Community discussions

MikroTik App
 
lieuze
just joined
Topic Author
Posts: 1
Joined: Tue Mar 10, 2020 1:45 pm

VLAN on CRS326

Tue Mar 10, 2020 2:00 pm

Hi guys,

I'm fairly new to MikroTik ans I'm struggling with some topics. So I have a brand new CRS326-24S+2Q+ and I want to configure VLAN on it. The default gateway is a router with an IP of 10.0.250.1 in VLAN 250, connected to port sfp-sfpplus24. Pretty basic.

Here is an extract of my config :

/interface bridge
add admin-mac=74:4D:28:FE:8C:05 auto-mac=no comment=defconf name=bridge protocol-mode=none vlan-filtering=yes

/interface vlan
add interface=bridge name=ADMIN-250 vlan-id=250

/interface bridge port
add bridge=bridge interface=sfp-sfpplus24 pvid=999

/interface bridge vlan
add bridge=bridge tagged=sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4,sfp-sfpplus5,sfp-sfpplus6,sfp-sfpplus24 untagged=\
sfp-sfpplus7,sfp-sfpplus8,sfp-sfpplus9,sfp-sfpplus10,sfp-sfpplus11,sfp-sfpplus12,sfp-sfpplus13,sfp-sfpplus14,sfp-sfpplus15 vlan-ids=250
add bridge=bridge untagged=sfp-sfpplus24 vlan-ids=999

/ip address
add address=10.0.250.30/24 interface=ADMIN-250 network=10.0.250.0

Pretty basic. As soon as I enable the vlan-filtering feature, the switch refuse to ping 10.0.250.1 (alternating timeout and unreachable). It does not even learn the mac address. Apart from that, the config works : my devices can reach their default gateway through the port sfp-sfpplus24 (which send tagged frames). I perform a packet capture and both the ARP request and response are correctly tagged in the VLAN 250. I try to add a static ARP entry for my router, same thing.

Any idea ?

Thanks a lot,

François
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 12979
Joined: Thu Mar 03, 2016 10:23 pm

Re: VLAN on CRS326

Tue Mar 10, 2020 2:30 pm

Until you enable vlan-filtering on bridge, switch doesn't care about VLAN tags, doesn't tag frames on ingress (for the untagged ports) and doesn't strip them on egress. Which means you can connect your (untagged) management station to any port and it'll work.

After you enable vlan-filtering, switch will start to behave according to vlan config. Which means you have to connect untagged management station to one of untagged ports (sfp-sfpplus 7-15).
BTW, the posted config is either not complete or wrong: you have to add all sfp-sfpplus ports to bridge and set pvid=250 on all ports that are configured as untagged (7-15), otherwise it won't tag untagged frames on ingress (doesn't know which VID to use).
Additionally: bridge interface has to be configured as tagged member of VLAN 250 on bridge like-a-switch, otherwise the VLAN interface doesn't see any frames for said VLAN.

The post is full of guessing ... but one can't do much better as you decided to post only a part of config ... an obviously uneducated decission - you don't know what's wrong with your config and yet you decided which part of non-working setup is wrong??
 
planetcoop
Member Candidate
Member Candidate
Posts: 140
Joined: Thu May 15, 2014 2:32 pm
Location: Sacramento, CA

Re: VLAN on CRS326

Thu Mar 12, 2020 1:00 am

here is my vlan config that may help:

viewtopic.php?f=2&t=158289&p=779546#p779546

Who is online

Users browsing this forum: gkoleff, gnolnos, johnson73, robertkjonesjr, smirgo and 31 guests