I would kindly ask for some help. My ISP provides me optic connection tagged with three VLANs: vlan 100 for internet (pppoe), 101 for voip, 1500 for iptv.
I want to configure that my MT is directly connected to the ONT (GPON) and that it:
1.) gets public ip internet connection with pppoe on vlan 100,
2.) while in the same time that Mikrotik switches vlans 101 and 1500 toward the custom ISPs router that is needed for my IPTV and VOIP phone and that is placed "behind" the Mikrotik. The GPON ONT has only one gigabit ethernet port so switching (or bridging) is needed if I want that Mikrotik is the first machine, and I really want that because it is doing its job perfectly for years. I have tried with RB433, RB951G-2HnD and hAP ac lite and all with same results:
I have managed to do either 1st either 2nd thing but can NOT get it to work together in the same time. I can successfully do this with bridge (yes, it is not switch but it does the job) but can not with switch and I really want switch in order to not waste CPU power on that forwarded traffic from ONT to my ISPs router.
my config is:
1.)
/interface vlan
add interface=ether1 name=vlan100 vlan-id=100
/interface pppoe-client
add add-default-route=yes disabled=no interface=vlan100 name=pppoe-out1 password=*** use-peer-dns=no user=***
2.)
/interface ethernet
set ether2 master-port=ether1
/interface ethernet switch vlan
add ports=ether1,ether2 switch=switch1 vlan-id=101
add ports=ether1,ether2 switch=switch1 vlan-id=1500
/interface ethernet switch port
set ether1 vlan-mode=secure vlan-header=add-if-missing
set ether2 vlan-mode=secure vlan-header=add-if-missing
The 2nd "swith" works perfectly but it does not allow the pppoe connection (1st thing) to be established, and if the switch is disabled the pppoe goes up and running perfectly.
I would really appreciate some help! I have read in the wiki and not figure it out what am I missing.
multiple VLANs one interface from ISP switch vs bridge
Last edited byweboron Sun Oct 01, 2017 10:50 am, edited 1 time in total.
Re: multiple VLANs one interface from ISP switch vs bridge
It might help if you told people what was connected to which router ports.
Kind of a fundamental detail...
Kind of a fundamental detail...
Re: multiple VLANs one interface from ISP switch vs bridge
Thank you for getting involved. Yes, I apologize for not being clear. In my head the topology is known, but, as you said, it would be good to give whole info from my side...
. Apologies once more.
Here is a diagram:
. Apologies once more.Here is a diagram:
-
-
JimmyNyholm
Member Candidate
- Posts: 248
- 加入:
- Location:Sweden
Re: multiple VLANs one interface from ISP switch vs bridge
Add vlan 100 in the mt switch and tag only outside port and cpu.
现在100发送vlanto RouterOS with vlan id 100.
Add vlan interface 100 to bridge1 in routeros
add ppoe client on vlan 100
Set what ever L3 ip info and other stuff for lan side making MT L2 shining for the stuff you dont care about and L3 part of what you do care about.
Be aware of MTU. And by doing this Telephony and TV will break with every reset or upgrade of MT router.
现在100发送vlanto RouterOS with vlan id 100.
Add vlan interface 100 to bridge1 in routeros
add ppoe client on vlan 100
Set what ever L3 ip info and other stuff for lan side making MT L2 shining for the stuff you dont care about and L3 part of what you do care about.
Be aware of MTU. And by doing this Telephony and TV will break with every reset or upgrade of MT router.
Re: multiple VLANs one interface from ISP switch vs bridge[SOLVED]
That's often the trouble. You need to put yourself in the position of someone who knows nothing about it and then see if it makes sense. But you know that now!In my head the topology is known...
So specifically:
Code:Select all
/interface ethernet switch vlan add ports=switch1-cpu,ether1 switch=switch1 vlan-id=100What does that achieve? You have absolutely no idea what bridge1 does or whether it even exists, seeing as no interface config. has been posted.Add vlan interface 100 to bridge1 in routeros
That was already there.add ppoe client on vlan 100
Last edited bysid5632on Wed Oct 04, 2017 1:38 am, edited 1 time in total.
Re: multiple VLANs one interface from ISP switch vs bridge
I think I understand. Seems that sid5632 provided CL for that if I am right.Add vlan 100 in the mt switch and tag only outside port and cpu.
现在100发送vlanto RouterOS with vlan id 100.
I do not understand what to exactly do with this. Why bridge? At the moment I do not use any bridge. Is it necessary here? Sorry if my question is dumb, I am not a pro like lots of girls/guys here. Just an amateur loving networks and appreciating mikrotik proficiency level and in the same time great price and possibility for us amateurs to use it very good.Add vlan interface 100 to bridge1 in routeros
I think I already have this. It is noted in the CommandLines in the first post. Am I missing something?add ppoe client on vlan 100
As I undestand, you are saying that MT will serve as Layer 3 router for my LAN and as Layer 2 switch for ISPs router, voip, iptv. Yes, that is my intention. Thank you!Set what ever L3 ip info and other stuff for lan side making MT L2 shining for the stuff you dont care about and L3 part of what you do care about.
On pppoe interface I have set mtu 1492 and it works great. What interface you are speaking about? VLANs ? For all vlans I have always used default 1500 mtu.Be aware of MTU.
Yes, I am fully aware of that but it is not a problem for me. MT stability for internet is much greater plus for me than couple of reboots per year. I do not want to be dependent on ISPs router that is low level quality. Mikrotik provides me stability...remote conection...security...etc..., so I want it to be first in the row after GPON.And by doing this Telephony and TV will break with every reset or upgrade of MT router.
Yes off course, thank you....You need to put yourself in the position of someone who knows nothing about it and then see if it makes sense. But you know that now!
Yes, thank you also for exact CL. I am going to try this.So specifically:
/interface ethernet switch vlan
add ports=switch1-cpu,ether1 switch=switch1 vlan-id=100
我读到,在wiki。我明白了,我n 6.40 rc29 it is going to be the situation that switch and bridge are almost the same from the configuration point of view. Just the difference is going to behw-offloadon / off ? I am sure that I will need help once moreThis of course is all going to different from 6.41 onwards, so the above only applies to 6.40 and before.
Apologies!! I always use latest bugfix version, so at the moment it is 6.38.7.You didn't say which version you were running - another important detail!
My question is, guys, please explain to me! I am confused now with that bridge story.What does that achieve? You have absolutely no idea what bridge1 does or whether it even exists, seeing as no interface config. has been posted.Add vlan interface 100 to bridge1 in routeros
THANK YOU very much to both of you! Appreciate this very much!
Re: multiple VLANs one interface from ISP switch vs bridge
I think you've been unnecessarily confused by this. It shouldn't be necessary. Post the output of "/interface bridge export" just to be sure. I expect it's just empty though.My question is, guys, please explain to me! I am confused now with that bridge story.
Re: multiple VLANs one interface from ISP switch vs bridge
I can confirm that proposed solution now completely works!
THANK YOU very much on your valuable help!
The only thing that was needed to be added was:
There is only two open questions for me now regarding this config:
Is this some kind of potential security problem? Is my router more vulnerable when it switches such kind of vlan traffic to other devices behind hime? I think this is NOT a security issue, but I would appreciate other toughs if I am missing something.
Other thing is the question regarding what is the best way to configure
?
or
or
? I am rereading the switch chip features wiki but I am not so sure what is the beast in such a case.
THANK YOU very much on your valuable help!
The only thing that was needed to be added was:
Code:Select all
/interface ethernet switch vlan add ports=ether1,switch1-cpu switch=switch1 vlan-id=100Is this some kind of potential security problem? Is my router more vulnerable when it switches such kind of vlan traffic to other devices behind hime? I think this is NOT a security issue, but I would appreciate other toughs if I am missing something.
Other thing is the question regarding what is the best way to configure
Code:Select all
/interface ethernet switch port
Code:Select all
set ether1 vlan-mode=
Code:Select all
secure
Code:Select all
check
Code:Select all
fallbackRe: multiple VLANs one interface from ISP switch vs bridge
"secure" seems like the only sensible mode to me, once you are happy the configuration is correct.