MikroTik

Community discussions
https://forum.mikrotik.com/

Simple VLAN config doesn't work on a virtualized x86 routeros

https://forum.mikrotik.com/viewtopic.php?t=181828

Page 1 of 1

Simple VLAN config doesn't work on a virtualized x86 routeros

Posted: Sat Jan 01, 2022 10:29 pm
by stigger
I'm currently evaluating a virtualized x86 routeros and trying to set up a connection to my ISP, which requires a pppoe connection over a VLAN.

So, starting with the simplest configuration (ether1 is a real Intel I210 NIC connected via PCI-passthrough):
Code: Select all
# jan/01/2022 19:56:49 by RouterOS 7.2rc1
#
/interface vlan
add interface=ether1 name=vlan1 vlan-id=40
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/port
set 0 name=serial0
/ip cloud
set update-time=no

After that I'm doing
Code: Select all
/interface/pppoe-client/scan vlan1
and sniffing ether1 locally, as well as monitoring a mirrored port on the switch. In the local capture I see PADI requests sent over the VLAN, but no response. In the capture from the switch there's absolutely nothing.

OK, instead of a simple VLAN let's try a bridge VLAN filtering config:
Code: Select all
/interface bridge
add name=bridge1 pvid=40 vlan-filtering=yes
/interface bridge port
add bridge=bridge1 interface=ether1
/interface bridge vlan
add bridge=bridge1 tagged=ether1 vlan-ids=40
Code: Select all
/interface/pppoe-client/scan bridge1
works perfectly and shows responses, which are visible in the both captures as well.

Let's try a configuration with a tagged vlan on the bridge interface:
Code: Select all
/interface bridge
add name=bridge1 vlan-filtering=yes
/interface vlan
add interface=bridge1 name=vlan2 vlan-id=40
/interface bridge port
add bridge=bridge1 interface=ether1
/interface bridge vlan
add bridge=bridge1 tagged=ether1,bridge1 vlan-ids=40
Trying
Code: Select all
/interface/pppoe-client/scan vlan2
, doesn't work, same as the first config: requests are visible in the local capture, but not visible on the switch.

So, why untagged bridge VLAN filtering works, but nothing else does? I need to set up multiple VLANs, so the working config with the untagged bridge is not an option.

Re: Simple VLAN config doesn't work on a virtualized x86 routeros

Posted: Sun Jan 16, 2022 3:41 pm
by emunt6
Hi!

This workaround maybe helps you,
Create a bridge interface and assign the vlan interface to it, use the bridge interface for the pppoe service.
( The bridge interface dont need any filtering, pvid, ... simple bridge ).

Example:
> bridge2
> member eth1.100

pppoe client interface=bridge2

Re: Simple VLAN config doesn't work on a virtualized x86 routeros

Posted: Sun Jan 16, 2022 4:11 pm
by sindy
So, why untagged bridge VLAN filtering works, but nothing else does? I need to set up multiple VLANs, so the working config with the untagged bridge is not an option.
It may be a matter of settings of the virtualisation platform, and these differ significantly between platforms. On Hyper-V, you need to permit use of individual VLANs on the interfaces of the virtual switches using Powershell (GUI is not sufficient) and also in RouterOS, vlan-filtering must be set to yes, but that's what you already do.

Re: Simple VLAN config doesn't work on a virtualized x86 routeros

Posted: Sun Jan 16, 2022 5:27 pm
by stigger
It may be a matter of settings of the virtualisation platform, and these differ significantly between platforms. On Hyper-V, you need to permit use of individual VLANs on the interfaces of the virtual switches using Powershell (GUI is not sufficient) and also in RouterOS, vlan-filtering must be set to yes, but that's what you already do.
No, it's something else. I use KVM and the ethernet adapter is attached to the VM as PCI-passthrough: routeros uses its own Intel driver and fully manages the device. Besides, pfsense works fine with the identical configuration.
All times are UTC+02:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/