I get crazy on this. Have tried to get this to work for days now....
Im trying to accomplish connection from my 5G Mobile router to switch(SwOS RB260GS) and then to router(RB4011). The 5G CPE is set to IP Passthrough with Public IP handed over by dhcp.
From switch I need LAN access from Router. Therefore I need VLAN with tagged packets for example Vlan 1000 WAN and Vlan 900 LAN.
I can't figure out what to set on VLAN tabs switch and to have Router both receive and send out VLAN 1000/900.
On switch:
Port 1 - (CPE 5G), any, default vlanID 1000, member of vlan 1000
Port 2 - (Trunk), any, default vlanID 1000, member of vlan 900 and 1000
Port 3 - only untagged, member of vlan 900
Port 4 - only untagged, member of vlan 900
Port 5 - only untagged, member of vlan 900
Router:
Vlan filterering active
Pvid 1000 port 1 (wan port)
vlanID 1000, tagged=Bridge-all-vlan and eth1
pvid 900 eth 2-8
vlanID 900, tagged=Bridge-all-vlan and eth1, untagged eth2-8
Have no problems to link Vlan in normal situations but link reverse gets me confused.
Re: VLAN WAN AND LAN swOS to RB4011
I'd suggest you to go full trunk mode on "trunk" links. Which means that on port2 on SwOS and port1 on ROS you configure both VIDs (900 and 1000) as tagged:
andOn switch:
Port 1 - (CPE 5G), any, default vlanID 1000, member of vlan 1000
Port 2 - (Trunk), any, default vlanID 1000 only tagged, member of vlan 900 and 1000
Port 3 - only untagged, member of vlan 900
Port 4 - only untagged, member of vlan 900
Port 5 - only untagged, member of vlan 900
Router:
Vlan filterering active
Pvid 1000 1 (default) port 1 (wan port) frame-types=only-vlan-tagged
vlanID 1000, tagged=Bridge-all-vlan and eth1
pvid 900 eth 2-8
vlanID 900, tagged=Bridge-all-vlan and eth1, untagged eth2-8
-
-
piotrchm93
just joined
- Posts: 24
- Joined:
Re: VLAN WAN AND LAN swOS to RB4011 [SOLVED]
Hi,
If I understand correctly, you want to get "Internet" on RB 4011, which you will get from CPE 5g via DHCP and it is to be forwarded via VLAN 1000.
In this case, you can no longer treat port 1 as WAN and you must instead assume that VLAN 1000 is your new "WAN"
So if I interpret it correctly, RB260 trunk port is port 2 and it is connected to RB4011 to port 1? Correct me if I'm wrong.
So set RB260 port 1 to VLAN -> Vlan mode -> strict (vlan receive ANY) Default Vlan ID 1000
RB 260 port 2 Vlan mode strict, Vlan Receive Only Tagged, Default ID 1 (def ID must match what you have on Bridge on RB4011)
---- RB4011 ----
Bridge -> click on your bridge -> VLAN -> Vlan filtering ENABLE, PVID 1 (same as on RB260), frames admit all
Bridge -> VLANs add 900 and 1000
Vlan 1000 and 900 add to port 1 as:
Bridge
VLAN ID: 1000
TAGGED: Bridge, eth1
Untagged null
Bridge
VLAN ID: 900
TAGGED: Bridge, eth1
Untaged e.g. port 2.3
Bridge -> ports -> ETH1 -> VLAN 1, Admit ALL.
And now on the RB 4011 set the DHCP client (if the CPE provides a DHCP address) to interface vlan 1000, Add Default Route yes
or IP -> Addresses, + new addresses and assign to VLAN 1000.
Interfaces -> InterfaceList -> vlan 1000 add to WAN list
You should then receive a communication IP address on VLAN 1000
If I understand correctly, you want to get "Internet" on RB 4011, which you will get from CPE 5g via DHCP and it is to be forwarded via VLAN 1000.
In this case, you can no longer treat port 1 as WAN and you must instead assume that VLAN 1000 is your new "WAN"
So if I interpret it correctly, RB260 trunk port is port 2 and it is connected to RB4011 to port 1? Correct me if I'm wrong.
So set RB260 port 1 to VLAN -> Vlan mode -> strict (vlan receive ANY) Default Vlan ID 1000
RB 260 port 2 Vlan mode strict, Vlan Receive Only Tagged, Default ID 1 (def ID must match what you have on Bridge on RB4011)
---- RB4011 ----
Bridge -> click on your bridge -> VLAN -> Vlan filtering ENABLE, PVID 1 (same as on RB260), frames admit all
Bridge -> VLANs add 900 and 1000
Vlan 1000 and 900 add to port 1 as:
Bridge
VLAN ID: 1000
TAGGED: Bridge, eth1
Untagged null
Bridge
VLAN ID: 900
TAGGED: Bridge, eth1
Untaged e.g. port 2.3
Bridge -> ports -> ETH1 -> VLAN 1, Admit ALL.
And now on the RB 4011 set the DHCP client (if the CPE provides a DHCP address) to interface vlan 1000, Add Default Route yes
or IP -> Addresses, + new addresses and assign to VLAN 1000.
Interfaces -> InterfaceList -> vlan 1000 add to WAN list
You should then receive a communication IP address on VLAN 1000
You do not have the required permissions to view the files attached to this post.
Re: VLAN WAN AND LAN swOS to RB4011
Hi,
If I understand correctly, you want to get "Internet" on RB 4011, which you will get from CPE 5g via DHCP and it is to be forwarded via VLAN 1000.
In this case, you can no longer treat port 1 as WAN and you must instead assume that VLAN 1000 is your new "WAN"
So if I interpret it correctly, RB260 trunk port is port 2 and it is connected to RB4011 to port 1? Correct me if I'm wrong.
So set RB260 port 1 to VLAN -> Vlan mode -> strict (vlan receive ANY) Default Vlan ID 1000
RB 260 port 2 Vlan mode strict, Vlan Receive Only Tagged, Default ID 1 (def ID must match what you have on Bridge on RB4011)
---- RB4011 ----
Bridge -> click on your bridge -> VLAN -> Vlan filtering ENABLE, PVID 1 (same as on RB260), frames admit all
Bridge -> VLANs add 900 and 1000
Vlan 1000 and 900 add to port 1 as:
Bridge
VLAN ID: 1000
TAGGED: Bridge, eth1
Untagged null
Bridge
VLAN ID: 900
TAGGED: Bridge, eth1
Untaged e.g. port 2.3
Bridge -> ports -> ETH1 -> VLAN 1, Admit ALL.
And now on the RB 4011 set the DHCP client (if the CPE provides a DHCP address) to interface vlan 1000, Add Default Route yes
or IP -> Addresses, + new addresses and assign to VLAN 1000.
Interfaces -> InterfaceList -> vlan 1000 add to WAN list
You should then receive a communication IP address on VLAN 1000
This one looks promising
...and you understood me correctly on everything 
I will test this later and will come back to you with result.
Just one thought....They say you shouldn't use Vlan ID 1? Is it good to implement that if I for som reason will use other stuff like Edgeswitch or something else in setup further ahead?
-
-
piotrchm93
just joined
- Posts: 24
- Joined:
Re: VLAN WAN AND LAN swOS to RB4011
I think that's a good point, but I haven't fully checked the other configuration. This is probably due to the fact that PVID 1 is the "default" vlan and many other devices communicate on it, which may cause some security problems. However, in the case of my networks, apart from TAG ports, there is no VLAN 1 anywhere (IPs are assigned to different Vlans, and the ports also always have a different vlan than 1)
Re: VLAN WAN AND LAN swOS to RB4011
I made the configs now and works perfectlyI think that's a good point, but I haven't fully checked the other configuration. This is probably due to the fact that PVID 1 is the "default" vlan and many other devices communicate on it, which may cause some security problems. However, in the case of my networks, apart from TAG ports, there is no VLAN 1 anywhere (IPs are assigned to different Vlans, and the ports also always have a different vlan than 1)
thank you so much, much appreciated.-
-
piotrchm93
just joined
- Posts: 24
- Joined:
Re: VLAN WAN AND LAN swOS to RB4011
I'm very glad I could help, have a nice day
Re: VLAN WAN AND LAN swOS to RB4011
Hej!!
Hi, I'm very glad you solved the problem, but I and the forum would be so much happier
if you also mark your case in this forum as solved.
See the pictures below.
Where you click on the following places on the thread that solved your problem.
So the AI can take over and know what the problems are with the respective solution.
At board style: Canvas
At board style: prosilver
Hi, I'm very glad you solved the problem, but I and the forum would be so much happier
if you also mark your case in this forum as solved.
See the pictures below.
Where you click on the following places on the thread that solved your problem.
So the AI can take over and know what the problems are with the respective solution.
At board style: Canvas
At board style: prosilver
Re: VLAN WAN AND LAN swOS to RB4011
Jeez patrik you sound like a broken record, wouldnt it be nice, before posters put their first post to the forum, that their sandbox training was populated with your very good teaching point.
Alas, no one other than me, seems to find value in education. Bring on the dead...........
Alas, no one other than me, seems to find value in education. Bring on the dead...........
Who is online
Users browsing this forum: No registered users and 29 guests