virtual interface on ether interface (like vlan, but without tag)

Wouldn't that be the interface itself?
Or do you really need an interface that drops any other vlan for use in bridges? Here a bridge filter can compensate for this.
Otherwise it is only cosmetic.

Currently, Mikrotik can not elementary thing - connect the two bridges. (http://forum.mikrotik.com/viewtopic.php?f=2&t=107306)
I could not believe it, but Mikrotik really can not do it!

With Virtual interface without tagging it can be done.

Also, it can be done with vlan interfaces and vlan tag management, but Mikrotik do not have any manual vlan tag management! (http://forum.mikrotik.com/viewtopic.php?f=2&t=107121)
I have already create post with feature request (http://forum.mikrotik.com/viewtopic.php?f=1&t=107199)

Making a bridge between other two bridges is the same like moving all the ports from those two bridges to the third one and removing the other two. There is no need to have a hyperbridge.

Making a bridge between other two bridges is the same like moving all the ports from those two bridges to the third one and removing the other two.

No, you do not understand.
Each bridge has a unique MAC-address! And we can assign an IP address to the bridge!
Now do you understand?

Each bridge has a unique MAC-address! And we can assign an IP address to the bridge!
Now do you understand?

You can assign as many IP addresses to any single interface as you wish.

I'm not sure how it would help with building a superbridge, so I won't comment on that.

But on original topic, virtual interface with own MAC address could be useful, e.g. when you want to get more than one address from DHCP server (without ugly hacks), perhaps even for something else.

Each bridge has a unique MAC-address! And we can assign an IP address to the bridge!
Now do you understand?

You can assign as many IP addresses to any single interface as you wish.

omg. you really do not see the difference between the two interfaces with the unique ip addresses, and one interface with two ip addresses?

you really do not see the difference between the two interfaces with the unique ip addresses, and one interface with two ip addresses?

As long as these two interfaces are in the same broadcast domain (i.e. bridged together)- no, I don't see much difference.
Are you willing to explain what you think the difference is?

Well. I would surely appreciate the possibility to have multiple mac addresses on whatever interface and the ability to run multiple dhcp clients on the interface with mac address as distinguisher. And the same everywhere where applicable.

the possibility to have multiple mac addresses on whatever interface and the ability to run multiple dhcp clients on the interface with mac address as distinguisher

Can you provide any real-life example where this is necessary, please? Highly curious.

Some isps are providing multiple ip addresses but only via dhcp. You cannot easily get them.

Making a bridge between other two bridges is the same like moving all the ports from those two bridges to the third one and removing the other two.

No, you do not understand.
Each bridge has a unique MAC-address! And we can assign an IP address to the bridge!
Now do you understand?

If you "hyper"-bridge the bridges you have only one admin mac.

Is like you put one dhcp-client for each ether1~5 port and bridge it all together.....

Just chiming in with support for this feature. My ISP assigns IPs via DHCP and requires a different MAC address for each reservation.
I've jimmied something up with a virtual router Bridge NATing to rewrite MAC addresses, etc. but it's horrible.
The ability to add virtual interfaces with a unique MAC addresses, which could I could then attach a DHCP clients to would allow me to do this cleanly.

Just chiming in with support for this feature. My ISP assigns IPs via DHCP and requires a different MAC address for each reservation.
I've jimmied something up with a virtual router Bridge NATing to rewrite MAC addresses, etc. but it's horrible.
The ability to add virtual interfaces with a unique MAC addresses, which could I could then attach a DHCP clients to would allow me to do this cleanly.

I have the same issue with UnityMedia, providing me with internet via cable (5 fixed IP addresses). They do not give you a /28, but rather assign the IPs via DHCP to specified MAC Addresses.

Solved it by plugging a dumb L2 Switch between the cable modem and my RB1100AHx2, using ETH1-5 on the RB side.

Now, I don't mind the "lost" ports much, as I just use another 4 ports (secondary ISP, DMZ, Prod.LAN, Guest.LAN). Still... being able to assign virtual interfaces to a single ETH would save - in my case - 4 more ETH Ports.

Yeah, I considered using 5 ports for my 5 "static" IP addresses as well... I picked the virtual router method because avoiding an extra L2 switch, cable mess, port usage etc. was worth it for me.
Either option sucks though, vifs would solve it elegantly. Here's to hoping we get this feature some day!

Why not just request multiple mac addresses per interface as general feature and then enable to have multiple dhcp clients per each mac of such interfaces?

That might also be a possibility, but virtual interfaces is how I've seen it done elsewhere.

As a naive user, I think having multiple MACs per interface would introduce many technical problems as it seems to me to be a non-standard way of doing it. I assume this would be an engineering decision by someone much more qualified than me.

True. This would be a good feature anyway.

This is a brilliant feature request.

Make sure to email it through to support.

This is a brilliant feature request.

Make sure to email it through to support.

Is there any proper protocol for submitting feature requests? Or literally just email support[at]mikrotik.com?

To write it here is the proper way. If there will be enough supporters, we can push mikrotik to take some action. But you know how it is with them...

Is there any proper protocol for submitting feature requests? Or literally just email support[at]mikrotik.com?

I have had the most success with feature requests by emailing support@mikrotik.com

Just make sure to outline your request in detail and explain the use cases.

im in for this orginal post. There is no way to easy make bridge bridged together. There might be some rare situations where this is needed. If you have ether1 - and vlan 100 and 200 on ether1. and want vlan 100 and ether1 untagged bridged to ether2 - you need to somehow bridge bridges together today. You cant pick a vlan - and untagg this to a port where its "main" interface is a member. Then you need to bridges bridged. if you have a ether1_virt1 thast has the same traffic as ether1 - its possible to bridge ether1_vlan100 and ether1-virt1 with ether2.

why should you need this? - example:

you have an innlink with managment traffic tagged as vlan 100 - and lets say a dhcp or pppoe untagged in ether1 port. on ether2 - there is some equipment need managment traffic - but its not untagged if you bridge ether1 and 2. Then you need to have vlan 100 untagged to this same port as "dhcp/pppoe" traffic. I know its not a good way of doing this - but its a way that work. If you change fraom cisco to mikrotik - you will sometimes hit this issue - that you need yo run an vlan as untagged to a port -also bridged eith another port having the same vlan as tagged. Here mikrotik have no good solution for this today.

im in for this orginal post. There is no way to easy make bridge bridged together.

There is no logical difference between bridging two bridges together / moving the ports off of bridge2 and connecting them to bridge1 instead.

There is a performance penalty for bridging the bridges together, as each packet must be processed three times to get through the gauntlet of bridges if it enters on a bridge1 port, crosses "main bridge" and then exits on a bridge2 port. Basically, you get the same functionality and much worse performance by bridging bridges together.

you have an innlink with managment traffic tagged as vlan 100 - and lets say a dhcp or pppoe untagged in ether1 port.

In this situation, you would create one bridge for each "vlan"
So if in cisco you issue the command: vlan 100, then in Mikrotik: /interface bridge add name=br-v100
Then connect any "access ports" directly to the bridge: /interface bridge port add bridge=br-v100 interface=ether2
To tag on a particular interface, add a vlan subinterface: /interface vlan add name=e1-v100 vlan-id=100 interface=ether1
Then connect the vlan interface to the br-v100 bridge.
Voila! tagged vlan100 on ether1 -> untagged on ether2

In the past I also got the need to bridge bridges:

I wanted to push two independent Layer-2 datastreams through one mikrotik device. Thus utilizing both incoming and both outgoing links simultanenously without blocking one of them.

Ie.:
Eth1 and eth2 on bridge1
Eth3 and eth4 on bridge2

Now I wanted to Connect both bridges for redundancy, where the bridge interconnect is of such bad cost that it remains blocked by RSTP unless one of the ethers fails.
I finally realized it with a metarouter, which simply was setup to bridge its two given interfaces.

And yeah I second the request to bridge bridges.
The simplest way to do so might be an additional interface type: the virtual-cable. Adding a virtual cable would simply create two ethernet-like pseudo-interfaces, which can be used like any ethernet-interface.

I to have the same issue with dhcp fixed to specific mac addresses. My ISP gives out "STATIC" IP addresses but tied to specific mac addresses. I would like to use only 1 physical for this..

Thanks

im in for this orginal post. There is no way to easy make bridge bridged together.

There is no logical difference between bridging two bridges together / moving the ports off of bridge2 and connecting them to bridge1 instead.

There is a performance penalty for bridging the bridges together, as each packet must be processed three times to get through the gauntlet of bridges if it enters on a bridge1 port, crosses "main bridge" and then exits on a bridge2 port. Basically, you get the same functionality and much worse performance by bridging bridges together.

you have an innlink with managment traffic tagged as vlan 100 - and lets say a dhcp or pppoe untagged in ether1 port.

In this situation, you would create one bridge for each "vlan"
So if in cisco you issue the command: vlan 100, then in Mikrotik: /interface bridge add name=br-v100
Then connect any "access ports" directly to the bridge: /interface bridge port add bridge=br-v100 interface=ether2
To tag on a particular interface, add a vlan subinterface: /interface vlan add name=e1-v100 vlan-id=100 interface=ether1
Then connect the vlan interface to the br-v100 bridge.
Voila! tagged vlan100 on ether1 -> untagged on ether2

I dont think you see what i mean. if you want to bridge bridges - you need to make psudo interface - like a vlan to do this. Lets say you have vlan100 on ether1 and want this out on ether2 untagged, ether2_vlan300, ether4 untagged and ether4_vlan400 . You see the problem configuring this? if you put a interface to a bridge - you also bridge any vlan tagged to this interface. if you bridge all this together - vlan300,400 and 100 will "go out" on all ports in the bridge. If you only want traffic from a separate vlan - you can only bridge this vlan. - not the interface itself, then all vlan is bridged. Problem comming when you want to bridge a vlan to have untagged traffic to the same interface that have another vlan.

What if you join them via a EoIP tunnel? If your router has the horsepower to process the encapsulation in wirespeeds, that is...

I dont think you see what i mean. if you want to bridge bridges - you need to make psudo interface - like a vlan to do this. Lets say you have vlan100 on ether1 and want this out on ether2 untagged, ether2_vlan300, ether4 untagged and ether4_vlan400 . You see the problem configuring this? if you put a interface to a bridge - you also bridge any vlan tagged to this interface. if you bridge all this together - vlan300,400 and 100 will "go out" on all ports in the bridge. If you only want traffic from a separate vlan - you can only bridge this vlan. - not the interface itself, then all vlan is bridged. Problem comming when you want to bridge a vlan to have untagged traffic to the same interface that have another vlan.

The most logical solution would be to add an "untagged" feature to VLAN interfaces. (either set the vlan-id to zero, or have a checkbox "untagged")

You could also try configuring a regular vlan interface and then configuring the switch hardware (on properly-equipped models of course) to strip the tag on egress / apply it on ingress untagged traffic.

I'm having trouble coming up with a simple, concise explanation of my own guidelines for bridging in ROS.

In stead, I'll give my opinion: I find that if one goes that crazy with vlan tags that they're probably over-complicating things and asking for trouble because it leads to spaghetti logic, spaghetti configuration, and difficulty in troubleshooting / training for new techs/engineers. To me, it's an acceptable design rule that I may never bridge the "native" vlan of trunks except as the native vlan of other trunks. My solution is to simply require that all used vlans be tagged on trunk interfaces, or else accept that if I bridge the native vlan, it transports all vlans between interfaces. Working within this limit keeps things much more straightforward and understandable. It may be expedient to do such things in one or a handful of network nodes, but this does not scale to a few dozen POPs or a hundred POPs or a thousand POPs. In the end, while the many fancy things you CAN do with creative bridging are quite useful, sometimes they amount to being rope for hanging one's self.

bridging bridges doesnt make sense as its a linear function because unlike switching bridging happens in the CPU. for broadcast domains though that might be different.

virtual interface is done everywhere else as even ubiquiti has them. They can be used for various things like having traffic processed internally through CPU instead of physically and allows for more features on the software side that would otherwise be impossible or limiting on hardware.

It's dangerous feature that requested.
When you "turn on" magic you also will get side effect.

As lite workaround you may put your L2 to VPLS and make that you want as you want. Also keep in mind how it will be switched and forwarded. And as was said, metarouter may help and will be better for some tasks.

I think in next few years you will ask forwarding between VRFs

I think in next few years you will ask forwarding between VRFs

LOL!

Yeah...
Q: There's this feature that isolates networks into separate routing tables. However, when I use it, I can't get reachability between the networks. How do I solve this?
A: Don't use that feature

My concern about this was after buying a quite small - but still big wimax provider. The provider have managed to put q in q to all wimax base stations, and every customer have his own vlan. managment also - only in some cases- have vlan tagged - in other cases - they are untagged. I wanted all CPE to the same centralised nas - and to be stripped for vlan here. I also changed some of the old tagged managment devices - to mikrotik device - and did not want tagged traffic to have managment here. The setup for this - when there are 2-300 CPES are quite big. The solution was to use 2 routers to strip vlan in 2 steps.

WiMax.... I have nightmares about my last company's forray into WiMax....

Any news about implementing this feature (VI)?

ISP gave me an additional IP-address on a different subnet.
Now i need create additional (virtual) interface on ether1. MAC address must be different.

This can be achieve on Linux using the macvlan kernel module.

Hopefully we see this in RouterOS v7