Hi Damien, We just do it pretty simply, basically a VLAN on the outside interface, and VLAN on the inside interface, and a bridge which has both VLAN interfaces as ports on it. No reason you can't put that same VLAN ID on multiple vlan interfaces attached to thernet interfaces and then put all of the VLAN interfaces into a bridge As we work with quite a range of the MT devices using switch chips would have meant we would have two designs, even though VLAN through a bridge is more CPU it's a consistent approach for us whether it's a wireless backhaul link or fibre or anything else really. Don't blame you about the STP bit, our biggest issue at the moment is there seems to be some weird stuff going on with LSA's and OSPF convergence, slowness is a big issue even for a basic link flap. We are just about to start implementing BFD so hopefully that might help. Regards Paul -----Original Message----- From: Public <public-bounces@talk.mikrotik.com.au> On Behalf Of Damien Gardner Jnr Sent: Thursday, 8 November 2018 7:20 AM To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] RouterOS 6.40->6.42 upgrade didn't go so well.. How should things work now? :) Hey Paul, Thanks, I wasn't using bridges at all except for their 'normal' purpose - bridging vlans to wifi - like you would in cisco land ;) - But now it looks like Mikrotik want us to stop using the switch chip (WTF, why did they make us start using it then??), and do our port joinings in bridges again.. But what I think is causing issues is the fact that I have a Mikrotik *switch*, not router, so I have multiple VLAN's on each port, and I also need some of those vlan's bridged to wifi interfaces, so I have bridge with vlans, and some of those vlans are members of bridges.. The switch chip made things fairly clean. I could leave vlans that didn't need to hit RouterOS in the switch chip, and not bring them up to the CPU, or bring them up to the CPU but leave them disabled unless I need to debug something (everything except vlan 99-102 are disabled on mine - vlan 99 is the VDSL bridge from the SFP in the CRS in the living room. 100 is lan, 101 is DMZ being routed from the CRS in the living room on a separate PPPOE session, and 102 is the kids) How you handling bridges on vlans in your environment post 6.41? Or have you not needed to do that yet? I'm not keen on leaving STP disabled :\ Thanks, Damien On Thu, 8 Nov 2018 at 07:08, Paul Julian <paul@buildingconnect.com.au> wrote:
HI Damien,
In 6.42 there were major changes to the bridge environment, changelogs are your friend there, there is a pretty solid warning on the changelog about bridge and switch changes after upgrading, or the chance of them, and it sounds lke you have been unfortunately enough to be affected by the situation. We haven't had anything break around it but we don't using bridging a lot, mostly just to transport vlans through routers and for loopback adaptors.
Your setup sounds really complicated, my understanding of the switch chip, and I don't really use it much, is do your vlans in the switch chip or in a bridge, but it sounds like perhaps you have both operating which might be causing the issues.
I would forget the switch chip for the moment and just get everything work in a bridge or bridges, or take the other route but I'm not sure of the best way for that.
If you are not actually using it as a switch then maybe just bridging the ports you need is the answer ?
Regards Paul
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Damien Gardner Jnr Sent: Thursday, 8 November 2018 6:53 AM To: MikroTik Australia Public List Subject: [MT-AU Public] RouterOS 6.40->6.42 upgrade didn't go so well.. How should things work now? :)
Hey All,
I have a bunch of CRS109's around the place which need to be upgraded from 6.40 to 6.42
The one in the living room which basically just does switching went fine. Silly me then went 'rad, lets do the core!'.. And all hell broke loose. After the upgrade, there was no bridge1 automatically created, and all my vlan interfaces were still on ether2-master.
After much googling on my phone, and messing about, I have it mostly working, WITH RSTP turned off on the bridge I had to create, and with my VRRP interfaces shutdown, and the IP's from them moved back to the bridges they live on. However things are still quite hinkey, so I'm wondering how things SHOULD be setup post 6.41?
So I currently have:
+ bridge_switchchip - vlan86 - vlan87 - vlan88 - vlan98 - vlan99 - vlan100 - vlan101 - vlan102 All ports are members of bridge_switchchip
vlan100, is then a port in bridge_local, as that's our local LAN along with three wifi virtual-interfaces vlan102 is a port in bridge_vlan102, as that's the kids' LAN along with their wifi virtual-interface. it's also in a VRF along with one of the two pppoe dialers on this CRS
The switch chip is then also doing a bunch of vlan rules: vlan87: ether1,2,5,6,cpu vlan98: ether1,5,cpu vlan99: ether1,5,cpu vlan100: ethernet1-8,cpu vlan101: ether1-3,ether5-7,cpu vlan102: ether1,2,4,7,cpu
And it's also translating vlan100 to native vlan on ether2-5
SO... Pre 6.41, I simply had my vlan interfaces on the master port, had all my interfaces as slaves, and then configured my vlan mappings per port on the switch chip.
I now have a bridge with all ports in it, and then vlans under that bridg.e However this seems to be causing problems since I have some of those vlans in bridges themselves? Disabling RSTP on bridge_switchchip let most things talk to most other things, although the kids VRF is not passing traffic as yet. I haven't shoved my own test box onto that network to diagnose it yet though.
How SHOULD I be doing this? Should I be creating multiple bridge_switchip_vlanblah bridges, each with its own vlanid set? And only add the interfaces that should have those vlans to that bridge?
Or is all this weirdness just a hassle with 6.42.9, and I should come off bugfix, and go to release?
Thanks,
Damien (Pulling my hair out, and considering pulling the config off my core CRS, and throwing it on the one in the garage that hasn't been upgraded as yet!!!)
Damien Gardner Jnr VK2TDG. Dip EE. GradIEAust rendrag@rendrag.net - http://www.rendrag.net/ -- We rode on the winds of the rising storm, We ran to the sounds of thunder. We danced among the lightning bolts, and tore the world asunder _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au
-- Damien Gardner Jnr VK2TDG. Dip EE. GradIEAust rendrag@rendrag.net - http://www.rendrag.net/ -- We rode on the winds of the rising storm, We ran to the sounds of thunder. We danced among the lightning bolts, and tore the world asunder _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au