Hi,
I wonder if someone can help me.
I have following scenario
2 Bridges
Mgmt Bridge contains port 2,3,4
VLANS Bridge contains port 7,8,9
I have a LAN with IP 192.168.155.1/24 and DHCP server runs on it and assigned to Mgmt Bridge - WORKS OK THROUGH ALL PORTS ON THE ROUTER
I have 2 x VLANS with IPS 10.4.0.1/24 and 10.2.0.1/24 and have DHCP servers allocated to both VLANs
I have a 48 Port Managed Switch.
I have configured ports 1 - 10 to first VLAN
I have configured port 11 - 20 to second VLAN
Ports 21 - 48 are on default VLAN ID : 1
above all works
if I plug my laptop in any ports from 1 - 10 , i get correct VLAN DHCP IP
if I plug my laptop in any ports from 11 - 20, i get correct VLAN DHCP IP for second VLAN
When I plug the laptop into rest of the ports, I am expecting IP from Management LAN however this doesn't work
Switch Config
On first VLAN, I have ports 1 - 10 untagged and tagged port 49
on second VLAN, i have ports 11 20 untagged and tagged Port 49
on default VLAN, apart from ports used in above vlans, rest are untagged including port 49 (which I am using to carry traffic)
It carries VLAN traffic however not LAN.
On Mikrotik, the cable from Switch Port 49 goes in the VLAN Bridge Port
I have ran a second cable to port 50 from Mgmt Bridge port however its not working.
I must be doing something wrong, advise appreciated
Re: Help with VLAN issue
Hi
I didn't fully understand your infrastructure but here are few tips that can hopefully help you:
Bridges - if you are VLAN tagging your management bridge double check bridge settings / VLAN filtering (on if you are tagging) and also your PVID on the bridge (if 1 then it's default) and your ports should also be untagged as 1.
if you are getting DHCP on your router ports the issue is most likely the config of your switch.
do you have second cable between management bridge and the switch? if you don't then thats the problem.
another way of doing your setup is 1 bridge with ports 2,3,4,7,8,9 (management LAN is on the bridge (PVID 1), VLANs are in the same bridge with DHCP, etc.
Switch: the port where you are connecting Mgmt bridge should be trunk (same as your VLAN Bridge) and the rest of your ports 21-48 should untagged with 1 or the same PVID as Mgmt bridge or VLAN tag if you are using VLANs.
I hope this helps.
I didn't fully understand your infrastructure but here are few tips that can hopefully help you:
Bridges - if you are VLAN tagging your management bridge double check bridge settings / VLAN filtering (on if you are tagging) and also your PVID on the bridge (if 1 then it's default) and your ports should also be untagged as 1.
if you are getting DHCP on your router ports the issue is most likely the config of your switch.
do you have second cable between management bridge and the switch? if you don't then thats the problem.
another way of doing your setup is 1 bridge with ports 2,3,4,7,8,9 (management LAN is on the bridge (PVID 1), VLANs are in the same bridge with DHCP, etc.
Switch: the port where you are connecting Mgmt bridge should be trunk (same as your VLAN Bridge) and the rest of your ports 21-48 should untagged with 1 or the same PVID as Mgmt bridge or VLAN tag if you are using VLANs.
I hope this helps.
Re: Help with VLAN issue
On the Mikrotik, the "MGMT (V)LAN" is not present at the bridge to which you have connected the external switch via "one of the ports belonging to the VLAN bridge". So there is no way how packets from that "MGMT" bridge could get to the 48-port switch and vice versa.
So you need a single bridge on the Mikrotik, where MGMT subnet will be tagless and the two VLANs tagged. E.g. you can keep the "MGMT" bridge, and attach to it the "/interface vlan" currently attached to the other bridge, as well as the physical ports attached to that other bridge.
So you need a single bridge on the Mikrotik, where MGMT subnet will be tagless and the two VLANs tagged. E.g. you can keep the "MGMT" bridge, and attach to it the "/interface vlan" currently attached to the other bridge, as well as the physical ports attached to that other bridge.
-
-
innocentdevil
newbie
- Posts: 31
- Joined:
Re: Help with VLAN issue
thanks for the input guys.
@Sindy
Am I correct in understanding your solution as below:
Create a Bridge lets say AllLANs and add may be 4 ports to it.
I then allow VLANs to that bridge.
On the switch(es) side, I have a TAG port for VLANs traffic and then a TAGLESS port for LAN traffic
1 x cable each into port each on AllLANS bridge for VLANs Traffic
1 x cable each in port each on AllLANs bridge for taglless traffic (to manage those switches for Mgmt LAN which is a LAN instead of a vLan)
@Sindy
Am I correct in understanding your solution as below:
Create a Bridge lets say AllLANs and add may be 4 ports to it.
I then allow VLANs to that bridge.
On the switch(es) side, I have a TAG port for VLANs traffic and then a TAGLESS port for LAN traffic
1 x cable each into port each on AllLANS bridge for VLANs Traffic
1 x cable each in port each on AllLANs bridge for taglless traffic (to manage those switches for Mgmt LAN which is a LAN instead of a vLan)
Re: Help with VLAN issue
Not exactly. I'm afraid that your switches do not support individual topology learning so two cables may cause issues, and that that is the reason why the frames of the mgmt LAN between the Mikrotik and the switch did not run through the second cable (port 50 on the switch). That was the reason why I've suggested how to get the two tagged VLANs and the tagless MGMT lan to a single bridge so that you could use a single cable to connect each switch.Am I correct in understanding your solution as below:
Create a Bridge lets say AllLANs and add may be 4 ports to it.
I then allow VLANs to that bridge.
On the switch(es) side, I have a TAG port for VLANs traffic and then a TAGLESS port for LAN traffic
1 x cable each into port each on AllLANS bridge for VLANs Traffic
1 x cable each in port each on AllLANs bridge for taglless traffic (to manage those switches for Mgmt LAN which is a LAN instead of a vLan)
On the other hand, I've missed your remark that although only ports 2,3,4 are members of the MGMT bridge, the subnet 192.168.155.0/24 which lives on that MGMT bridge is accessible also from the other ports of the router (7,8,9) which are member ports of another bridge. I cannot imagine how this could work.
So maybe the best would be if you place here the output of "/export hide-sensitive" as it looks now.