Community discussions

MikroTik App
 
vito420
just joined
Topic Author
Posts: 3
Joined: Tue Jan 31, 2023 3:46 pm

RB3011 VLANs on switch2 issue

Wed May 31, 2023 1:08 pm

Hello, I've been facing a strange issue for several days and could use some help. In our company, we have an RB3011UiAS r2 serving as a gateway, and a CRS354-48P-4S+2Q+ switch, both running ROS 7.7. We've noticed that devices connected to switch chip 2 (eth6-10) are unable to access certain devices. After conducting further investigation, I discovered that this only happens for VLAN 10, which is our infrastructure VLAN comprising servers and routers.

Currently, I'm connected to ether8 (VLAN 10) on the RB3011, and I can successfully ping devices on other VLANs. However, I can only partially access some devices from the VLAN 10 subnet. For example, I can ping our Hyper-V server, but I'm unable to consistently access some VMs behind it (only one out of four pings works sometimes). Interestingly, if I change the VLAN on my port to any other, everything works as expected.

I would greatly appreciate any advice or suggestions to help resolve this issue. Thank you!

Here are relevant configs from router and switch:
RB3011
# may/31/2023 11:43:33 by RouterOS 7.8
# software id = G0SV-94YG
#
# model = RB3011UiAS
/interface bridge
add arp=proxy-arp name=bridge
/interface vlan
add arp=proxy-arp interface=bridge name=vlan10-infrastructure vlan-id=10
add arp=proxy-arp interface=bridge name=vlan20-intranet vlan-id=20
add arp=proxy-arp interface=bridge name=vlan30-guest vlan-id=30
add arp=proxy-arp interface=bridge name=vlan40-voip vlan-id=40
add arp=proxy-arp interface=bridge name=vlan420-dev vlan-id=420

/interface ethernet switch port
set 1 vlan-header=add-if-missing vlan-mode=secure
set 2 default-vlan-id=10 vlan-header=always-strip vlan-mode=secure
set 3 default-vlan-id=10 vlan-header=always-strip vlan-mode=secure
set 4 default-vlan-id=10 vlan-header=always-strip vlan-mode=secure
set 5 default-vlan-id=20 vlan-header=always-strip vlan-mode=secure
set 7 default-vlan-id=10 vlan-header=always-strip vlan-mode=secure
set 8 default-vlan-id=10 vlan-header=always-strip vlan-mode=secure
set 10 vlan-mode=secure
set 11 vlan-mode=secure
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool_dev ranges=10.42.0.20-10.42.0.254
add name=dhcp_pool_intra ranges=192.168.120.10-192.168.120.254
add name=dhcp_pool_voip ranges=192.168.130.194-192.168.130.222
add name=dhcp_pool_guest ranges=192.168.130.2-192.168.130.126
add name=dhcp_pool_infrastructure ranges=192.168.104.50-192.168.104.254
/ip dhcp-server
add address-pool=dhcp_pool_dev interface=vlan420-dev name=dhcp-420
add address-pool=dhcp_pool_voip interface=vlan40-voip lease-time=8h name=\
    dhcp-40
add address-pool=dhcp_pool_intra interface=vlan20-intranet name=dhcp-20
add address-pool=dhcp_pool_guest interface=vlan30-guest lease-time=2h name=\
    dhcp-30
add address-pool=dhcp_pool_infrastructure interface=vlan10-infrastructure \
    lease-time=2h name=dhcp-10

/interface bridge port
add bridge=bridge interface=ether2
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
add bridge=bridge interface=ether6
add bridge=bridge interface=ether7
add bridge=bridge interface=ether8
add bridge=bridge interface=ether9
add bridge=bridge interface=ether10

/interface ethernet switch vlan
add independent-learning=no ports=ether2,ether3,ether4,ether5,switch1-cpu \
    switch=switch1 vlan-id=10
add independent-learning=no ports=ether2,switch1-cpu switch=switch1 vlan-id=\
    20
add independent-learning=no ports=ether2,switch1-cpu switch=switch1 vlan-id=\
    30
add independent-learning=no ports=ether2,switch1-cpu switch=switch1 vlan-id=\
    40
add independent-learning=no ports=ether2,switch1-cpu switch=switch1 vlan-id=\
    420
add independent-learning=no ports=ether8,ether9,switch2-cpu switch=switch2 \
    vlan-id=10
add independent-learning=no ports=ether6,switch2-cpu switch=switch2 vlan-id=\
    20
/interface list member
add interface=bridge list=LAN
add interface=ether1 list=WAN
add interface=vlan10-infrastructure list=LAN
add interface=vlan420-dev list=LAN
add interface=vlan20-intranet list=LAN

/ip address
add address=192.168.104.1/24 comment=defconf interface=vlan10-infrastructure \
    network=192.168.104.0
add address=123.456.789.95/24 interface=ether1 network=123.456.789.0
add address=10.42.0.1/24 interface=vlan420-dev network=10.42.0.0
add address=192.168.120.1/24 interface=vlan20-intranet network=192.168.120.0
add address=192.168.130.1/25 interface=vlan30-guest network=192.168.130.0
add address=192.168.130.193/27 interface=vlan40-voip network=192.168.130.192
CRS354
# may/31/2023 10:01:13 by RouterOS 7.7
# software id = XJHV-MA4I
#
# model = CRS354-48P-4S+2Q+
# serial number = HD708BJ653A
/interface bridge
add admin-mac=18:FD:74:BC:A8:08 arp=proxy-arp auto-mac=no comment=defconf \
    name=bridge vlan-filtering=yes
/interface ethernet
set [ find default-name=qsfpplus1-1 ] disabled=yes
set [ find default-name=qsfpplus1-2 ] disabled=yes
set [ find default-name=qsfpplus1-3 ] disabled=yes
set [ find default-name=qsfpplus1-4 ] disabled=yes
set [ find default-name=qsfpplus2-1 ] disabled=yes
set [ find default-name=qsfpplus2-2 ] disabled=yes
set [ find default-name=qsfpplus2-3 ] disabled=yes
set [ find default-name=qsfpplus2-4 ] disabled=yes
set [ find default-name=sfp-sfpplus1 ] disabled=yes
set [ find default-name=sfp-sfpplus2 ] disabled=yes
set [ find default-name=sfp-sfpplus3 ] disabled=yes
set [ find default-name=sfp-sfpplus4 ] disabled=yes
/interface vlan
add arp=proxy-arp interface=bridge name=vlan10 vlan-id=10
add arp=proxy-arp interface=bridge name=vlan420 vlan-id=420
/interface bonding
add mode=802.3ad name=ether3-4-server slaves=ether3,ether4
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/port
set 0 name=serial0

/interface bridge port
add bridge=bridge interface=ether1
add bridge=bridge interface=ether2
add bridge=bridge interface=ether5 pvid=10
add bridge=bridge interface=ether6 pvid=10
add bridge=bridge interface=ether7 pvid=10
add bridge=bridge interface=ether8 pvid=10
add bridge=bridge interface=ether9
add bridge=bridge interface=ether10
add bridge=bridge interface=ether11
add bridge=bridge interface=ether12
add bridge=bridge interface=ether13 pvid=40
add bridge=bridge interface=ether14 pvid=40
add bridge=bridge interface=ether15 pvid=40
add bridge=bridge interface=ether16 pvid=40
add bridge=bridge interface=ether17 pvid=40
add bridge=bridge interface=ether18 pvid=40
add bridge=bridge interface=ether19 pvid=40
add bridge=bridge interface=ether20 pvid=40
add bridge=bridge interface=ether21 pvid=10
add bridge=bridge interface=ether22 pvid=10
add bridge=bridge interface=ether23 pvid=10
add bridge=bridge interface=ether24 pvid=10
add bridge=bridge interface=ether25 pvid=20
add bridge=bridge interface=ether26 pvid=20
add bridge=bridge interface=ether27 pvid=20
add bridge=bridge interface=ether28 pvid=20
add bridge=bridge interface=ether29 pvid=20
add bridge=bridge interface=ether30 pvid=30
add bridge=bridge interface=ether31 pvid=20
add bridge=bridge interface=ether32 pvid=20
add bridge=bridge interface=ether33 pvid=20
add bridge=bridge interface=ether34 pvid=20
add bridge=bridge interface=ether35 pvid=20
add bridge=bridge interface=ether36
add bridge=bridge interface=ether37 pvid=420
add bridge=bridge interface=ether38 pvid=420
add bridge=bridge interface=ether39 pvid=420
add bridge=bridge interface=ether40 pvid=420
add bridge=bridge interface=ether41 pvid=420
add bridge=bridge interface=ether42 pvid=420
add bridge=bridge interface=ether43 pvid=420
add bridge=bridge interface=ether44 pvid=420
add bridge=bridge interface=ether45 pvid=20
add bridge=bridge interface=ether46 pvid=20
add bridge=bridge interface=ether47 pvid=20
add bridge=bridge interface=ether48 pvid=20
add bridge=bridge interface=ether49
add bridge=bridge interface=qsfpplus1-1
add bridge=bridge interface=qsfpplus1-2
add bridge=bridge interface=qsfpplus1-3
add bridge=bridge interface=qsfpplus1-4
add bridge=bridge interface=qsfpplus2-1
add bridge=bridge interface=qsfpplus2-2
add bridge=bridge interface=qsfpplus2-3
add bridge=bridge interface=qsfpplus2-4
add bridge=bridge interface=sfp-sfpplus1
add bridge=bridge interface=sfp-sfpplus2
add bridge=bridge interface=sfp-sfpplus3
add bridge=bridge interface=sfp-sfpplus4
add bridge=bridge interface=ether3-4-server pvid=10
/interface bridge vlan
add bridge=bridge tagged=bridge,ether1,ether2,ether24 untagged=\
    ether3-4-server,ether5,ether6,ether7,ether8,ether21,ether22,ether23 \
    vlan-ids=10
add bridge=bridge tagged=bridge,ether1,ether2 untagged=\
    ether37,ether38,ether39,ether40,ether41,ether42,ether43,ether44 vlan-ids=\
    420
add bridge=bridge tagged=bridge,ether1,ether2,ether21,ether22,ether23,ether24 \
    untagged="ether25,ether26,ether27,ether28,ether29,ether31,ether32,ether33,\
    ether34,ether35,ether45,ether46,ether47,ether48" vlan-ids=20
add bridge=bridge tagged=bridge,ether1,ether2,ether21,ether22,ether23,ether24 \
    untagged=ether30 vlan-ids=30
add bridge=bridge tagged=bridge,ether1,ether2 untagged=\
    ether13,ether14,ether15,ether16,ether17,ether18,ether19,ether20 vlan-ids=\
    40
/ip address
add address=192.168.104.7/24 interface=vlan10 network=192.168.104.0
add address=10.42.0.2/24 interface=vlan420 network=10.42.0.0
/ip dns
set servers=192.168.104.2,8.8.8.8
/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=192.168.104.1 routing-table=\
    main suppress-hw-offload=no
It's worth to note that on switch in bridge-VLANs tab I still see default VLAN1 untagged on bridge and ether2 (trunk). I'm not sure whether it's related but I don't know how to get rid of it.
 
tdw
Forum Guru
Forum Guru
Posts: 1841
Joined: Sat May 05, 2018 11:55 am

Re: RB3011 VLANs on switch2 issue  [SOLVED]

Wed May 31, 2023 3:25 pm

 
vito420
just joined
Topic Author
Posts: 3
Joined: Tue Jan 31, 2023 3:46 pm

Re: RB3011 VLANs on switch2 issue

Sun Jun 04, 2023 10:56 pm

Thanks much, now it works like a charm

Who is online

Users browsing this forum: BinaryTB, Google [Bot], raphaps, rplant and 81 guests