Community discussions

MikroTik App
  4. RouterOS
  5. General

Untagged VLANs: bug or mistake?

Post Reply
 
icanet
just joined
Topic Author
Posts: 13
Joined: Mon Oct 24, 2011 8:56 pm

Untagged VLANs: bug or mistake?

Thu Apr 17, 2014 5:41 pm

Dear Board,

I have one RB2011Ui AS-RM (tested with RouterOS 6.7 + 6.11 + 6.12 ) and I like to configure some VLANs. It's the first time I try to use the Mikrotik Switch CPU because I'm interested in the wire speed performance. Now I discovered a strange phanomenon, hopefully someone could retry my configuration.

Objective:

I like to have untagged VLAN ports: ether3 (switch1) and ether9 (switch2), and I like to ping a special management IP address from that ports.

Configuration:

ros code

[admin@bkw] > interface ethernet print 
Flags: X - disabled, R - running, S - slave 
 #    NAME                                          MTU MAC-ADDRESS       ARP        MASTER-PORT                                       SWITCH                                      
 0 R  ether1-master	1500 D4:CA:6D:0B:A4:0F enabled    none				switch1                                     
 1  S ether2-slave	1500 D4:CA:6D:0B:A4:10 enabled    ether1-master			switch1                                     
 2  S ether3-slave	1500 D4:CA:6D:0B:A4:11 enabled    ether1-master			switch1                                     
 3  S ether4-slave	1500 D4:CA:6D:0B:A4:12 enabled    ether1-master			switch1                                     
 4 RS ether5-slave	1500 D4:CA:6D:0B:A4:13 enabled    ether1-master			switch1                                     
 5 R  ether6-master	1500 D4:CA:6D:0B:A4:14 enabled    none				switch2                                     
 6  S ether7-slave	1500 D4:CA:6D:0B:A4:15 enabled    ether6-master			switch2                                     
 7 RS ether8-slave	1500 D4:CA:6D:0B:A4:16 enabled    ether6-master			switch2                                     
 8  S ether9-slave	1500 D4:CA:6D:0B:A4:17 enabled    ether6-master			switch2                                     
 9  S ether10-slave	1500 D4:CA:6D:0B:A4:18 enabled    ether6-master			switch2                                     
10    sfp1		1500 D4:CA:6D:0B:A4:0E enabled    none    			switch1		   

[admin@bkw] > interface vlan print  
Flags: X - disabled, R - running, S - slave 
 #    NAME                    MTU ARP        VLAN-ID INTERFACE                 
 0 R  vlan-100-ether1        1500 enabled        100 ether1-master             
 1 R  vlan-100-ether6        1500 enabled        100 ether6-master   

[admin@bkw] > interface bridge print brief 
Flags: X - disabled, R - running 
 #    NAME                                                                  MTU
 0  R switch1-switch2-master                                               1500

[admin@bkw] > interface bridge port print  
Flags: X - disabled, I - inactive, D - dynamic 
 #    INTERFACE              BRIDGE              	PRIORITY  PATH-COST    HORIZON
 0    vlan-100-ether1        switch1-switch2-master	0x80         10       none
 1    vlan-100-ether6        switch1-switch2-master	0x80         10       none

[admin@bkw] /ip> address print 
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         INTERFACE                              
 0    192.168.27.254/24  192.168.27.0    switch1-switch2-master  

[admin@bkw] > interface ethernet switch vlan print 
Flags: X - disabled, I - invalid 
 #   SWITCH                            VLAN-ID PORTS                           
 0   switch2                               100 ether9-slave                    
                                               switch2-cpu                     
 1   switch1                               100 ether3-slave                    
                                               switch1-cpu    

[admin@bkw] > interface ethernet switch port print 
Flags: I - invalid 
 #   NAME            SWITCH            VLAN-MODE VLAN-HEADER    DEFAULT-VLAN-ID
 0   sfp1            switch1           disabled  leave-as-is               auto
 1   ether1-master   switch1           secure    always-strip                10
 2   ether2-slave    switch1           disabled  leave-as-is               auto
 3   ether3-slave    switch1           secure    always-strip               100
 4   ether4-slave    switch1           disabled  leave-as-is               auto
 5   ether5-slave    switch1           disabled  leave-as-is               auto
 6   ether6-master   switch2           secure    always-strip                10
 7   ether7-slave    switch2           disabled  leave-as-is                  0
 8   ether8-slave    switch2           secure    always-strip               100
 9   ether9-slave    switch2           secure    always-strip               100
10   ether10-slave   switch2           disabled  leave-as-is                  0
11   switch1-cpu     switch1           disabled  leave-as-is               auto
12   switch2-cpu     switch2           disabled  leave-as-is                  0
Problem:

If I connect my laptop (192.168.27.9/24) to ether9 => I can ping 192.168.27.254. :D
If I connect my laptop (192.168.27.9/24) to ether3 => I can't ping 192.168.27.254. :(

I tried also to bind the management IP address on ether1-master or vlan-100-ether1 but the behaviour doesn't change.

IMHO everything for switch2 should also work with switch1, but it doesn't. I can't see any misconfiguration in my configuration.

Maybe someone could point out my mistake or retry and validate if there is a bug?


Thanks
Sebastian
Top
 
CelticComms
Forum Guru
Forum Guru
Posts: 1765
Joined: Wed May 02, 2012 5:48 am

Re: Untagged VLANs: bug or mistake?

Thu Apr 17, 2014 8:07 pm

Your cpu port settings are different on each switch. If I understand what you are doing try setting both to "secure" and get rid of that auto setting for default VLAN on switch1.
Top
 
icanet
just joined
Topic Author
Posts: 13
Joined: Mon Oct 24, 2011 8:56 pm

Re: Untagged VLANs: bug or mistake?

Tue Apr 22, 2014 4:39 pm

Hi,

you pointed out to a mistake in my configuration which I didn't note. After hopefully changing this parameter I could say it isn't working either. :( Additionally I noticed that the management IP address is only reachable from my Windows 7 laptop. Trying to ping this IP from my Linux Laptop would'n return any result (with tcpdump I see the arp reply, but thats all => very strange effect).

To summarize what I'm like to do:

1.

I like to have untagged VLAN ports ("access ports") which should be communicate to a management IP address. Until now I didn't succeed into a working configuration.

2.
I'd like to use ports from the two different switch CPUs as "access ports" to connect to the same management IP address.

Any help is appreciated.

Thanks!
Sebastian
Top
 
CelticComms
Forum Guru
Forum Guru
Posts: 1765
Joined: Wed May 02, 2012 5:48 am

Re: Untagged VLANs: bug or mistake?

Tue Apr 22, 2014 9:51 pm

Try uploading the full current config and indicate which management IP you want to contact from which ports.
Top
 
icanet
just joined
Topic Author
Posts: 13
Joined: Mon Oct 24, 2011 8:56 pm

Re: Untagged VLANs: bug or mistake?

Wed Apr 23, 2014 11:46 am

Hi Celtic,

I hope this is all you need. Maybe I didn't got the difference between the switch_cpu and the ethernet master port? IMHO they belong together, but working on a different layer => switch_cpu over master port.

ros code

[admin@bkw] > export  
# jan/02/1970 00:00:49 by RouterOS 6.12
# software id = F2F5-LBFS
#
/interface bridge
add l2mtu=1594 name=switch1-switch2-master
/interface ethernet
set [ find default-name=ether1 ] name=ether1-master poe-out=off
set [ find default-name=ether2 ] master-port=ether1-master name=ether2-slave
set [ find default-name=ether3 ] master-port=ether1-master name=ether3-slave
set [ find default-name=ether4 ] master-port=ether1-master name=ether4-slave
set [ find default-name=ether5 ] master-port=ether1-master name=ether5-slave
set [ find default-name=ether6 ] name=ether6-master
set [ find default-name=ether7 ] master-port=ether6-master name=ether7-slave
set [ find default-name=ether8 ] master-port=ether6-master name=ether8-slave
set [ find default-name=ether9 ] master-port=ether6-master name=ether9-slave
set [ find default-name=ether10 ] master-port=ether6-master name=ether10-slave
/interface vlan
add interface=ether1-master l2mtu=1594 name=vlan-100-ether1 vlan-id=100
add interface=ether6-master l2mtu=1594 name=vlan-100-ether6 vlan-id=100
/interface ethernet switch port
set 1 default-vlan-id=10 vlan-header=always-strip vlan-mode=secure
set 3 default-vlan-id=100 vlan-header=always-strip vlan-mode=secure
set 6 default-vlan-id=10 vlan-header=always-strip vlan-mode=secure
set 8 default-vlan-id=100 vlan-header=always-strip vlan-mode=secure
set 9 default-vlan-id=100 vlan-header=always-strip vlan-mode=secure
set 11 default-vlan-id=0
/interface bridge port
add bridge=switch1-switch2-master interface=vlan-100-ether1
add bridge=switch1-switch2-master interface=vlan-100-ether6
add bridge=switch1-switch2-master interface=ether1-master
add bridge=switch1-switch2-master interface=ether6-master
/interface ethernet switch vlan
add ports=ether9-slave,switch2-cpu,ether8-slave switch=switch2 vlan-id=100
add independent-learning=no ports=ether3-slave,switch1-cpu switch=switch1 \
    vlan-id=100
/ip address
add address=192.168.27.254/24 comment=MNGT interface=switch1-switch2-master \
    network=192.168.27.0
Thanks!

Sebastian
Top
 
coryh
just joined
Posts: 3
Joined: Wed Sep 24, 2014 8:21 am

Re: Untagged VLANs: bug or mistake?

Tue Sep 30, 2014 3:37 am

Did you ever find a resolution to this? I am having a similar issue with not able to reach the router from a Linux host but windows is ok.
Top
Post Reply
  4. RouterOS
  5. General