How correctly/incorrectly configured VLAN mikrotik?

Good evening, please tell me whether it is possible to do so?
There are rb4011 and crs328, we use the scheme LAN ROUTER-ON-A-STICK. That is, the switch includes optics provider from it it is VLAN 10 to the router, there is still 20 Vlan - guest subnet and home subnet to the Main Bridge. The switch and the router is connected the SFP+ patch-cord, that is ports of SFP+ on both devices are Trunk-s and they are situated in the main bridge (main Bridge) to the main subnet. Is it possible to do so? or to exclude SFP+ ports of the bridge, and drive home subnet via VLAN too?

5c98fe50da1e9782140462.jpeg5c9900e2db90a288110823.jpeg5c98fe60d22b5883816009.jpeg5c9900f4ba5de068255105.jpeg
March 19th 20 at 08:31
2 answers
March 19th 20 at 08:33
Solution
In this scheme will be the flow of traffic of guest up to Maine and back. Do separate Brixham and at the level of rebuke firewall route traffic from one network to another.
If you make an additional bridge, it will work programmatically,that speed will not give. - elmore92 commented on March 19th 20 at 08:36
@elmore92, human load on the percent exactly 0%. You try in practice how much bridge seems useful. - rozella34 commented on March 19th 20 at 08:39
@rozella34, Yes, easily.
Here you have the tests with 1100

https://youtu.be/51x2GgQiP7c

If you can avoid using CPU, it is better to avoid it.
rb4011 has only 2.5 gb link with the CPU and 10gb link sfp+ port
Already uploading it to 1gb, toiret about 25% CPU (about)

Alas I didn't have another on hand 4011, so I can only speak about. - elmore92 commented on March 19th 20 at 08:42
@elmore92not correctly traffic from different Ulanov mix. And to save the load on the cent with its zero download - paranoia. I seriously doubt that a person with such issues will be 10GB load. I doubt that there will be a gig. And pieces of iron for such traffic take are somewhat different. - rozella34 commented on March 19th 20 at 08:45
@rozella34, Well, actually , we do not mix the Vlan traffic. Vlan as was in my L2, so I stayed there.
https://wiki.mikrotik.com/wiki/Manual:CRS3xx_serie...

Another point that 4011 no bridge vlan on the switch chip. Here I not right Yes.
it is only at 326 and CCR , who do not care.
for 4011 of the processing it is better to pass the vlan on the switch chip
At least I have a simple approach,all you can do train, we do train , but not programmatically. - elmore92 commented on March 19th 20 at 08:48
@elmore92, I did not understand your circuit. Not carefully read.
I use two schemes on two cores. Both chew on the 80 gig and 6 fully BGP. Both cores use the switches for L2 switching and L3 router for. Between router and switch lag of 10 ports for 10g. There are aplinkui VLAN and a series downlinkwed. Plus the flow between the cores. But there is one core Board with 1G ports for output traffic immediately from the router on the other there are no such ports, and everything flies into the switch. All vlana and I transport in the form of tagged Ulanov.
Mikrotik not used. - rozella34 commented on March 19th 20 at 08:51
@rozella34,
Between router and switch lag of 10 ports for 10g

lag = LAG ? but apparently it's not about the 4011, as it has one sfp+

Also just to remind you that LAG/LACP/Bondig (who I like) just makes the software, except the 3xx series , at the moment. - elmore92 commented on March 19th 20 at 08:54
@elmore92, I Have no equipment vendor mikrotik. The fact that you have software, I hardware. :) - rozella34 commented on March 19th 20 at 08:57
Besides, for me too critical loss of service. Under scheme with lag, I can lose any link. But to stay with the running service. The loss of 2 links - critical but not the reason for the night's voyage in the city or the country. 3 - the situation is not likely. And go not me and SAT. I'll just be a second machine. - rozella34 commented on March 19th 20 at 09:00
@rozella34,
I have no equipment vendor mikrotik. The fact that you have software, I hardware. :)


You won't believe , but I have the same Tiki there and horror of horrors, everything is done through the switch chip, making the CPU.

The same LAG in hardware, they have implemented only in the 3xx series
https://wiki.mikrotik.com/wiki/Manual:Interface/Br...
https://wiki.mikrotik.com/wiki/Manual:CRS3xx_VLANs...

And for the reservation of channels is, in General, STP, and aggregation are some other tasks that a little overlap.

So Yes, if you have a 3xx series and 10 gb links to 10 pieces can only be done in CRS317, if I'm not mistaken, there are all hardware, not software.

But if you look at the screenshot , we can see that you have no aHardOff there the second bridge, which in General is logical and that is what it is. As in this case , you processing is a CPU bus to a CPU, you can look for your device in the block diagram. - elmore92 commented on March 19th 20 at 09:03
@elmore92, dear, you can't hear me. I have NO equipment Mikrotik. Exactly. I don't use it on transport. STP may be applicable at your level, but for me it does not roll. Too long a toe and a waste of links on a simple. For me a simple link 10g-100g at a distance of 150-1000km - a huge loss in money. At my level this is not acceptable. For me bandwidth is less than 10g - not interesting. - rozella34 commented on March 19th 20 at 09:06
Yes. And where did you see my screens??? I have nothing to do with default. - rozella34 commented on March 19th 20 at 09:09
@rozella34, and I mean talking about TC not you. - elmore92 commented on March 19th 20 at 09:12
March 19th 20 at 08:35
Solution
@geovany.Altenwert

Veatch and the router is connected the SFP+ patch-cord, that is ports of SFP+ on both devices are Trunk-s and they are situated in the main bridge (main Bridge) to the main subnet. Is it possible to do so? or to exclude SFP+ ports of the bridge, and drive home subnet via VLAN too?


In General, now and done. The speed for sfp+ will be enough for the vlan. Another point how the provider switch and throw it to tick, but this situation can be, when the wire comes in another part of the building.

Another point, you made what for another bridge for the guest and lost support for Hardware off.
You can vlan to land on the desired port. Those making the access port in Cisco terminology.

Indicate Vlan port PVID VLAN need and make it untagget on this port. It is not clear , write will write in more detail.
I think I finally drove to the theory. Config is not correct, since not correctly understand how to configure these VLANs and you need to properly configure access ports.
Another point how the provider switch and throw it to tick

And the provider in a switch by the fact that the provider comes with optics and didn't want to buy media Converter for 8p8c but didn't want to take the only port SFP+ 100MB on the router ISP. I want to combine the switch and the router fastest link.

Thanks for the explanation. - geovany.Altenwert commented on March 19th 20 at 08:38
@geovany.Altenwert, Well then this is quite normal.
Just remember this point. SFP+ 10gb you. Two Switch chip at 2.5, but the total bandwidth of the entire router almost 10gb.

https://i.mt.lv/cdn/rb_files/RB4011iGSplusRM-18090...

unfortunately my tests didn't have this router, so I can only imagine how traffic will be distributed. While on the other hand, if you get up to 10gb almost constant load, clearly need to do something and probably buy something else. - elmore92 commented on March 19th 20 at 08:41

Find more questions by tags MikrotikNetwork equipment