MikroTik

Hello. My ISP provides IPTV on a separate VLAN (20). In order to watch TV without problems the provided IPTV Box must be connected directly to this VLAN (get IP address directly from the ISP's). My current RB5009 is connected using GPON SFP module to ISP. On VLAN 30 it has access Internet and gets my static IP, and on VLAN 20 is TV service. If I connect IPTV Box to the Internet on VLAN 30 (through the bridge where there are other devices and DHCP-server) and setup IGMP proxy I can watch only not encrypted channels on it. If I create a separate bridge where there are only VLAN 20 interface and TV Box, it gets IP address (along with DNS and other things) from VLAN, however I cannot watch any channel, only black picture. I think the issue is with IGMP Proxy configuration. How can I configure it to work. My config (without separate bridge and vlan interface for TV, with this config I can watch only non-encrypted channels) is attached. If needed, I can try to get config information from the ISP's ONU Terminal (ZTE F670), which was used before I replaced it with Mikrotik.

You can try to connect it directly with ISP using bridge VLAN filtering. Then router wouldn't interfere in any way, it would be only as transparent switch, and there would be no need for IGMP proxy. Changes from your config would be something like following (with IPTV Box connected to ether5):
It's from top of my head, so don't try to apply it blindly without understanding it first.

You can try to connect it directly with ISP using bridge VLAN filtering. Then router wouldn't interfere in any way, it would be only as transparent switch, and there would be no need for IGMP proxy. Changes from your config would be something like following (with IPTV Box connected to ether5):

Code: Select all

/interface bridge
add name=Main vlan-filtering=yes
/interface bridge port
add bridge=Main interface=sfp-sfpplus1 pvid=99
add bridge=Main interface=ether5 pvid=20
/interface bridge vlan
add bridge=Main tagged=Main,sfp-sfpplus1 vlan-ids=30
add bridge=Main tagged=sfp-sfpplus1 untagged=ether5 vlan-ids=20
add bridge=Main tagged=Main untagged=sfp-sfpplus1 vlan-ids=99
/interface vlan
add interface=Main name=Internet vlan-id=30
add interface=Main name=GPON vlan-id=99
/ip address
add address=192.168.2.2/24 interface=GPON

It's from top of my head, so don't try to apply it blindly without understanding it first.

This config does not suit me. I have thought about another choice in which I create two different bridges:
- First for my devices that need access to Internet, they get local IP address from DHCP Server assigned to this bridge.
- Second for TV Box, it also gets IP address, but from another DHCP Server that is assigned to this bridge.
I also create VLAN20 and VLAN30 interfaces and run DHCP Client on both of them. Then I have to make outgoing traffic from first bridge to pass through vlan30 interface and the outgoing traffic from second bridge to pass through vlan20. Src-nat on first and masquerade on second are applied. However I don't know how to set it up, because if I try doing it like I wrote, the internet stops working. Is there a way to set it up?

This config does not suit me.

What in particular doesn't suite you in this config? The way you explained your situation with your ISP indicates that IPTV service might be provided via IP multicasts ... and in this case introducing L2-nontransparent config (i.e. anything but single bridge) means you need multicast routing. Which MT doesn't really do.

This config does not suit me.

What in particular doesn't suite you in this config?

I didn't understand the part with vlan 99. Why is it created? I should have explained that SFP module works only in bridge mode and its settings (it must be set up, because the provider uses PLOAM password authentication) can only be accessed on 192.168.2.1 (this is the local address of SFP module itself, it can be set up with telnet or web interface). I decided to set an IP address 192.168.2.2 for RB5009 on sfp port and created routes with src-nat rule, so that I can access SFP module settings via telnet in Winbox or with browser on a PC.

Vlan 99 is for your 192.168.2.0/24 network that was previously on sfp-sfpplus1. With the posted config it's there too, but since sfp-sfpplus1 is now also part of the big bridge, it needs to be separated from other untagged ports used as LAN. And 99 is random unused vlan number, but it's just internal thing, there are no tagged packets with vlan 99.

If you don't like that config, you can try something like:
Then look what address and gateway this dhcp client gets and add:
If it works, this part can be scripted, to automatically use values from dhcp, but there's no point wasting time on that now, if it may not work anyway.

But if either IPTV Box or something on ISP's side is picky, you want connection between them as transparent as possible, i.e. not this second config.

But if either IPTV Box or something on ISP's side is picky, you want connection between them as transparent as possible, i.e. not this second config.

I will try out your first config today. Also, after some experiments I found out, that I can watch any channel on TV Box without using VLAN 20. I connect it to the router like other devices, so VLAN20 is not even used. However, I can watch channels only for 10-15 minutes, after that I can only see black picture on any channel and I have to reboot the TV Box. Then I can watch any channel again, but only for 10-15 minutes. With the ISP provided router I can watch all channels on any of 4 Ethernet ports, but on port 4 TV Box gets IP directly from VLAN20 and on other 3 ports (which are used to connect devices that use normal Internet) it gets local IP from router and works without a problem.

But if either IPTV Box or something on ISP's side is picky, you want connection between them as transparent as possible, i.e. not this second config.

I will try out your first config today. Also, after some experiments I found out, that I can watch any channel on TV Box without using VLAN 20. I connect it to the router like other devices, so VLAN20 is not even used. However, I can watch channels only for 10-15 minutes, after that I can only see black picture on any channel and I have to reboot the TV Box. Then I can watch any channel again, but only for 10-15 minutes. With the ISP provided router I can watch all channels on any of 4 Ethernet ports, but on port 4 (that I assume is in bridge mode with VLAN20) TV Box gets IP directly from VLAN20 and on other 3 ports (which are used to connect devices that use normal Internet) it gets local IP from router and works without a problem. The ISP's router doesn't have DHCP Client on VLAN20, only VLAN30.

You can try to connect it directly with ISP using bridge VLAN filtering. Then router wouldn't interfere in any way, it would be only as transparent switch, and there would be no need for IGMP proxy. Changes from your config would be something like following (with IPTV Box connected to ether5):

Code: Select all

/interface bridge
add name=Main vlan-filtering=yes
/interface bridge port
add bridge=Main interface=sfp-sfpplus1 pvid=99
add bridge=Main interface=ether5 pvid=20
/interface bridge vlan
add bridge=Main tagged=Main,sfp-sfpplus1 vlan-ids=30
add bridge=Main tagged=sfp-sfpplus1 untagged=ether5 vlan-ids=20
add bridge=Main tagged=Main untagged=sfp-sfpplus1 vlan-ids=99
/interface vlan
add interface=Main name=Internet vlan-id=30
add interface=Main name=GPON vlan-id=99
/ip address
add address=192.168.2.2/24 interface=GPON

It's from top of my head, so don't try to apply it blindly without understanding it first.

Tried out that config. However there were some issues. First of all, as I found out ISP provides Internet two ways at the same time: untagged and tagged as VLAN 30. Secondly, with this config I couldn't make my router get IP from ISP using DHCP Client.
I also tried making a separate bridge (DHCP Snooping disabled) with VLAN20 interface and Ethernet interface to which IPTV Box is connected with IGMP Proxy configured (it looks like it is the same way ISP provided router is configured). In this case some channels work but after 10-15 minutes the picture on these channels freezes and the sound stops playing. I have to reboot IPTV Box and then I get channels working for 10-15 minutes again, but the channels that work are different each time. Maybe it is some problem with IGMP Snooping configuration?

It wasn't complete config, it just showed changes from yours, so you'd still need to keep your original "Internet" VLAN interface for example. Unfortunately, I can't help you with IGMP snooping, I know what it's supposed to do, but that's about it. But I'd rather avoid that completely and go with as transparent config as possible, i.e. the kind I suggested. You can read more about configuring bridge/switch this way in this popular thread:

Using RouterOS to VLAN your network

It wasn't complete config, it just showed changes from yours, so you'd still need to keep your original "Internet" VLAN interface for example.

Using RouterOS to VLAN your network

That is not the problem. I made changes to my config according with what you wrote. However, there I met an issue:
Multicast packets are untagged. VLAN 20 is a special network for IPTV Box, but it doesn't provide multicast. That network is only used to update playlist and firmware on IPTV Box and access some ISP Services. Your config makes all untagged packets that come in SFP interface tagged with VLAN 99 so I cannot get any image on IPTV Box, because it needs untagged packets.

So IPTV Box needs to see both untagged traffic and tagged vlan 20? If that's the case, it can be done:

can multiple devices use the IPTV service from your ISP? or only 1 device can use using this setup?

Normally multiple devices can use multicast IPTV service at same time. One needs to configure further ports in the same manner as for the first set-top box (ether5 in config example by @Sob) and connect other set-top boxes to those ports.