Let me preface this by saying that I've been using Mikrotik products for quite a while now, but I don't consider myself proficient with them - I know enough to get my network working mostly correctly and securely. I also have never worked with VLANs before, so I figured it was about time to learn that stuff, but I can't get even the most basic trunk to work.
I have a CRS326 and hAP ac lite connected together on ether1 ports (trunk) and configured two VLANs on both of them - access ports on ether2 and ether3 for VLAN 10 and ether4 for VLAN 20. As basis for my configuration for the CRS I used the basic documentation and example from Mikrotik for the Bridge VLAN Filtering, and on the hAP I used the documentation and example for VLAN using the switch chip. I'm pasting those configs on the bottom.
Right now I'm only doing switching - no routing whatsoever. For testing purposes I have two laptops that I set up with static IPs and I'm pinging one laptop from the other one and vice versa. Everything works correctly if I connect both laptops to either the CRS or hAP - the laptops can ping each other. But if i connect one of the laptops to the CRS and the other one to hAP on the respective ports for the VLANs the ping does not appear to go through the trunk. Although on the CRS I can see the MACs for both laptops in /interface/bridge/hosts while on the hAP I can only see the MAC for the laptop that's connected to it in /interface/ethernet/switch/host.
Things I tried to fix the problem:
I've been at it for three days now and run out of ideas. From everything I gathered it should just work. What am I missing?
Here are the configs I used. Each of them them is applied after resetting the devices with "No default configuration" checked.
CRS326hAP ac lite
I have a CRS326 and hAP ac lite connected together on ether1 ports (trunk) and configured two VLANs on both of them - access ports on ether2 and ether3 for VLAN 10 and ether4 for VLAN 20. As basis for my configuration for the CRS I used the basic documentation and example from Mikrotik for the Bridge VLAN Filtering, and on the hAP I used the documentation and example for VLAN using the switch chip. I'm pasting those configs on the bottom.
Right now I'm only doing switching - no routing whatsoever. For testing purposes I have two laptops that I set up with static IPs and I'm pinging one laptop from the other one and vice versa. Everything works correctly if I connect both laptops to either the CRS or hAP - the laptops can ping each other. But if i connect one of the laptops to the CRS and the other one to hAP on the respective ports for the VLANs the ping does not appear to go through the trunk. Although on the CRS I can see the MACs for both laptops in /interface/bridge/hosts while on the hAP I can only see the MAC for the laptop that's connected to it in /interface/ethernet/switch/host.
Things I tried to fix the problem:
- I googled extensively and found configs for people with similar set up (trunk between switch chip/bridge filtering vlans) that seemed to work for them and I compared them to my config and found them to be mostly similar, so I think my config should be fine.
- I tried replacing hAP with another hAP device and also mAP (same switch chip as hAP) but it didn't make a difference
- I tried replacing the laptops with hAPs configured only with IPs on ether1 and then tried pinging from the hAPs with no effect
- I played a bit with the "smaller" settings like independent-learning=on/off, ingress-filtering=on/off, admit all/only tagged, etc.
- Most of the testing I done is on the RouterOS version 7.13.4, but I also tried downgrading both devices to 6.49.13 in case there was some undocumented bug in 7.x
- Replaced all the CAT6 patch cables I used. Long shot, I know, but I've seen stranger things happen
![:)]( "Smile")
I've been at it for three days now and run out of ideas. From everything I gathered it should just work. What am I missing?
Here are the configs I used. Each of them them is applied after resetting the devices with "No default configuration" checked.
CRS326
Code:
/system identityset name=MikroTik-CRS326/interface ethernetset ether1 name=ether1-trunkset ether2 name=ether2-v10set ether3 name=ether3-v10set ether4 name=ether4-v20/interface bridgeadd name=bridge1 vlan-filtering=no/interface bridge portadd bridge=bridge1 interface=ether1-trunk frame-types=admit-only-vlan-taggedadd bridge=bridge1 interface=ether2-v10 pvid=10 frame-types=admit-only-untagged-and-priority-taggedadd bridge=bridge1 interface=ether3-v10 pvid=10 frame-types=admit-only-untagged-and-priority-taggedadd bridge=bridge1 interface=ether4-v20 pvid=20 frame-types=admit-only-untagged-and-priority-tagged/interface bridge vlanadd bridge=bridge1 tagged=ether1-trunk vlan-ids=10add bridge=bridge1 tagged=ether1-trunk vlan-ids=20/interface bridge set bridge1 vlan-filtering=yes frame-types=admit-only-vlan-taggedCode:
/system identityset name=MikroTik-hAP-ac-lite/interface ethernetset ether1 name=ether1-trunkset ether2 name=ether2-v10set ether3 name=ether3-v10set ether4 name=ether4-v20/interface bridgeadd name=bridge1/interface bridge portadd bridge=bridge1 interface=ether1-trunk hw=yesadd bridge=bridge1 interface=ether2-v10 hw=yesadd bridge=bridge1 interface=ether3-v10 hw=yesadd bridge=bridge1 interface=ether4-v20 hw=yes/interface ethernet switch vlanadd ports=ether1-trunk,ether2-v10,ether3-v10 switch=switch1 vlan-id=10add ports=ether1-trunk,ether4-v20 switch=switch1 vlan-id=20/interface ethernet switch portset ether1-trunk vlan-mode=secure vlan-header=add-if-missingset ether2-v10 vlan-mode=secure vlan-header=always-strip default-vlan-id=10set ether3-v10 vlan-mode=secure vlan-header=always-strip default-vlan-id=10set ether4-v20 vlan-mode=secure vlan-header=always-strip default-vlan-id=20Statistics: Posted by lodel — Fri Feb 16, 2024 11:38 am