Two VLANs between routers not working as expected
Posted: Tue Jan 19, 2021 11:04 am
Hello.
I'm afraid I've run out of ideas on this issue.
We have two wireless links between two towers, one 60GHz and a 5 GHz failover. I've setup two VLANS on the routers on either side with their own subnets, and we are running CRS switches powering the devices on both sides.
I have VLAN filtering on the switches, and everything works as expected with one link up, but when the second link connects, I have no connectivity between the backup VLANs(not even L2 access). I can disconnect the primary, and then the backup has connectivity, but not before.
Below are the config for both routers and switches.
Router 1, VLAN 104 and 703 are going to the second router.
Router 2
Switch 1, ether 6 and 5 go to the second tower via wireless.
Switch 2, ether 1 and 6 go to the first tower via wireless
Any help or ideas would be highly appreciated!
I'm afraid I've run out of ideas on this issue.
We have two wireless links between two towers, one 60GHz and a 5 GHz failover. I've setup two VLANS on the routers on either side with their own subnets, and we are running CRS switches powering the devices on both sides.
I have VLAN filtering on the switches, and everything works as expected with one link up, but when the second link connects, I have no connectivity between the backup VLANs(not even L2 access). I can disconnect the primary, and then the backup has connectivity, but not before.
Below are the config for both routers and switches.
Router 1, VLAN 104 and 703 are going to the second router.
Code: Select all
/interface bridge
add name=lo0
/interface ethernet
set [ find default-name=ether2 ] l2mtu=1888 mtu=1800 name=ether2_uplink
/interface vlan
add interface=ether2_uplink mtu=1700 name=vlan10_customers vlan-id=10
add interface=ether2_uplink mtu=1700 name=vlan104_link_aer_03_ind_01_b \
vlan-id=104
add interface=ether2_uplink mtu=1700 name=vlan107_management vlan-id=107
add interface=ether2_uplink mtu=1700 name=vlan117_link_aer_03_aer_01 vlan-id=\
117
add interface=ether2_uplink mtu=1700 name=vlan702_link_aer_03_aer_02 vlan-id=\
702
add interface=ether2_uplink mtu=1700 name=vlan703_link_aer_03_ind_01_main \
vlan-id=703
add interface=ether2_uplink mtu=1700 name=vlan704_link_aer_03_min_01 vlan-id=\
704
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
set 3 default-vlan-id=0
set 4 default-vlan-id=0
set 5 default-vlan-id=0
set 6 default-vlan-id=0
set 7 default-vlan-id=0
set 8 default-vlan-id=0
set 9 default-vlan-id=0
set 10 default-vlan-id=0
set 11 default-vlan-id=0
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=10.11.17.2-10.11.17.254
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=vlan10_customers name=dhcp1
/ppp profile
add dns-server=10.10.0.1,8.8.8.8 local-address=172.17.0.7 name=profile1
/routing ospf area
add area-id=0.0.0.17 name=area17
/routing ospf instance
set [ find default=yes ] redistribute-connected=as-type-1 router-id=10.10.0.7
/interface pppoe-server server
add disabled=no interface=vlan10_customers one-session-per-host=yes \
service-name=service1
/ip address
add address=10.10.0.7 interface=lo0 network=10.10.0.7
add address=192.168.0.2/24 interface=ether8 network=192.168.0.0
add address=172.16.0.76/29 interface=vlan117_link_aer_03_aer_01 network=\
172.16.0.72
add address=10.10.17.1/24 interface=vlan107_management network=10.10.17.0
add address=172.16.0.33/29 interface=vlan104_link_aer_03_ind_01_b network=\
172.16.0.32
add address=169.254.1.5/24 interface=ether2_uplink network=169.254.1.0
add address=172.16.0.81/29 interface=vlan703_link_aer_03_ind_01_main network=\
172.16.0.80
add address=172.16.0.89/29 interface=vlan704_link_aer_03_min_01 network=\
172.16.0.88
add address=172.16.0.97/29 interface=vlan702_link_aer_03_aer_02 network=\
172.16.0.96
add address=10.11.17.1/24 interface=vlan10_customers network=10.11.17.0
/ip dhcp-server network
add address=10.11.17.0/24 gateway=10.11.17.1
/ip dns
set servers=10.10.0.1,8.8.8.8
/ip firewall nat
add action=dst-nat chain=dstnat dst-address=10.10.0.7 dst-port=2222 protocol=\
tcp to-addresses=169.254.1.1 to-ports=80
add action=src-nat chain=srcnat dst-address=169.254.1.1 to-addresses=\
169.254.1.5
/radius
add address=10.10.11.254 service=login src-address=10.10.0.7
add address=10.10.11.254 service=ppp,login src-address=10.10.0.7
/routing ospf area range
add area=area17 range=172.17.32.0/22
/routing ospf interface
add interface=vlan117_link_aer_03_aer_01 network-type=point-to-point use-bfd=\
yes
add cost=21 dead-interval=10s hello-interval=4s interface=\
vlan104_link_aer_03_ind_01_b network-type=point-to-point use-bfd=yes
add interface=vlan703_link_aer_03_ind_01_main network-type=point-to-point \
use-bfd=yes
add interface=vlan704_link_aer_03_min_01 network-type=point-to-point use-bfd=\
yes
add interface=vlan702_link_aer_03_aer_02 network-type=point-to-point use-bfd=\
yes
/routing ospf network
add area=backbone network=172.16.0.72/29
add area=backbone network=10.10.0.7/32
add area=area17 network=10.10.17.0/24
add area=backbone network=172.16.0.32/29
add area=backbone network=172.16.0.80/29
add area=backbone network=172.16.0.88/29
add area=backbone network=172.16.0.96/29
Code: Select all
/interface bridge
add mtu=3000 name=lo0
/interface ethernet
set [ find default-name=ether1 ] l2mtu=1888 mtu=1800 name=ether1_uplink
set [ find default-name=ether2 ] l2mtu=1888 mtu=1800
set [ find default-name=ether3 ] l2mtu=1888 mtu=1800
set [ find default-name=ether8 ] l2mtu=1888 mtu=1800
set [ find default-name=ether9 ] l2mtu=1888 mtu=1800
set [ find default-name=ether10 ] l2mtu=1888 mtu=1800
/interface vlan
add interface=ether1_uplink mtu=1700 name=vlan10_customers vlan-id=10
add interface=ether1_uplink mtu=1700 name=vlan103_management vlan-id=103
add interface=ether1_uplink mtu=1700 name=vlan104_link_aer02_bu vlan-id=104
add interface=ether1_uplink mtu=1700 name=vlan703_link_ind_aer_03 vlan-id=703
add interface=ether1_uplink mtu=1700 name=vlan_link_aer02_main vlan-id=105
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
set 3 default-vlan-id=0
set 4 default-vlan-id=0
set 5 default-vlan-id=0
set 6 default-vlan-id=0
set 7 default-vlan-id=0
set 8 default-vlan-id=0
set 9 default-vlan-id=0
set 10 default-vlan-id=0
set 11 default-vlan-id=0
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=10.11.13.2-10.11.13.254
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=vlan10_customers name=dhcp1
/ppp profile
add dns-server=10.10.0.1,8.8.8.8 local-address=172.17.0.3 name=profile_ind_01
/interface ovpn-client
add certificate=pc_mdb_ind_01.crt_0 cipher=aes192 connect-to=10.10.11.254 \
disabled=yes mac-address=02:C0:04:28:0D:93 name=ovpn-out1 profile=\
default-encryption user=splynx
/routing ospf area
add area-id=0.0.0.13 name=area13
/routing ospf instance
set [ find default=yes ] router-id=10.10.0.3
/snmp community
add addresses=10.10.0.3/32 name=pc write-access=yes
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
sword,web,sniff,sensitive,api,romon,dude,tikapp"
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface pppoe-server server
add default-profile=profile_ind_01 disabled=no interface=vlan10_customers \
one-session-per-host=yes service-name=service1
/ip address
add address=10.10.0.3 interface=lo0 network=10.10.0.3
add address=172.16.0.36/29 interface=vlan104_link_aer02_bu network=\
172.16.0.32
add address=10.10.13.1/24 interface=vlan103_management network=10.10.13.0
add address=192.168.0.2/24 interface=ether8 network=192.168.0.0
add address=172.16.0.20/29 interface=vlan_link_aer02_main network=172.16.0.16
add address=10.11.13.1/24 interface=vlan10_customers network=10.11.13.0
add address=169.245.1.2/24 disabled=yes interface=vlan10_customers network=\
169.245.1.0
add address=172.16.0.84/29 interface=vlan703_link_ind_aer_03 network=\
172.16.0.80
/ip dhcp-server network
add address=10.11.13.0/24 gateway=10.11.13.1
/ip dns
set servers=10.10.0.1,8.8.8.8
/ip firewall nat
add action=src-nat chain=srcnat src-address=192.168.0.0/24 to-addresses=\
10.10.0.3
add action=dst-nat chain=dstnat dst-address=10.10.0.3 dst-port=2222 protocol=\
tcp to-addresses=172.16.0.35 to-ports=80
add action=src-nat chain=srcnat dst-address=169.254.1.0/24 to-addresses=\
169.254.1.2
/ip route
add disabled=yes distance=1 gateway=172.16.0.33
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/mpls interface
set [ find default=yes ] mpls-mtu=1575
/mpls ldp
set loop-detect=yes lsr-id=10.10.0.3 transport-address=10.10.0.3
/mpls ldp interface
add disabled=yes hello-interval=3s hold-time=10s interface=\
vlan_link_aer02_main
add disabled=yes hello-interval=3s hold-time=10s interface=\
vlan104_link_aer02_bu
/ppp aaa
set interim-update=20s use-radius=yes
/radius
add address=10.10.11.254 disabled=yes service=login src-address=10.10.0.3
add address=10.10.11.254 service=ppp,login src-address=10.10.0.3
/radius incoming
set accept=yes
/routing ospf area range
add area=area13 range=172.17.12.0/22
/routing ospf interface
add cost=21 dead-interval=10s hello-interval=4s interface=\
vlan104_link_aer02_bu network-type=point-to-point use-bfd=yes
add cost=20 dead-interval=10s hello-interval=4s interface=\
vlan_link_aer02_main network-type=point-to-point
add interface=vlan703_link_ind_aer_03 network-type=point-to-point use-bfd=yes
/routing ospf network
add area=backbone network=172.16.0.32/29
add area=backbone network=172.16.0.16/29
add area=backbone network=10.10.0.3/32
add area=backbone network=10.10.13.0/24
add area=area13 network=172.17.12.0/22
add area=area13 network=197.234.151.192/27
add area=area13 network=172.17.0.0/17
add area=area13 network=10.11.13.0/24
add area=area13 network=197.234.151.224/27
add area=backbone network=172.16.0.80/29
Code: Select all
/interface bridge
add admin-mac=48:8F:5A:DC:A6:A3 auto-mac=no comment=defconf name=bridge
add name=bridge1
/interface ethernet
set [ find default-name=ether1 ] l2mtu=1888 mtu=1800 name=ether1_uplink
set [ find default-name=ether2 ] l2mtu=1888 mtu=1800 name=ether2_lnk_aer_01
set [ find default-name=ether3 ] l2mtu=1888 mtu=1800 name=ether3_lnk_min_01
set [ find default-name=ether4 ] l2mtu=1888 mtu=1800 name=ether4_lnk_aer_02
set [ find default-name=ether5 ] l2mtu=1888 mtu=1800 name=ether5_lnk_ind_01_b
set [ find default-name=ether6 ] l2mtu=1888 mtu=1800 name=ether6_lnk_ind_01
set [ find default-name=ether7 ] l2mtu=1888 mtu=1800 name=ether7_ap_nn
set [ find default-name=ether8 ] l2mtu=1888 mtu=1800
set [ find default-name=sfp9 ] l2mtu=1888 mtu=1800
set [ find default-name=sfp10 ] l2mtu=1888 mtu=1800
set [ find default-name=sfp11 ] l2mtu=1888 mtu=1800
set [ find default-name=sfp12 ] l2mtu=1888 mtu=1800
/interface vlan
add interface=bridge mtu=1700 name=vlan_107_mgmt vlan-id=107
/interface ethernet switch
set drop-if-invalid-or-src-port-not-member-of-vlan-on-ports="ether5_lnk_ind_01\
_b,ether2_lnk_aer_01,ether4_lnk_aer_02,ether3_lnk_min_01,ether7_ap_nn,ethe\
r6_lnk_ind_01"
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
sword,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=bridge comment=defconf interface=ether1_uplink
add bridge=bridge comment=defconf interface=ether2_lnk_aer_01
add bridge=bridge comment=defconf interface=ether3_lnk_min_01
add bridge=bridge comment=defconf interface=ether4_lnk_aer_02
add bridge=bridge comment=defconf interface=ether5_lnk_ind_01_b
add bridge=bridge comment=defconf interface=ether6_lnk_ind_01
add bridge=bridge comment=defconf interface=ether7_ap_nn
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=sfp9
add bridge=bridge comment=defconf interface=sfp10
add bridge=bridge comment=defconf interface=sfp11
add bridge=bridge comment=defconf interface=sfp12
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface ethernet switch egress-vlan-tag
add tagged-ports=ether1_uplink,ether2_lnk_aer_01 vlan-id=117
add tagged-ports=switch1-cpu,ether1_uplink,ether7_ap_nn vlan-id=107
add tagged-ports=ether1_uplink,ether5_lnk_ind_01_b vlan-id=104
add tagged-ports=ether1_uplink,ether6_lnk_ind_01 vlan-id=703
add tagged-ports=ether1_uplink,ether3_lnk_min_01 vlan-id=704
add tagged-ports=ether1_uplink,ether4_lnk_aer_02 vlan-id=702
/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=10 ports=ether7_ap_nn
/interface ethernet switch vlan
add ports=ether1_uplink,ether2_lnk_aer_01 vlan-id=117
add ports=switch1-cpu,ether1_uplink,ether7_ap_nn vlan-id=107
add ports=ether1_uplink,ether5_lnk_ind_01_b vlan-id=104
add ports=ether1_uplink,ether6_lnk_ind_01 vlan-id=703
add ports=ether1_uplink,ether3_lnk_min_01 vlan-id=704
add ports=ether1_uplink,ether4_lnk_aer_02 vlan-id=702
/ip address
add address=10.10.17.2/24 comment=defconf interface=vlan_107_mgmt network=\
10.10.17.0
/ip dns
set servers=10.10.0.1,8.8.8.8
/ip route
add distance=1 gateway=10.10.17.1
Code: Select all
/interface bridge
add admin-mac=CC:2D:E0:90:96:53 auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether1 ] l2mtu=1888 mtu=1800 name=\
ether1_lnk_aer_02_bu
set [ find default-name=ether2 ] l2mtu=1888 mtu=1800 name=ether2_switch_2
set [ find default-name=ether3 ] l2mtu=1888 mtu=1800 name=ether3_ap_ww \
poe-out=forced-on poe-voltage=high
set [ find default-name=ether4 ] l2mtu=1888 mtu=1800 name=ether4_ap_ne
set [ find default-name=ether5 ] l2mtu=1888 mtu=1800 name=ether5_ptp_amandla
set [ find default-name=ether6 ] l2mtu=1888 mtu=1800 name=\
ether6_lnk_aer_03_ma
set [ find default-name=ether7 ] l2mtu=1888 mtu=1800 name=ether7_ap_ws \
poe-out=forced-on
set [ find default-name=ether8 ] l2mtu=1888 mtu=1800 name=ether8_uplink
set [ find default-name=sfp9 ] l2mtu=1888 mtu=1800
set [ find default-name=sfp10 ] l2mtu=1888 mtu=1800
set [ find default-name=sfp11 ] l2mtu=1888 mtu=1800
set [ find default-name=sfp12 ] l2mtu=1888 mtu=1800
/interface vlan
add interface=bridge mtu=1700 name=mgmt vlan-id=103
/interface ethernet switch
set drop-if-invalid-or-src-port-not-member-of-vlan-on-ports="ether1_lnk_aer_02\
_bu,ether2_switch_2,ether3_ap_ww,ether4_ap_ne,ether5_ptp_amandla,ether7_ap\
_ws,ether6_lnk_aer_03_ma"
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/interface bridge port
add bridge=bridge comment=defconf interface=ether1_lnk_aer_02_bu pvid=104
add bridge=bridge comment=defconf interface=ether2_switch_2 pvid=100
add bridge=bridge comment=defconf interface=ether3_ap_ww pvid=100
add bridge=bridge comment=defconf interface=ether4_ap_ne pvid=100
add bridge=bridge comment=defconf interface=ether5_ptp_amandla pvid=100
add bridge=bridge comment=defconf interface=ether7_ap_ws pvid=100
add bridge=bridge comment=defconf interface=ether8_uplink
add bridge=bridge comment=defconf interface=sfp9
add bridge=bridge comment=defconf interface=sfp10
add bridge=bridge comment=defconf interface=sfp11
add bridge=bridge comment=defconf interface=sfp12
add bridge=bridge comment=defconf interface=ether6_lnk_aer_03_ma pvid=105
/interface ethernet switch egress-vlan-tag
add tagged-ports="switch1-cpu,ether2_switch_2,ether3_ap_ww,ether4_ap_ne,ether5\
_ptp_amandla,ether7_ap_ws,ether8_uplink" vlan-id=103
add tagged-ports=ether1_lnk_aer_02_bu,ether8_uplink vlan-id=104
add tagged-ports=ether2_switch_2,ether8_uplink vlan-id=10
add tagged-ports=ether6_lnk_aer_03_ma,ether8_uplink vlan-id=703
/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=10 ports=ether5_ptp_amandla
add customer-vid=0 new-customer-vid=10 ports=ether3_ap_ww
add customer-vid=0 new-customer-vid=10 ports=ether4_ap_ne
add customer-vid=0 new-customer-vid=10 ports=ether7_ap_ws
/interface ethernet switch vlan
add ports="switch1-cpu,ether2_switch_2,ether3_ap_ww,ether4_ap_ne,ether5_ptp_am\
andla,ether7_ap_ws,ether8_uplink" vlan-id=103
add ports=ether1_lnk_aer_02_bu,ether8_uplink vlan-id=104
add ports="ether2_switch_2,ether3_ap_ww,ether4_ap_ne,ether5_ptp_amandla,ether7\
_ap_ws,ether8_uplink" vlan-id=10
add ports=ether6_lnk_aer_03_ma,ether8_uplink vlan-id=703
/ip address
add address=10.10.13.2/24 interface=mgmt network=10.10.13.0
/ip route
add distance=1 gateway=10.10.13.1