Vlan tagging not working

thenoob · Fri Dec 04, 2015 10:01 pm

Hi im trying to segregate my home network in different vlans
i am using a 2011UAS-2HnD and i want to use the in switch chip tagging but it looks like packet are not tagged ingress
my router does not have the latest Os but if necessary i will upgrade ( probably gona try with an upgrade regardless)

what i am ultimatly trying to acheive is have a esxi trunked to the router and segregate my other devices.
unfortunatlly i am not even able to do the simplest of setup : 2 computers in the same vlan with static ip on both sides
no layer3 in router ... just vlan segragation here. looks like ports are not tagging packet ingress... when i put checked or secure switch connection drops there . looks like i am missing some info here.

this is my info :
(dont mind comments on the eth interface)

PC#1 => eth9 (switch-vlan10) eth8 => PC#2

eth7,8,9 slave to eth6

========================================
           THE DEVICE
========================================

[admin@Linksys] > /system license print 
    software-id: DA59-4R88
  upgradable-to: v7.x
         nlevel: 5
       features: 
[admin@Linksys] > /system routerboard print 
       routerboard: yes
             model: 2011UAS-2HnD
     serial-number: 4027023BF3A1
  current-firmware: 3.0
  upgrade-firmware: 3.04
[admin@Linksys] > 

[admin@Linksys] > /system package print     
Flags: X - disabled 
 #   NAME                    VERSION                    SCHEDULED              
 0   system                  5.24                                              
 1   advanced-tools          5.24                                              
 2   routerboard             5.24                                              
 3   ppp                     5.24                                              
 4   lcd                     5.24                                              
 5   mpls                    5.24                                              
 6   dhcp                    5.24                                              
 7   calea                   5.24                                              
 8   ipv6                    5.24                                              
 9   multicast               5.24                                              
10   hotspot                 5.24                                              
11   ntp                     5.24                                              
12   gps                     5.24                                              
13   wireless                5.24                                              
14   ups                     5.24                                              
15   security                5.24                                              
16   user-manager            5.24                                              
17   routing                 5.24                                              
[admin@Linksys] > 

========================================
            THE CONFIG
========================================
[admin@Linksys] > interface ethernet print 
Flags: X - disabled, R - running, S - slave 
 #    NAME        MTU MAC-ADDRESS       ARP        MASTER-PORT      SWITCH     
 0    ;;; sfp cage
      sfp1       1500 D4:CA:6D:7B:C3:BC enabled    none             switch1    
 1 R  ;;; internet
      wan        1500 D4:CA:6D:7B:C3:BD enabled    none             switch1    
 2 RS ;;; bond0
      eth2       1500 D4:CA:6D:7B:C3:BE enabled    none             switch1    
 3  S eth3       1500 D4:CA:6D:7B:C3:BF enabled    none             switch1    
 4    ;;; lan
      eth4       1500 D4:CA:6D:7B:C3:C0 enabled    none             switch1    
 5 R  eth5       1500 D4:CA:6D:7B:C3:C1 enabled    none             switch1    
 6    ;;; media
      eth6       1500 D4:CA:6D:7B:C3:C2 enabled    none             switch2    
 7  S eth7       1500 D4:CA:6D:7B:C3:C3 enabled    eth6             switch2    
 8  S eth8       1500 D4:CA:6D:7B:C3:C4 enabled    eth6             switch2    
 9  S eth9       1500 D4:CA:6D:7B:C3:C5 enabled    eth6             switch2    
10    ;;; dmz
      eth10      1500 D4:CA:6D:7B:C3:C6 enabled    none             switch2    
[admin@Linksys] > 


[admin@Linksys] > interface bridge port print
Flags: X - disabled, I - inactive, D - dynamic 
 #    INTERFACE              BRIDGE              PRIORITY  PATH-COST    HORIZON
 0    wlan1                  br-lan                  0x80         10       none
 1    bond0                  br-lan                  0x80         10       none
 2 I  eth4                   br-lan                  0x80         10       none
 3    eth5                   br-lan                  0x80         10       none
 4 I  eth10                  br-dmz                  0x80         10       none
[admin@Linksys] >

[admin@Linksys] > /interface ethernet switch print
Flags: I - invalid 
 #   NAME     TYPE         MIRROR-SOURCE     MIRROR-TARGET     SWITCH-ALL-PORTS
 0   switch1  Atheros-8327 none              none             
 1   switch2  Atheros-8227 none              none             
[admin@Linksys] > 

[admin@Linksys] > /interface ethernet switch vlan print   
Flags: X - disabled, I - invalid 
 #   SWITCH                         VLAN-ID PORTS                              
 0   switch2                             10 eth6                               
                                            eth8                               
                                            eth9                               
                                            switch2_cpu                        
[admin@Linksys] > 

[admin@Linksys] > /interface vlan print                   
Flags: X - disabled, R - running, S - slave 
 #    NAME                    MTU ARP        VLAN-ID INTERFACE                 
 0    vlan10                 1500 enabled         10 eth6                      
[admin@Linksys] > 


[admin@Linksys] > /interface ethernet switch port print
Flags: I - invalid 
 #   NAME                        SWITCH                VLAN-MODE VLAN-HEADER   
 0   sfp1                        switch1               disabled  leave-as-is   
 1   wan                         switch1               disabled  leave-as-is   
 2   eth2                        switch1               disabled  leave-as-is   
 3   eth3                        switch1               disabled  leave-as-is   
 4   eth4                        switch1               disabled  leave-as-is   
 5   eth5                        switch1               disabled  leave-as-is   
 6   eth6                        switch2               secure    add-if-missing  
 7   eth7                        switch2               disabled  leave-as-is   
 8   eth8                        switch2               fallback  always-strip  
 9   eth9                        switch2               fallback  always-strip  
10   eth10                       switch2               disabled  leave-as-is   
11   switch1_cpu                 switch1               disabled  leave-as-is   
12   switch2_cpu                 switch2               secure    add-if-missing
[admin@Linksys] > 

** note:  regardless of #6 and 12 if #8,9 fallback/disabled == works if anything else does not


========================================
           THE end
========================================

thenoob · Fri Dec 04, 2015 10:10 pm

litle precision just in case i was not clear when i say "switch connection drops there" i mean the 2 devices stop pinging each other.

skuykend · Fri Dec 04, 2015 10:19 pm

Not sure if the older 5.24 RoS isn't printing it, or if it's new, but there is a default-vlan-id setting on /interface Ethernet switch port which will need to be set for untagged ingress assignment.

http://wiki.mikrotik.com/wiki/Manual:Sw ... p_Features

You don't have any vlan interfaces assigned to the master port either, but I'm guessing you just haven't gotten there yet as you're checking with the static ip's.

thenoob · Sat Dec 05, 2015 2:09 am

na i dont see the default-vlan-id as an option of the command so i guess i will have to see if it works by upgrading then.

i saw that configured elsewhere tought it was just for the switcheOS or something.

im not home right now ill upgrade when i get back then

as for the master port
isnt the vlan interface ont the master when you create it ? i was kind of confused about that .

if i have

/interface vlan add name=vlan10 vlan-id=10 interface=eth6
/ip address add address=x.x.x.x/24 interface vlan10

that should work right ? then do i need to add vlan10 to a bridge interface to route the packets or does vlan10 do the job by itself ?

skuykend · Sat Dec 05, 2015 2:38 am

that should work right ? then do i need to add vlan10 to a bridge interface to route the packets or does vlan10 do the job by itself ?

The IP address on the vlan interface will get things routing without a bridge.

You'll need to setup a bridge if you need to bridge the same subnet (IP range) to another segment interface like a wlan, switch (RB2011 has two separate switches!), vlan, etc. In that case you can bridge the individual vlans seperately or bridge the whole master port with all vlans and move the vlan interface to the bridge instead of the master port.

For switch setup I usually set switch_cpu to: fallback, leave-as-is (secure or check should be fine too)
Tagged/Trunked ports: secure, add if missing
Untagged ports: secure, always strip and set default-vlan-id to required value

Then (ok before!) just make sure the switch vlan table has entries for all vlans you need and what ports they're allowed on including any switch?_cpu ports.

Vlan tagging not working

Vlan tagging not working

Re: Vlan tagging not working

Re: Vlan tagging not working

Re: Vlan tagging not working

Re: Vlan tagging not working

Who is online