Hello,
I'm still getting my feet wet with all things Mikrotik.
I have what is hopefully an easy question and I'm just missing a step.
I'm currently running everything native on my network but I would like to add VLANS to expand my wireless network setup to allow for a segregated guest network and a VoIP network.
The equipment:
RB493AH
Cisco 3560
Ruckus Zone Director Wireless access point manager and access points

RouterBoard:
I have created the 3 Vlans (1,99,100) and associated them to interface Ether-8.
I have three bridges on the routerboard each with a unique subnet and DHCP server on the bridge.
Each vlan has an IP associated to it and is assigned to the appropriate bridge.
Ether-8 is not part of any bridge. It was part of the main Data Bridge, but I removed it when I added the VLANS. Is that correct?

Cisco:
Ether-8 is patched to a trunk port on the cisco.
Each VLAN exists in the Cisco Vlan Database and has an IP.
The access points are patched to the cisco on Trunk Ports

ZoneDirector:
3 SSIDs are created. Each SSID has an access tag for the associated VLAN.

Once I add the three vlans to ether-8, I start to have network problems. The cisco switch starts to report host flapping between the Mikrotik trunk port and the port of the access point that client is associated with. Devices that already have an IP can still make a route (albeit slowly) and can connect to devices on the Native Vlan 1. Devices that join the network are not able to to fetch an IP in any VLAN.

Any words of wisdom?
Export Snippets below.

ros code

MikroTik RouterOS 5.25 (c) 1999-2013 

  
[admin@RB1] > /interface print
Flags: D - dynamic, X - disabled, R - running, S - slave 
 #     NAME                             TYPE               MTU L2MTU  MAX-L2MTU
 0     ether1                           ether             1500  1526       1526
 1  R   ether2-WAN                       ether             1500  1522       1522
 2     ether3                           ether             1500  1522       1522
 3     ether4                           ether             1500  1522       1522
 4     ether5                           ether             1500  1522       1522
 5     ether6                           ether             1500  1522       1522
 6     ether7                           ether             1500  1522       1522
 7  R  ether8-Cisco                     ether             1500  1522       1522
 8     ether9                           ether             1500  1522       1522
 9  R  BR-DATA                          bridge            1500  1522
10  R  VOIP                             bridge            1500  1522
11  R  BR-GUEST                         bridge            1500 65535
12  R  main_vl                          vlan              1500
13  R  guest_vl                         vlan              1500
14  R  phone_vl                         vlan              1500

[admin@RB1] > /interface vlan print
Flags: X - disabled, R - running, S - slave 
 #    NAME                        MTU ARP        VLAN-ID INTERFACE                    
 0 R  main_vl                    1500 enabled          1 ether8-Cisco                
 1 R  guest_vl                   1500 enabled         99 ether8-Cisco               
 2 R  phone_vl                   1500 enabled        100 ether8-Cisco

               
[admin@RB1] > /ip address print
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         INTERFACE                                     
 0   192.168.222.1/23   192.168.222.0   BR-DATA                                       
 2   192.168.220.1/24   192.168.220.0   VOIP                                          
 3   192.168.99.1/24    192.168.99.0    BR-GUEST                                      
 4 D 192.168.12.18/24   192.168.12.0    ether2-WAN                                                            
 5   192.168.222.3/23   192.168.222.0   main_vl                                       
 6   192.168.99.3/24    192.168.99.0    guest_vl                                      
 7   192.168.220.3/24   192.168.220.0   phone_vl                                                                             

      
[admin@RB1] > /interface bridge print
Flags: X - disabled, R - running 
 0  R name="BR-DATA" mtu=1500 l2mtu=1522 arp=proxy-arp mac-address=00:0C:42:34:93:56 
      protocol-mode=rstp priority=0x8000 auto-mac=no admin-mac=00:0C:42:34:93:56 
      max-message-age=20s forward-delay=15s transmit-hold-count=6 ageing-time=5m 

 2  R name="VOIP" mtu=1500 l2mtu=1522 arp=enabled mac-address=00:0C:42:34:93:74 
      protocol-mode=none priority=0x8000 auto-mac=yes admin-mac=00:00:00:00:00:00 
      max-message-age=20s forward-delay=15s transmit-hold-count=6 ageing-time=5m 

 3  R name="BR-GUEST" mtu=1500 l2mtu=65535 arp=enabled mac-address=00:0C:42:34:93:78 
      protocol-mode=rstp priority=0x8000 auto-mac=yes admin-mac=00:0C:42:34:93:56 
      max-message-age=20s forward-delay=15s transmit-hold-count=6 ageing-time=5m 


[admin@RB1] > /interface bridge port print
Flags: X - disabled, I - inactive, D - dynamic 
 #    INTERFACE                           BRIDGE                           PRIORITY  PATH-COST    HORIZON
 0 I  ether4                              BR-DATA                              0x80         10       none
 1 I  ether5                              BR-DATA                              0x80         10       none
 2 I  ether7                              BR-GUEST                             0x80         10       none
 3 I  ether9                              BR-DATA                              0x80         10       none
 4 I  ether3                              VOIP                                 0x80         10       none
 5 I  ether1                              BR-DATA                              0x80         10       none
 6 I  ether6                              BR-DATA                              0x80         10       none
 7 I  wlan-VoIPNEW                        VOIP                                 0x80         10       none
 8 I  wlan2-5G                            BR-DATA                              0x80         10       none
 9    guest_vl                            BR-GUEST                             0x80         10       none
10    phone_vl                            VOIP                                 0x80         10       none
11    main_vl                             BR-DATA                              0x80         10       none

Thanks very much,

-Ben

You do not need an IP on the VLAN's. An IP on each bridge would be enough.
Try your setup a by removing the VLAN IP's

Thanks Rudios,

Unfortunately that didn't do it. I removed the IP address' from the VLAN's and re enabled the VLANS on the ether8 interface. The second I re enabled them, traffic on the BR-DATA bridge went to almost 0. As soon as I disabled them again, traffic goes right back up to 20Mbs.

Any other ideas? The Cisco config is a pretty simple one at the moment. Factory reset and then just created the vlans and assigned IP's to them as well and set the domain and default host on the switch. Do I also need to remove the IP's from the VLAN's on the switch as well?

Thanks,

Thanks Rudios,

Unfortunately that didn't do it. I removed the IP address' from the VLAN's and re enabled the VLANS on the ether8 interface. The second I re enabled them, traffic on the BR-DATA bridge went to almost 0. As soon as I disabled them again, traffic goes right back up to 20Mbs.

Any other ideas? The Cisco config is a pretty simple one at the moment. Factory reset and then just created the vlans and assigned IP's to them as well and set the domain and default host on the switch. Do I also need to remove the IP's from the VLAN's on the switch as well?

Thanks,

Since you are using a Catalyst 3560, which is a L3 device, it is capable of routing. Your suggestion of removing the IP's from the Cisco could solve the issue, since it is very plausible that both the Cisco and the Routerboard are trying to route the traffic. You only could need some IP on the Cisco, just for maintance.
Maybe that can be sorted out later. If not needed, you could also disable routing on the Cisco.