Dual Vlan 10's on Mikrotik

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › Dual Vlan 10's on Mikrotik

MichaelNZ

Linux Systems Admin
1048 posts

Uber Geek
+1 received by user: 195

Trusted

Integrity Tech Solutions

Subscriber

Topic # 248381 23-Mar-2019 22:09

I have a RB1100AHX4 router and am looking at acquiring a CRS326-24G-2S+RM switch. I need to interface to 2x VDSL2 WAN networks via Metanoia VDSL SFP's which will be plugged into the switch and trunked back to the router. Thing is, both VDSL interfaces need to be tagged VLAN 10. Any thoughts on topology/strategy for this?

Integrity Tech Solutions @ Norsewood, New Zealand

1 | 2 | 3

345 posts

Ultimate Geek
+1 received by user: 86

Reply # 2203990 23-Mar-2019 22:10

Whos the ISP? you can request that they arent Tagged, or atleast on connection not tagged

MichaelNZ

Linux Systems Admin
1048 posts

Uber Geek
+1 received by user: 195

Trusted

Integrity Tech Solutions

Subscriber

Reply # 2203992 23-Mar-2019 22:12

sparkz25:

Whos the ISP? you can request that they arent Tagged, or atleast on connection not tagged

Wow, that's news to me, thanks.

Inspire Net.

Integrity Tech Solutions @ Norsewood, New Zealand

sparkz25

345 posts

Ultimate Geek
+1 received by user: 86

Reply # 2203995 23-Mar-2019 22:23

One person supports this post

MichaelNZ:

sparkz25:

Whos the ISP? you can request that they arent Tagged, or atleast on connection not tagged

Wow, that's news to me, thanks.

Inspire Net.

looks like devoli are their backhaul provider https://bgp.he.net/AS17705#_graph4

so shouldnt be a problem at all in my eyes, when they request the provisioning in the portal they just need to untag the port/s

michaelmurfy

Mr Snotty
8515 posts

Uber Geek
+1 received by user: 4417

Moderator

Trusted

Lifetime subscriber

Reply # 2203998 23-Mar-2019 22:32

One person supports this post

The CRS326-24G-2S+RM is a router, that runs both RouterOS and SwitchOS. You can do full routing with it.

You shouldn't need an additional router here :)

Michael Murphy | https://murfy.nz
A quick guide to picking the right ISP | The Router Guide | Community UniFi Cloud Controller | Ubiquiti Edgerouter Tutorial

MichaelNZ

Linux Systems Admin
1048 posts

Uber Geek
+1 received by user: 195

Trusted

Integrity Tech Solutions

Subscriber

Reply # 2203999 23-Mar-2019 22:37

michaelmurfy:

The CRS326-24G-2S+RM is a router, that runs both RouterOS and SwitchOS. You can do full routing with it.

You shouldn't need an additional router here :)

Technically you are correct though-

RB1100AHx4

Quad core 1.4Ghz (each core) CPU

1Gb RAM

Level 6 licence

CRS-326

Single core 800Mhz CPU

512Mb RAM

Level 5 licence

Coming from the Cisco camp, I have found Mikrotik to represent amazing value for money.

Integrity Tech Solutions @ Norsewood, New Zealand

hio77

'That VDSL Cat'
9892 posts

Uber Geek
+1 received by user: 2317

Trusted

Spark

Subscriber

Reply # 2204000 23-Mar-2019 22:56

One person supports this post

sparkz25:
Whos the ISP? you can request that they arent Tagged, or atleast on connection not tagged

Not for vdsl.

Your thinking fibre.

In this case, just terminate both but don't bridge the wan ports. Do your dsnat from there for load balance or w/e

In your use case I'd drop down to that single router and use a good old bridge mode router.

The spf is just complicating things

#include <std_disclaimer>

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

sbiddle

27669 posts

Uber Geek
+1 received by user: 7150

Moderator

Trusted

Biddle Corp

Lifetime subscriber

Reply # 2204001 23-Mar-2019 23:14

2 people support this post

A VLAN is just a number. There are zero issues having the same VLAN on multiple interfaces, this is a normal part of many everyday configs.

Forget using a CRS such as the one you're looking at for a router. They're seriously underpowered, and if you're wanting multiple WANs you're obviously trying to do something smart which will just end in tears on an underspec device.

As pointed out you can't untag VDSL2. VLAN tagging is a requirement if you want native EUBA on an ADSL2+ or VDSL2 connection.

MichaelNZ

Linux Systems Admin
1048 posts

Uber Geek
+1 received by user: 195

Trusted

Integrity Tech Solutions

Subscriber

Reply # 2204002 23-Mar-2019 23:17

sbiddle: A VLAN is just a number. There are zero issues having the same VLAN on multiple interfaces, this is a normal part of many everyday configs.

The need in this instance is for 2x separate VLAN 10's and have them both trunked back to the router.

I am wondering if there is any simpler option than inter-vlan routing setup at the switch. The other option I am considering is separate switches and trunks. I have not tried this IRL with the Mikrotik router but it looks like this might work-

Trunk 1 / Vlan 10(A)

Trunk 2 / Vlan 10(B)

The core issue here is the packets leaving the SFP's to the internet have to be tagged Vlan 10. The D-Link switch I am presently using requires Vlan 10 packets through the trunk and the SFP port to be a member of Vlan 10 to achieve this. Thus, even though it has 2x SFP ports, it can only support 1x Metanoia VDSL SFP.

Integrity Tech Solutions @ Norsewood, New Zealand

toejam316

715 posts

Ultimate Geek
+1 received by user: 224

Reply # 2204020 24-Mar-2019 00:08

2 people support this post

Why don't you buy a CRS106-1C-5S, set up each SFP on VLAN 10, and then bring them both back from the switch in separate VLANs? Just move one to VLAN 20 and bring the other through on VLAN 10 through the same physical interface. Shouldn't be a major at all?

@sbiddle from my understanding he's trying to get 2x connections using the SFPs, and the AH1100x4 doesn't have SFP ports.
OP, you'd be just as well off (and probably save some money) by using a pair of Draytek v130s.

Spyware

2200 posts

Uber Geek
+1 received by user: 440

Lifetime subscriber

Reply # 2204031 24-Mar-2019 06:54

https://wiki.mikrotik.com/wiki/Manual:CRS3xx_series_switches

freakngeek

331 posts

Ultimate Geek
+1 received by user: 85

Reply # 2204213 24-Mar-2019 13:14

No idea how Metanoia VDSL SFP does VDSL

But on the DV130 if you set the VLAN on the modem in bridge mode it removes the Tag
If you don't set the VLAN tag in bridge mode it passes it through and the Router needs to sort VLAN10
Can the Metanoia do this, set one to VLAN10 other remove tag ?

MichaelNZ

Linux Systems Admin
1048 posts

Uber Geek
+1 received by user: 195

Trusted

Integrity Tech Solutions

Subscriber

Reply # 2204226 24-Mar-2019 13:28

freakngeek:

No idea how Metanoia VDSL SFP does VDSL

But on the DV130 if you set the VLAN on the modem in bridge mode it removes the Tag
If you don't set the VLAN tag in bridge mode it passes it through and the Router needs to sort VLAN10
Can the Metanoia do this, set one to VLAN10 other remove tag ?

The Metanoia 5311 is a cute but technically uninteresting item. It has firmware and this can be upgraded but for all intents and purposes it is as dumb as a network cable.

Integrity Tech Solutions @ Norsewood, New Zealand

hio77

'That VDSL Cat'
9892 posts

Uber Geek
+1 received by user: 2317

Trusted

Spark

Subscriber

Reply # 2204232 24-Mar-2019 13:49

One person supports this post

If your really intent on going down this path, i still say your best option is simply to trunk separately or QinQ it.

This is what i've got setup on my modems so a single cat 6 goes into my RB3011 splits out the wans, terminates PPPoE/DHCP and does all the magic from there.

The router upstream is a RB951G-2HnD. As well as QinQ, this also performs transparent traffic shaping down to the dsl rates.

This is also possible in switchOS but it's a pain in the rear to setup. involves messing with ACL's to rewrite vlans, but that's still uggly... QinQ in RouterOS is a case of simply cascading vlans and it's happy.

#include <std_disclaimer>

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

MichaelNZ

Linux Systems Admin
1048 posts

Uber Geek
+1 received by user: 195

Trusted

Integrity Tech Solutions

Subscriber

Reply # 2204237 24-Mar-2019 14:01

One person supports this post

hio77:

If your really intent on going down this path, i still say your best option is simply to trunk separately or QinQ it.

[.....]

This is also possible in switchOS but it's a pain in the rear to setup. involves messing with ACL's to rewrite vlans, but that's still uggly... QinQ in RouterOS is a case of simply cascading vlans and it's happy.

Thanks for that. I will look into the 802.1ad option (aka QinQ) as this would be a good opportunity to try something new. I intend to use RouterOS on the switch because this supports Winbox.

Integrity Tech Solutions @ Norsewood, New Zealand

hio77

'That VDSL Cat'
9892 posts

Uber Geek
+1 received by user: 2317

Trusted

Spark

Subscriber

Reply # 2204251 24-Mar-2019 14:06

Word of warning. The information online can be a little confusing.

Took me tons of unanswered posts. Dives into the wikis etc to realize uh. In one of the latest major updates they made it easy.. Its literally just cascading interfaces.

#include <std_disclaimer>

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

1 | 2 | 3