Community discussions

MikroTik App
 
Megaboriss
just joined
Topic Author
Posts: 8
Joined: Mon Sep 03, 2018 6:31 pm

Ethernet Port with tagged and native Vlan

Mon Sep 03, 2018 9:16 pm

I have 3 VLANs, for example Vlan10 (IP 10.10.10.1/24), Vlan20 (IP 10.20.20.1/24), Vlan30 (10.30.30.1/24).
What I want to achieve is that I would like to have:
Ether1 with Vlan 10 in access mode
Ether2 with Vlan 20 in access mode
Ether3 with Vlan 30 in access mode
Ether4 with tagged Vlan 10, tagged Vlan20 and tagged Vlan30
Ether4 with tagged Vlan20, tagged Vlan30 and Vlan10 as native vlan(without tag).

My device is CRS326-24G-2S+RM with SW 6.42.6

If I associate IP address with Vlan interface I can't get it working on interfaces in access mode.
If I associate IP address with Bridge interface, and connect PC to Ethernet interface I can ping with tag and without tag, looks like Vlan tagging is not working.
Any help would be appreciated.
 
User avatar
Anumrak
Forum Guru
Forum Guru
Posts: 1174
Joined: Fri Jul 28, 2017 2:53 pm

Re: Ethernet Port with tagged and native Vlan

Tue Sep 04, 2018 1:55 pm

 
gurnec
just joined
Posts: 6
Joined: Wed Jul 14, 2010 9:42 pm

Re: Ethernet Port with tagged and native Vlan

Wed Sep 05, 2018 12:37 am

That's the legacy way of doing it. For a CRS3xx, you'll want this example and the section which follows it. The advantage of using Bridge VLAN Filtering vs. the legacy way is that you'll maintain hardware-offloaded switching for intra-VLAN traffic on a CRS3xx (routed traffic still goes through the CPU).
 
User avatar
Anumrak
Forum Guru
Forum Guru
Posts: 1174
Joined: Fri Jul 28, 2017 2:53 pm

Re: Ethernet Port with tagged and native Vlan

Wed Sep 05, 2018 11:52 am

That's the legacy way of doing it. For a CRS3xx, you'll want this example and the section which follows it. The advantage of using Bridge VLAN Filtering vs. the legacy way is that you'll maintain hardware-offloaded switching for intra-VLAN traffic on a CRS3xx (routed traffic still goes through the CPU).
In my example, I got bridge influence. Wouldn't that work?
 
gurnec
just joined
Posts: 6
Joined: Wed Jul 14, 2010 9:42 pm

Re: Ethernet Port with tagged and native Vlan

Thu Sep 06, 2018 3:47 am

In my example, I got bridge influence. Wouldn't that work?
I admit I can't be 100% sure since I haven't tested it, but I'm fairly certain that any traffic which goes through a vlan interface goes through the CPU. In OP's example, that would exclude vlan10 traffic that is untagged between ether1 and ether5 (I assume OP meant ether5) but everything else would go through a vlan interface at some point.

If you want "real" (no-CPU) vlan switching assuming it's present on your hardware, traditionally you had to go through the switch menu which is a pain, and (before the CRS) sometimes does unexpected things and sometimes can't handle certain edge cases. It wasn't until 6.41 (I believe) and the CRS3xx series that we got real vlan switching combined with a sane way to configure it, what MikroTik calls Bridge VLAN Filtering (and is only offloaded to the switch chip on a CRS3xx).
Last edited by gurnec on Thu Sep 06, 2018 8:12 pm, edited 2 times in total.
 
User avatar
Anumrak
Forum Guru
Forum Guru
Posts: 1174
Joined: Fri Jul 28, 2017 2:53 pm

Re: Ethernet Port with tagged and native Vlan

Thu Sep 06, 2018 1:49 pm

By using a bridge interface I got HW-Offload via ethernet interfaces, so I believe it's works.
 
gurnec
just joined
Posts: 6
Joined: Wed Jul 14, 2010 9:42 pm

Re: Ethernet Port with tagged and native Vlan

Thu Sep 06, 2018 8:16 pm

By using a bridge interface I got HW-Offload via ethernet interfaces, so I believe it's works.
But only on the eth interfaces, the vlan interfaces are not tagged HW-Offload, correct? Like I said, switching directly between two eth interfaces can be done by the switch chip, but any time traffic goes through a vlan interface, it goes through the CPU.

Give it a try yourself, e.g. doing a btest through a router with the config below on the untagged vlan shouldn't generate any CPU usage, but the same test through vlan100 will spike the CPU (unless I'm wrong, but I don't think I am...).
/interface vlan
add interface=ether1 name=ether1-vlan100 vlan-id=100
add interface=ether2 name=ether2-vlan100 vlan-id=100
/interface bridge
add name=bridge-default protocol-mode=none
add name=bridge-vlan100 protocol-mode=none
/interface bridge port
add bridge=bridge-default interface=ether1
add bridge=bridge-default interface=ether2
add bridge=bridge-vlan100 interface=ether1
add bridge=bridge-vlan100 interface=ether2