Dual Vlan 10's on Mikrotik

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › Dual Vlan 10's on Mikrotik

MichaelNZ

1387 posts

Uber Geek

Trusted

Integrity Tech Solutions

#248381 23-Mar-2019 22:09

I have a RB1100AHX4 router and am looking at acquiring a CRS326-24G-2S+RM switch. I need to interface to 2x VDSL2 WAN networks via Metanoia VDSL SFP's which will be plugged into the switch and trunked back to the router. Thing is, both VDSL interfaces need to be tagged VLAN 10. Any thoughts on topology/strategy for this?

WFH Linux Systems and Networks Engineer in the Internet industry | Specialising in Mikrotik | APNIC member | Open to job offers

1 | 2 | 3

750 posts

Ultimate Geek
Inactive user

#2203990 23-Mar-2019 22:10

Whos the ISP? you can request that they arent Tagged, or atleast on connection not tagged

MichaelNZ

1387 posts

Uber Geek

Trusted

Integrity Tech Solutions

#2203992 23-Mar-2019 22:12

sparkz25:

Whos the ISP? you can request that they arent Tagged, or atleast on connection not tagged

Wow, that's news to me, thanks.

Inspire Net.

WFH Linux Systems and Networks Engineer in the Internet industry | Specialising in Mikrotik | APNIC member | Open to job offers

sparkz25

750 posts

Ultimate Geek
Inactive user

#2203995 23-Mar-2019 22:23

MichaelNZ:

sparkz25:

Whos the ISP? you can request that they arent Tagged, or atleast on connection not tagged

Wow, that's news to me, thanks.

Inspire Net.

looks like devoli are their backhaul provider https://bgp.he.net/AS17705#_graph4

so shouldnt be a problem at all in my eyes, when they request the provisioning in the portal they just need to untag the port/s

michaelmurfy

meow
13242 posts

Uber Geek

Moderator

ID Verified

Trusted

Lifetime subscriber

#2203998 23-Mar-2019 22:32

The CRS326-24G-2S+RM is a router, that runs both RouterOS and SwitchOS. You can do full routing with it.

You shouldn't need an additional router here :)

Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

MichaelNZ

1387 posts

Uber Geek

Trusted

Integrity Tech Solutions

#2203999 23-Mar-2019 22:37

michaelmurfy:

The CRS326-24G-2S+RM is a router, that runs both RouterOS and SwitchOS. You can do full routing with it.

You shouldn't need an additional router here :)

Technically you are correct though-

RB1100AHx4

Quad core 1.4Ghz (each core) CPU

1Gb RAM

Level 6 licence

CRS-326

Single core 800Mhz CPU

512Mb RAM

Level 5 licence

Coming from the Cisco camp, I have found Mikrotik to represent amazing value for money.

WFH Linux Systems and Networks Engineer in the Internet industry | Specialising in Mikrotik | APNIC member | Open to job offers

hio77

12999 posts

Uber Geek

ID Verified

Trusted

Lizard Networks

#2204000 23-Mar-2019 22:56

sparkz25:
Whos the ISP? you can request that they arent Tagged, or atleast on connection not tagged

Not for vdsl.

Your thinking fibre.

In this case, just terminate both but don't bridge the wan ports. Do your dsnat from there for load balance or w/e

In your use case I'd drop down to that single router and use a good old bridge mode router.

The spf is just complicating things

#include <std_disclaimer>

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

sbiddle

30853 posts

Uber Geek

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#2204001 23-Mar-2019 23:14

A VLAN is just a number. There are zero issues having the same VLAN on multiple interfaces, this is a normal part of many everyday configs.

Forget using a CRS such as the one you're looking at for a router. They're seriously underpowered, and if you're wanting multiple WANs you're obviously trying to do something smart which will just end in tears on an underspec device.

As pointed out you can't untag VDSL2. VLAN tagging is a requirement if you want native EUBA on an ADSL2+ or VDSL2 connection.

AliExpress

Shop now on AliExpress (affiliate link).

MichaelNZ

1387 posts

Uber Geek

Trusted

Integrity Tech Solutions

#2204002 23-Mar-2019 23:17

sbiddle: A VLAN is just a number. There are zero issues having the same VLAN on multiple interfaces, this is a normal part of many everyday configs.

The need in this instance is for 2x separate VLAN 10's and have them both trunked back to the router.

I am wondering if there is any simpler option than inter-vlan routing setup at the switch. The other option I am considering is separate switches and trunks. I have not tried this IRL with the Mikrotik router but it looks like this might work-

Trunk 1 / Vlan 10(A)

Trunk 2 / Vlan 10(B)

The core issue here is the packets leaving the SFP's to the internet have to be tagged Vlan 10. The D-Link switch I am presently using requires Vlan 10 packets through the trunk and the SFP port to be a member of Vlan 10 to achieve this. Thus, even though it has 2x SFP ports, it can only support 1x Metanoia VDSL SFP.

WFH Linux Systems and Networks Engineer in the Internet industry | Specialising in Mikrotik | APNIC member | Open to job offers

toejam316

1466 posts

Uber Geek

Trusted

Lifetime subscriber

#2204020 24-Mar-2019 00:08

Why don't you buy a CRS106-1C-5S, set up each SFP on VLAN 10, and then bring them both back from the switch in separate VLANs? Just move one to VLAN 20 and bring the other through on VLAN 10 through the same physical interface. Shouldn't be a major at all?

@sbiddle from my understanding he's trying to get 2x connections using the SFPs, and the AH1100x4 doesn't have SFP ports.
OP, you'd be just as well off (and probably save some money) by using a pair of Draytek v130s.

Anything I say is the ramblings of an ill informed, opinionated so-and-so, and not representative of any of my past, present or future employers, and is also probably best disregarded.

Spyware

3761 posts

Uber Geek

Lifetime subscriber

#2204031 24-Mar-2019 06:54

https://wiki.mikrotik.com/wiki/Manual:CRS3xx_series_switches

freakngeek

356 posts

Ultimate Geek

#2204213 24-Mar-2019 13:14

No idea how Metanoia VDSL SFP does VDSL

But on the DV130 if you set the VLAN on the modem in bridge mode it removes the Tag
If you don't set the VLAN tag in bridge mode it passes it through and the Router needs to sort VLAN10
Can the Metanoia do this, set one to VLAN10 other remove tag ?

MichaelNZ

1387 posts

Uber Geek

Trusted

Integrity Tech Solutions

#2204226 24-Mar-2019 13:28

freakngeek:

No idea how Metanoia VDSL SFP does VDSL

But on the DV130 if you set the VLAN on the modem in bridge mode it removes the Tag
If you don't set the VLAN tag in bridge mode it passes it through and the Router needs to sort VLAN10
Can the Metanoia do this, set one to VLAN10 other remove tag ?

The Metanoia 5311 is a cute but technically uninteresting item. It has firmware and this can be upgraded but for all intents and purposes it is as dumb as a network cable.

WFH Linux Systems and Networks Engineer in the Internet industry | Specialising in Mikrotik | APNIC member | Open to job offers

hio77

12999 posts

Uber Geek

ID Verified

Trusted

Lizard Networks

#2204232 24-Mar-2019 13:49

If your really intent on going down this path, i still say your best option is simply to trunk separately or QinQ it.

This is what i've got setup on my modems so a single cat 6 goes into my RB3011 splits out the wans, terminates PPPoE/DHCP and does all the magic from there.

The router upstream is a RB951G-2HnD. As well as QinQ, this also performs transparent traffic shaping down to the dsl rates.

This is also possible in switchOS but it's a pain in the rear to setup. involves messing with ACL's to rewrite vlans, but that's still uggly... QinQ in RouterOS is a case of simply cascading vlans and it's happy.

#include <std_disclaimer>

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

MichaelNZ

1387 posts

Uber Geek

Trusted

Integrity Tech Solutions

#2204237 24-Mar-2019 14:01

hio77:

If your really intent on going down this path, i still say your best option is simply to trunk separately or QinQ it.

[.....]

This is also possible in switchOS but it's a pain in the rear to setup. involves messing with ACL's to rewrite vlans, but that's still uggly... QinQ in RouterOS is a case of simply cascading vlans and it's happy.

Thanks for that. I will look into the 802.1ad option (aka QinQ) as this would be a good opportunity to try something new. I intend to use RouterOS on the switch because this supports Winbox.

WFH Linux Systems and Networks Engineer in the Internet industry | Specialising in Mikrotik | APNIC member | Open to job offers

hio77

12999 posts

Uber Geek

ID Verified

Trusted

Lizard Networks

#2204251 24-Mar-2019 14:06

Word of warning. The information online can be a little confusing.

Took me tons of unanswered posts. Dives into the wikis etc to realize uh. In one of the latest major updates they made it easy.. Its literally just cascading interfaces.

#include <std_disclaimer>

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

1 | 2 | 3