybe this is the culprit

INETSWITCH
/interface bridge
add ingress-filtering=yes name=bridge priority=0x8000 protocol-mode=mstp \
    vlan-filtering=yes
/interface bridge msti
add bridge=bridge identifier=1 priority=0x1000 vlan-mapping=100,200,300
add bridge=bridge identifier=2 priority=0x3000 vlan-mapping=131

INTERSWITCH
/interface bridge
add ingress-filtering=yes name=bridge priority=0x8000 protocol-mode=mstp \
    vlan-filtering=yes
/interface bridge msti
add bridge=bridge identifier=1 priority=0x3000 vlan-mapping=100,200,300
add bridge=bridge identifier=2 priority=0x1000 vlan-mapping=131

SITE1-SWITCH
/interface bridge
add ingress-filtering=yes name=bridge priority=0x1000 protocol-mode=mstp \
    vlan-filtering=yes
/interface bridge msti
add bridge=bridge identifier=1 priority=0x1000 vlan-mapping=100,200,300
add bridge=bridge identifier=2 priority=0x3000 vlan-mapping=131

SITE2-SWITCH
/interface bridge
add ingress-filtering=yes name=bridge priority=0x1000 protocol-mode=mstp \
    vlan-filtering=yes
/interface bridge msti
add bridge=bridge identifier=1 priority=0x1000 vlan-mapping=100,200,300
add bridge=bridge identifier=2 priority=0x3000 vlan-mapping=131

Who is online

Users browsing this forum: Amazon [Bot], andreo, h3x00r, syasar and 78 guests