I have a MikroTik CRS305-1G-4S+ that’s set up for a few tagged VLANs and a PC with an onboard Marvell FastLinQ Edge 10GbE NIC based on the AQC113C controller. The PC is set up to dual boot Linux and Windows 11. In Linux, I’m using a few of the tagged VLANs (1, 10, and 100); in Windows, I only care about one of them (100).
In Windows, I set the VLAN ID to 100 on the NIC in Device Manager. (Driver version 3.1.3.0.) I can run an iperf3 test sending data TO the server:
So I’m at a bit of a loss here. I can configure the switch to un-tag VLAN 100 on egress for this port but Linux gets a little manic when you try to mix tagged and un-tagged traffic on the same interface and start creating bridges, etc. on top of it. I’m hoping there’s some deep Windows magic that will make this Just WorkTM. Thanks in advance!
You sure it’s not a problem with iperf?
Can you run an iperf3 from the win machine to the linux server?
What about pings and tcp packets? are they going through properly?
No, but it’s not the only thing that’s broken. What I originally noticed was that I can connect to the SMB server on 10.10.10.4 but directory listings won’t load. It seems like data transfer from the server back to the client is getting dropped somewhere along the line.
Yes. The first example in my OP shows this.
Ping works fine, both ways. (After enabling ICMP Echo in Windows Firewall.)
I think iperf3 is TCP by default. Switching it to UDP mode gives the same results (can transfer TO the server, can’t transfer FROM the server).
Hmm, these three examples look to me like runs from the box where you are doing the vlan tagging (client) to a linux box (server) … i.e the direction is the same, but the binary is different
What I meant was to set up iperf3 on the windows box (10.10.10.9) in server mode, and run iperf3 in client mode from the linux machine (10.10.10.4) without the reverse option …
Have you tried disabling the windows firewall completely just to rule it out?
No offload options related to VLAN tagging, but some of the usual suspects like ARP, checksum, large send, etc. I tried disabling them one at a time… no change.
Welp, I still don’t really understand what’s going on, but here’s my interim solution.
First, I created a new dummy VLAN 1100 on the switch with the ACQ113C port as its only member. I set the PVID of the ACQ113C port to 1100; this causes the switch to strip packets tagged with VLAN 1100 and send them un-tagged to the port, which is what Windows apparently needs. In Windows, I set the VLAN ID of the interface to 1100 and set a different IP address than the one I plan to use in Linux. This causes packets originating from Windows to get tagged with VLAN 1100. These changes give me some unique conditions to work with.
Next, back on the switch, I created two ACL rules. Traffic coming from the other switch ports, matching Windows’ unique IP DST, get forced to VLAN 1100. Traffic coming from the ACQ113C port, tagged with VLAN 1100, get forced to VLAN 100. Et voila.
Linux isn’t aware of the dummy VLAN 1100 and uses a different IP address on VLAN 100, so the ACL rules will never fire. Tagged traffic gets sent back and forth like normal on VLANs 1, 10, and 100. Untagged traffic and anything else coming down the wire gets ignored.
I’m sure a proper network engineer would be able to figure out a more elegant solution but this works for the time being and it’s better (IMNSHO) than dealing with mixed tagged and untagged traffic in Linux.
i have ubiquiti telling me the reason why my windows is responding to trafic on the wrong VLAN is:
We suspect that traffic for VLAN 1 (default ) is TAGGED off the switch port but Your Windows NIC drivers just STRIP AWAY that tag presenting this traffic as UNTAGGED (thus in RX direction You have two vlans 4 an 1 as untagged ) confusing the Windows OS…
the interface in question is indeed an ACQ113 based card