crs326 vlans don't seem to work in routerOS version 7.13 routerOS 7.9 they work, has any setting changed between those software versions. Ping no
so it goes, both in the internal network and to the external network, as if the speed of the port were 0, could rstp be the cause of the problem, because there are two switches in the network where it is activated, I tried to turn it off in the bridge's protocol-mode none,
and this had no effect. Here are the switch configurations

/interface/bridge of the main switch
configuration, this is where vlans work
https://pastebin.com/6qmJar8E

A switch where vlans don't work /interface/bridge configuration
https://pastebin.com/aaRrxjAQ

A working switchport configuration
https://pastebin.com/fBMvAtp2

Port configuration from a switch with vlans do not work
https://pastebin.com/PxLWXRjs

Main switch where vlans work in /interface/bridge/monitor
https://pastebin.com/gdnL6YdQ
Switch where vlans don't work /interface/bridge/monitor
https://pastebin.com/PhCwiZBP

I would think the problem is somewhere in the bridge settings or
in the spanning tree protocol settings, I would be very grateful if someone could tell me the answer to the problem, this problem has been bothering my network for quite some time.

It seems like there might be a compatibility issue with CRS326 and RouterOS version 7.13. Check your bridge and spanning tree protocol settings, especially on the switch where VLANs aren't working. Consider downgrading to RouterOS version 7.9 for a potential workaround.

Is this a commonly recognized bug and has mikrotik responded to this because that compatibility issue is being fixed, Do you see clear errors in my configuration or bridge settings with a non-working switch

It seems like there might be a compatibility issue with CRS326 and RouterOS version 7.13. Check your bridge and spanning tree protocol settings, especially on the switch where VLANs aren't working. Consider downgrading to RouterOS version 7.9 for a potential workaround.

I can't get routerOS version 7.9 after updating the switch, I updated routerOS version 7.14 on the non-working switch, with the same problem, but now I can't go back to routerOS version 7.9, would you have more information about this crs326
about the vlan incompatibility problem and what causes it
edit
I got the switch updated to version 7.9 and vlans work again, however I would like to see this compatibility issue fixed

Update
vlans still don't seem to work on routerOS version 7.9, now I think there is some error in the configuration of the switch, here is the full configuration

# mar/05/2024 15:51:17 by RouterOS 7.9.2
# software id = 4INH-Y6X0
#
# model = CRS326-24G-2S+
/interface bridge
add add-dhcp-option82=yes admin-mac=18:FD:74:E6:4A:4A auto-mac=no comment=\
defconf dhcp-snooping=yes ingress-filtering=no name=bridge \
vlan-filtering=yes
/interface ethernet
set [ find default-name=sfp-sfpplus1 ] advertise="10M-half,10M-full,100M-half,\
100M-full,1000M-half,1000M-full,10000M-full,2500M-full,5000M-full"
set [ find default-name=sfp-sfpplus2 ] advertise="10M-half,10M-full,100M-half,\
100M-full,1000M-half,1000M-full,10000M-full,2500M-full,5000M-full"
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/port
set 0 name=serial0
/snmp community
set [ find default=yes ] name=xxxxxxxxxxx
/interface bridge port
add bridge=bridge comment=defconf ingress-filtering=no interface=ether1 \
trusted=yes
add bridge=bridge comment=defconf ingress-filtering=no interface=ether2 \
trusted=yes
add bridge=bridge comment=defconf ingress-filtering=no interface=ether3
add bridge=bridge comment=defconf ingress-filtering=no interface=ether4
add bridge=bridge comment=defconf ingress-filtering=no interface=ether5
add bridge=bridge comment=defconf interface=ether6 pvid=20
add bridge=bridge comment=defconf frame-types=admit-only-vlan-tagged \
interface=ether7 pvid=30
add bridge=bridge comment=defconf ingress-filtering=no interface=ether8
add bridge=bridge comment=defconf frame-types=admit-only-vlan-tagged \
interface=ether9 pvid=20
add bridge=bridge comment=defconf frame-types=admit-only-vlan-tagged \
interface=ether10 pvid=30
add bridge=bridge comment=defconf ingress-filtering=no interface=ether11
add bridge=bridge comment=defconf frame-types=admit-only-vlan-tagged \
interface=ether12 pvid=20
add bridge=bridge comment=defconf frame-types=admit-only-vlan-tagged \
interface=ether13 pvid=30
add bridge=bridge comment=defconf ingress-filtering=no interface=ether15
add bridge=bridge comment=defconf ingress-filtering=no interface=ether16
add bridge=bridge comment=defconf ingress-filtering=no interface=ether17
add bridge=bridge comment=defconf ingress-filtering=no interface=ether18
add bridge=bridge comment=defconf ingress-filtering=no interface=ether19
add bridge=bridge comment=defconf ingress-filtering=no interface=ether20
add bridge=bridge comment=defconf ingress-filtering=no interface=ether21
add bridge=bridge comment=defconf ingress-filtering=no interface=ether22
add bridge=bridge comment=defconf ingress-filtering=no interface=ether23
add bridge=bridge comment=defconf ingress-filtering=no interface=ether24
add bridge=bridge comment=defconf ingress-filtering=no interface=sfp-sfpplus1
add bridge=bridge comment=defconf ingress-filtering=no interface=sfp-sfpplus2
add bridge=bridge interface=ether14
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes
/interface bridge vlan
add bridge=bridge comment=virtuaalikoneet tagged=\
ether1,ether2,ether6,ether9,ether12 vlan-ids=20
add bridge=bridge comment=klusteri tagged=ether7,ether10,ether13 vlan-ids=30
add bridge=bridge comment=anicyna tagged=ether1,ether2,ether6 vlan-ids=60
add bridge=bridge comment=hallinta tagged=\
ether1,ether2,ether3,ether5,ether8,ether11 untagged=ether4 vlan-ids=10
/interface ovpn-server server
set auth=sha1,md5
/ip address
add address=192.168.1.12/24 comment=defconf interface=bridge network=\
192.168.1.0
/ip dns
set servers=192.168.1.1
/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=192.168.2.1
add disabled=no dst-address=0.0.0.0/0 gateway=192.168.1.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set api disabled=yes
set winbox disabled=yes
set api-ssl disabled=yes
/ip traffic-flow target
add dst-address=192.168.1.1 port=2056
/snmp
set enabled=yes
/system clock
set time-zone-name=Europe/Helsinki
/system identity
set name=crs326-backupkytkin
/system note
set show-at-login=no
/system routerboard settings
set boot-os=router-os

I think the issue you are having is because you want to tag traffic on a specific port but also setting a pvid with the same vlan id.
For example You should use the default pvid here of 1 (you can use anything else as long as it is not the same vlan id)
Logically because the option "frame-types=admit-only-vlan-tagged" is set pvid should be ignored.
But I think the pvid here is not ignored and sending the traffic as untagged on the interface.

I think the issue you are having is because you want to tag traffic on a specific port but also setting a pvid with the same vlan id.
For example

Code: Select all

add bridge=bridge comment=defconf frame-types=admit-only-vlan-tagged interface=ether7 pvid=30
add bridge=bridge comment=defconf frame-types=admit-only-vlan-tagged interface=ether9 pvid=20
add bridge=bridge comment=defconf frame-types=admit-only-vlan-tagged interface=ether10 pvid=30
add bridge=bridge comment=defconf frame-types=admit-only-vlan-tagged interface=ether12 pvid=20
add bridge=bridge comment=defconf frame-types=admit-only-vlan-tagged interface=ether13 pvid=30

You should use the default pvid here of 1 (you can use anything else as long as it is not the same vlan id)
Logically because the option "frame-types=admit-only-vlan-tagged" is set pvid should be ignored.
But I think the pvid here is not ignored and sending the traffic as untagged on the interface.

I changed all pvid now to the default, i.e. 1 under /interface/bridge/port, still the same problem vlans do not work and traffic does not flow
Below is the configuration of the working switch, the same software version as in the switch where the vlans do not work
# mar/05/2024 16:44:26 by RouterOS 7.9.2
# software id = 9YL9-8TLR
#
# model = CRS326-24G-2S+
/interface bridge
add add-dhcp-option82=yes admin-mac=CC:2D:E0:DC:C5:4A auto-mac=no comment=\
defconf dhcp-snooping=yes name=bridge vlan-filtering=yes
/interface ethernet
set [ find default-name=sfp-sfpplus1 ] advertise="10M-half,10M-full,100M-half,\
100M-full,1000M-half,1000M-full,10000M-full,2500M-full,5000M-full"
set [ find default-name=sfp-sfpplus2 ] advertise="10M-half,10M-full,100M-half,\
100M-full,1000M-half,1000M-full,10000M-full,2500M-full,5000M-full"
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/port
set 0 name=serial0
/snmp community
set [ find default=yes ] name=xxxxxxxx
/interface bridge port
add bridge=bridge comment=defconf interface=ether1 trusted=yes
add bridge=bridge comment=defconf interface=ether2 trusted=yes
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6 pvid=20
add bridge=bridge comment=defconf interface=ether7 pvid=30
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9 pvid=20
add bridge=bridge comment=defconf interface=ether10 pvid=30
add bridge=bridge comment=defconf interface=ether11
add bridge=bridge comment=defconf interface=ether12 pvid=20
add bridge=bridge comment=defconf interface=ether13 pvid=30
add bridge=bridge comment=defconf interface=ether14
add bridge=bridge comment=defconf interface=ether16
add bridge=bridge comment=defconf interface=ether17
add bridge=bridge comment=defconf interface=ether18
add bridge=bridge comment=defconf interface=ether19
add bridge=bridge comment=defconf interface=ether20
add bridge=bridge comment=defconf interface=ether21
add bridge=bridge comment=defconf interface=ether22
add bridge=bridge comment=defconf interface=ether23
add bridge=bridge comment=defconf interface=ether24
add bridge=bridge comment=defconf interface=sfp-sfpplus1
add bridge=bridge comment=defconf interface=sfp-sfpplus2
add bridge=bridge interface=ether15
/interface bridge vlan
add bridge=bridge comment=klusteri tagged=ether7,ether10,ether13 vlan-ids=30
add bridge=bridge comment=anicyna tagged=ether1,ether2,ether6 vlan-ids=60
add bridge=bridge comment=virtuaalikoneet tagged=\
ether1,ether2,ether6,ether9,ether12 vlan-ids=20
/ip address
add address=192.168.1.7/24 comment=defconf interface=bridge network=\
192.168.1.0
/ip dns
set servers=192.168.1.1
/ip route
add dst-address=0.0.0.0/0 gateway=192.168.1.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set api disabled=yes
set winbox disabled=yes
set api-ssl disabled=yes
/ip traffic-flow target
add dst-address=192.168.1.1 port=2056
/snmp
set enabled=yes
/system clock
set time-zone-name=Europe/Helsinki
/system identity
set name=crs326-paakytkin
/system note
set show-at-login=no
/system routerboard settings
set boot-os=router-os

The same logic should also be applied to the apparently working switch.
How are the switches connected, maybe the main switch is not setting the tag or a middle-man switch is doing it.

The same logic should also be applied to the apparently working switch.
How are the switches connected, maybe the main switch is not setting the tag or a middle-man switch is doing it.

The main switch is connected to the opnsense firewall
from the ether1 connection, as well as the second switch, i.e. backupswitch
edit
The problem was in opnsense's vlan configuration, now everything works again after updating the switch
thanks to routerOS 7.9, Is there any forum discussion about this mentioned compatibility issue between routerOS 7.13 and crs326 or is this a guess

I tried updating routerOS 7.14 on the switch
again and the problem would seem to be mysteriously fixed, apparently the main problem was not the switch but the opnsense firewall