VLAN configuration

[colinhowlin]

Hi

On one of our sites, we're looking to replace a Cisco SG-300 which handles our VLAN's and trunking with a Netonix WS-12-250A.
Hoping someone can cast their eye over my configuration.

This is our current VLAN config on the Cisco.
Ports 1-5 are for customer access.
Port 7 is our backhaul - SIAE AlfoPlus 17GHz.
Ports 8 and 9 go to our router - RB1100AHx2.

Have tried this configuration on the Netonix.
Port 1 for SIAE powered up at 48VH.
Ports 2-9 for customer access.
Ports 10 and 11 to the Mikrotik router.

I've tried this with trunking enabled on ports 1, 10 and 11 and also without but didn't work either way.
Seemed to work and traffic built but then died off and no access to customer radios.

This is the interface setup on the Mikrotik:

Anyone able to cast their eye on this and tell me where I'm going wrong?
Probably something simple but I've been looking at it too long now.

Thanks
Colin

[Eric Stern]

Do you have STP enabled on ports 10 & 11?

[Eric Stern]

Also, the way this is configured all frames going to the Mikrotik will be untagged (because of the U's on ports 10 and 11), so the VLAN configuration on the mikrotik will be useless.

[colinhowlin]

Hi Eric

Thanks for the reply.
Yes, STP enabled on all ports.

With regards to the Mikrotik, are you saying VLAN23 and 230 configured on ether 1 and 11 don't need to be there?

Thanks
Colin

[Eric Stern]

Yes, STP enabled on all ports.

Thats probably at least part of the problem. STP/RSTP is not VLAN aware, so having both ports 9 and 10 going to the mikrotik will cause the switch to detect a loop and it will disable one of the ports. If STP is also enabled on the Mikrotik that is.

With regards to the Mikrotik, are you saying VLAN23 and 230 configured on ether 1 and 11 don't need to be there?

Correct, as the Mikrotik will never get tagged frames. Unless its supposed to be getting tagged frames, in which case you'll need to change the VLAN configuration.

[colinhowlin]

Thanks for your replies Eric.

The Cisco in place at the minute also has STP enabled on all ports including those going to the Mikrotik.
It works fine like this - are you saying it shouldn't in this configuration?

Could I just have one link to the Mikrotik and eliminate STP on this network segment?
There are no other loops. There's just the switch, router and a number of AP's.

[Eric Stern]

Cisco's have a proprietary extension to STP called PVST (Per VLAN Spanning Tree). If that is enabled that could be why it is working.

I don't think you need two links to the Mikrotik. I'm guessing a little here, but this might be the configuration you want.
- disconnect port 11, set it to E on all 3 VLANs
- U on port 10 for VLAN 1
- T on port 10 for VLAN 23
- T on port 10 for VLAN 230
- you may need to reconfigure the Mikrotik to expect both VLAN 23 and 230 on port 10

Traffic for VLAN 1 can arrive untagged on ports 1,12,13,14 and go out untagged on port 10
Traffic for VLAN 23 can arrive tagged on port 1 and go out tagged on port 10
Traffic for VLAN 230 can arrive tagged on port 1 or untagged on ports 2-9 and will go out tagged on port 10

[sirhc]

Cisco's have a proprietary extension to STP called PVST (Per VLAN Spanning Tree). If that is enabled that could be why it is working.

I don't think you need two links to the Mikrotik. I'm guessing a little here, but this might be the configuration you want.
- disconnect port 11, set it to E on all 3 VLANs
- U on port 10 for VLAN 1
- T on port 10 for VLAN 23
- T on port 10 for VLAN 230
- you may need to reconfigure the Mikrotik to expect both VLAN 23 and 230 on port 10

Traffic for VLAN 1 can arrive untagged on ports 1,12,13,14 and go out untagged on port 10
Traffic for VLAN 23 can arrive tagged on port 1 and go out tagged on port 10
Traffic for VLAN 230 can arrive tagged on port 1 or untagged on ports 2-9 and will go out tagged on port 10

The reason he probably wants 2 links (LAG) to the router that feeds the local radios on the towers is to split the Pause Frames up across 2 interfaces which causes less of an impact on the tower when a pause frame is sent. I do this with my towers, I have a LAG between the switch and the router for the VLANs that handle the local radios that way the Pause frames have less of an impact on the tower traffic as seen below in my VLAN configuration.

I also make sure no back-haul links are going through those interfaces so local Pause Frames have no affect on traffic coming through this tower to the next tower.

[colinhowlin]

The SG300 doesn't actually support PVST as far as I'm aware.

If we set up with just one link to Mikrotik, do you foresee pause frames becoming a problem?
We're not currently seeing any pause frames on the links between Cisco and Mikrotik.

[sirhc]

If we set up with just one link to Mikrotik, do you foresee pause frames becoming a problem?
We're not currently seeing any pause frames on the links between Cisco and Mikrotik.

No, was just guessing what your logic was?