Code:
/interface bridge vlanadd bridge=bridge tagged=bridge,sfp1,vxlan1,ether2 vlan-ids=1401add bridge=bridge tagged=bridge,sfp1,vxlan1,ether2 vlan-ids=1404add bridge=bridge tagged=bridge,sfp1,vxlan1,ether2 vlan-ids=1500Code:
/interface bridge vlanadd bridge=bridge tagged=sfp1,vxlan1,ether2 vlan-ids=1401add bridge=bridge tagged=sfp1,vxlan1,ether2 vlan-ids=1404add bridge=bridge tagged=sfp1,vxlan1,ether2 vlan-ids=1500I recommend skipping this, too. It is not needed as you are not creating a routed VLAN interface (~SVI) with an IP address added to it.
Code:
/interface vlanadd comment="VLAN MGMT-SWITCHES" interface=bridge name=vlan1401 vlan-id=1401add comment="VLAN MGMT-WLAN" interface=bridge name=vlan1404 vlan-id=1404add comment="VLAN GUESTWL" interface=bridge name=vlan1500 vlan-id=1500Have you considered enabling VLAN-filtering for the bridge?
**************
Have you considered only permitting VLAN tagged frames on the VXLAN1 port? - Thereby discarding any untagged frames that might arrive via the tunnel interface (the default is permit both tagged and untagged frames)
Code:
/interface bridge portset [find interface=vxlan1] frame-types=admit-only-vlan-taggedThought: Does MT ROS (as of 7.13) even support tagged VLAN frames inside a VXLAN tunnel?
The VNI is usually mapped 1:1 to a VLAN tag.
The documentation does not mention anything concerning encapsulating VLAN tagged frames inside a VXLAN tunnel.
Which sets my expectation only the "usual" 1:1 mapping between a VNI and VLAN tag is currently supported.
With a range of 2^0 (1) to 2^24 (16777216) VNI's supported. We are not short on available VNI's to use.
Code:
/interface vxlanadd comment="VxLAN-Tunnel R1 <-> R2" local-address=192.168.7.30 name=vxlan1 port=8472 vni=10 vrf=main vteps-ip-version=ipv4add comment="VxLAN-Tunnel R1 <-> R2" local-address=192.168.7.30 name=vxlan2 port=8472 vni=11 vrf=main vteps-ip-version=ipv4add comment="VxLAN-Tunnel R1 <-> R2" local-address=192.168.7.30 name=vxlan3 port=8472 vni=12 vrf=main vteps-ip-version=ipv4Code:
/interface vxlan vtepsadd interface=vxlan1 remote-ip=172.16.1.2add interface=vxlan2 remote-ip=172.16.1.2add interface=vxlan3 remote-ip=172.16.1.2Code:
/interface bridge portadd bridge=bridge interface=vxlan1 frame-types=admit-only-untagged-and-priority-tagged pvid=1401add bridge=bridge interface=vxlan2 frame-types=admit-only-untagged-and-priority-tagged pvid=1404add bridge=bridge interface=vxlan3 frame-types=admit-only-untagged-and-priority-tagged pvid=1500Code:
/interface bridge vlanadd bridge=bridge tagged=sfp1,ether2 untagged=vxlan1 vlan-ids=1401add bridge=bridge tagged=sfp1,ether2 untagged=vxlan2 vlan-ids=1404add bridge=bridge tagged=sfp1,ether2 untagged=vxlan3 vlan-ids=1500You have not considered looking into e.g. using ZeroTier for the L2 site-2-site tunnel (instead of VXLAN)?
Statistics: Posted by netravnen — Thu Dec 28, 2023 3:42 pm