Page 1 of 1

CRS switch egress-vlan-tag command

Posted: Fri Dec 12, 2014 7:54 pm
by tirkitneth
Hello,

what is the use of this command ? It seems that adding or removing it has no effect on the packets flow in my CRS125-24G-1S (test setup), RouterOS 6.20 .

Here is the scenario (mimic of real production environment):
  • ports 1 and 2 are connected to our core router, with our well defined internal VLAN IDs:
    • Customer X uses VLAN ID 1 untagged
    • Customer Y uses VLAN ID 2 tagged
    • Customer Z uses VLAN ID 3 tagged
  • port 7 is connected to a server of customer X, vlan id 1 untagged
  • port 8 is connected to a server of customer Y, vlan id 2 untagged
  • port 9 is connected to a server of customer Z, vlan id 3 untagged
  • port 3 is connected to provider A which collects ethernet links at customers X, Y and Z offices. Unfortunately, provider A does not use the same VLAN IDs as we do. No QinQ visible, on this link the vlan ids are:
    • Customer X VID = 101
    • Customer Y VID = 102
    • Customer Z VID = 103
Here is the full config of this CRS:
/interface ethernet
set [ find default-name=ether2 ] master-port=ether1
set [ find default-name=ether3 ] master-port=ether1
set [ find default-name=ether7 ] master-port=ether1
set [ find default-name=ether8 ] master-port=ether1
set [ find default-name=ether9 ] master-port=ether1

/interface ethernet switch
set drop-if-invalid-or-src-port-not-member-of-vlan-on-ports=ether1,ether2,ether3,ether7,ether8,ether9 forward-unknown-vlan=no

/interface ethernet switch trunk
add member-ports=ether1,ether2 name=trunk-router

/interface ethernet switch egress-vlan-translation
add customer-vid=1 new-customer-vid=101 ports=ether3
add customer-vid=2 new-customer-vid=102 ports=ether3
add customer-vid=3 new-customer-vid=103 ports=ether3

/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=1 ports=ether7 sa-learning=yes
add customer-vid=0 new-customer-vid=2 ports=ether8 sa-learning=yes
add customer-vid=0 new-customer-vid=3 ports=ether9 sa-learning=yes
add customer-vid=0 new-customer-vid=1 ports=trunk-router sa-learning=yes
add customer-vid=101 new-customer-vid=1 ports=ether3 sa-learning=yes
add customer-vid=102 new-customer-vid=2 ports=ether3 sa-learning=yes
add customer-vid=103 new-customer-vid=3 ports=ether3 sa-learning=yes

/interface ethernet switch vlan
add ports=trunk-router,ether3,ether7 vlan-id=1
add ports=trunk-router,ether3,ether8 vlan-id=2
add ports=trunk-router,ether3,ether9 vlan-id=3
It just does packet switching and VLAN translation, nothing else. It does not even require an IP address.

With the config mentionned above, it works.

If I understand correctly the wiki page (http://wiki.mikrotik.com/wiki/Manual:CR ... Based_VLAN), I should add the following commands:
/interface ethernet switch egress-vlan-tag
add tagged-ports=trunk-internal vlan-id=2
add tagged-ports=trunk-internal vlan-id=3
add tagged-ports=ether3 vlan-id=101
add tagged-ports=ether3 vlan-id=102
add tagged-ports=ether3 vlan-id=103
But it works without those commands. I see packets from the correct hosts on the correct ports with the correct vlan ids, and I don't see any incorrect association.

Can someone explain this black magic ?
I don't want to put something I don't understand in production if possible ;-)