Community discussions

MikroTik App
  4. RouterOS
  5. General

Another RB450G VLAN question

Post Reply
 
squeezypiano
newbie
Topic Author
Posts: 45
Joined: Tue Oct 09, 2012 10:05 pm

Another RB450G VLAN question

Tue Oct 09, 2012 10:26 pm

Hi,

Apologies for posting another question about VLANs on the RB450G but I have been stumped by them for over three months now. And hope someone might be kind enough to send me a prepared config to do what I need.

I need two 'user' subnets and a management subnet.

Ether 1 is WAN so nice and easy

Ether2-5 need the subnets as:
2x port trunking user subnets to additional switches (both tagged) with the management subnet untagged
1x port using first user subnet (untagged)
1x port using second management subnet (untagged)

All subnets need to be able to route between each other (albeit firewalled but I can manage that) and also out the WAN port.

Many thanks,
P
Top
 
User avatar
tomaskir
Trainer
Trainer
Posts: 1162
Joined: Sat Sep 24, 2011 2:32 pm
Location: Slovakia

Re: Another RB450G VLAN question

Wed Oct 10, 2012 11:36 pm

Here you go:

br-vlan10 - interface for first user subnet
br-vlan20 - interface for second user subnet
br-mng - interface for management

Put all your IPs on the bridges.
Code: Select all
/interface bonding 
add name="LACP_1" slaves=ether2,ether3 mode=802.3ad link-monitoring=mii-type1

/interface vlan
add interface="LACP_1" name=vlan10 vlan-id=10
add interface="LACP_1" name=vlan20 vlan-id=20

/interface bridge
add name=br-vlan10
add name=br-vlan20
add name=br-mng

/interface bridge port
add bridge=br-vlan10 interface=vlan10
add bridge=br-vlan10 interface=ether4
add bridge=br-vlan20 interface=vlan20
add bridge=br-mng interface="LACP_1"
add bridge=br-mng interface=ether5
Top
 
squeezypiano
newbie
Topic Author
Posts: 45
Joined: Tue Oct 09, 2012 10:05 pm

Re: Another RB450G VLAN question

Thu Oct 11, 2012 1:18 pm

Excellent, thanks, will give that a try. Do I need to anything with VLAN Mode on the ports or switch rules?
Top
 
User avatar
tomaskir
Trainer
Trainer
Posts: 1162
Joined: Sat Sep 24, 2011 2:32 pm
Location: Slovakia

Re: Another RB450G VLAN question

Fri Oct 12, 2012 8:14 am

Excellent, thanks, will give that a try. Do I need to anything with VLAN Mode on the ports or switch rules?
You dont need to mess with the switch chip on the RB at all.
Top
 
squeezypiano
newbie
Topic Author
Posts: 45
Joined: Tue Oct 09, 2012 10:05 pm

Re: Another RB450G VLAN question

Sun Oct 14, 2012 11:48 pm

Really sorry to come back again but I am failing miserably here so decided to simplify it for testing. The RB450G has four ports so I have set it up using the config below such that:

Port 2 - management vlan
Port 3 - vlan 10
Port 4 - vlan 20
Port 5 - trunk port (management untagged)

When I put a switch on the end of the trunk I get the management VLAN but nothing from the two tagged ones and have confirmed the switch is OK buy connecting to another switch and testing the trunking is OK.

I must have missed something (I have heard the RB450G is a bit quirky with VLANs) cannot see what, sorry.
Code: Select all
/interface bridge
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
    disabled=no forward-delay=15s l2mtu=1516 max-message-age=20s mtu=1500 \
    name=br-vlan10 priority=0x8000 protocol-mode=none transmit-hold-count=6
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
    disabled=no forward-delay=15s l2mtu=1516 max-message-age=20s mtu=1500 \
    name=br-vlan20 priority=0x8000 protocol-mode=none transmit-hold-count=6
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
    disabled=no forward-delay=15s l2mtu=1520 max-message-age=20s mtu=1500 \
    name=br-mng priority=0x8000 protocol-mode=none transmit-hold-count=6
/interface ethernet
set 0 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
    disabled=no full-duplex=yes l2mtu=1520 mac-address=D4:CA:6D:##:##:## \
    master-port=none mtu=1500 name=ether1 speed=100Mbps
set 1 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
    disabled=no full-duplex=yes l2mtu=1520 mac-address=D4:CA:6D:##:##:## \
    master-port=none mtu=1500 name=ether2 speed=100Mbps
set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
    disabled=no full-duplex=yes l2mtu=1520 mac-address=D4:CA:6D:##:##:## \
    master-port=none mtu=1500 name=ether3 speed=100Mbps
set 3 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
    disabled=no full-duplex=yes l2mtu=1520 mac-address=D4:CA:6D:##:##:## \
    master-port=none mtu=1500 name=ether4 speed=100Mbps
set 4 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
    disabled=no full-duplex=yes l2mtu=1520 mac-address=D4:CA:6D:##:##:## \
    master-port=none mtu=1500 name=ether5 speed=100Mbps
/interface vlan
add arp=enabled disabled=no interface=ether5 l2mtu=1516 mtu=1500 name=vlan10 \
    use-service-tag=no vlan-id=10
add arp=enabled disabled=no interface=ether5 l2mtu=1516 mtu=1500 name=vlan20 \
    use-service-tag=no vlan-id=20
/interface ethernet switch
set 0 mirror-source=none mirror-target=none name=switch1 switch-all-ports=no
/ip hotspot profile
set [ find default=yes ] dns-name="" hotspot-address=0.0.0.0 html-directory=\
    hotspot http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=\
    cookie,http-chap name=default rate-limit="" smtp-server=0.0.0.0 \
    split-user-domain=no use-radius=no
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m name=default \
    shared-users=1 status-autorefresh=1m transparent-proxy=no
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha1 disabled=no enc-algorithms=3des \
    lifetime=30m name=default pfs-group=modp1024
/ip pool
add name=dhcp_pool1 ranges=192.168.0.101-192.168.0.105
add name=dhcp_pool2 ranges=192.168.10.111-192.168.10.115
add name=dhcp_pool3 ranges=192.168.20.121-192.168.20.125
/ip dhcp-server
add address-pool=dhcp_pool1 authoritative=after-2sec-delay bootp-support=\
    static disabled=no interface=br-mng lease-time=3d name=dhcp1
add address-pool=dhcp_pool2 authoritative=after-2sec-delay bootp-support=\
    static disabled=no interface=br-vlan10 lease-time=3d name=dhcp2
add address-pool=dhcp_pool3 authoritative=after-2sec-delay bootp-support=\
    static disabled=no interface=br-vlan20 lease-time=3d name=dhcp3
/port
set 0 baud-rate=auto data-bits=8 flow-control=none name=serial0 parity=none \
    stop-bits=1
/ppp profile
set 0 change-tcp-mss=yes name=default only-one=default use-compression=\
    default use-encryption=default use-mpls=default use-vj-compression=\
    default
set 1 change-tcp-mss=yes name=default-encryption only-one=default \
    use-compression=default use-encryption=yes use-mpls=default \
    use-vj-compression=default
/queue type
set 0 kind=pfifo name=default pfifo-limit=50
set 1 kind=pfifo name=ethernet-default pfifo-limit=50
set 2 kind=sfq name=wireless-default sfq-allot=1514 sfq-perturb=5
set 3 kind=red name=synchronous-default red-avg-packet=1000 red-burst=20 \
    red-limit=60 red-max-threshold=50 red-min-threshold=10
set 4 kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=5
set 5 kind=none name=only-hardware-queue
set 6 kind=mq-pfifo mq-pfifo-limit=50 name=multi-queue-ethernet-default
set 7 kind=pfifo name=default-small pfifo-limit=10
/routing bgp instance
set default as=65530 client-to-client-reflection=yes disabled=no \
    ignore-as-path-len=no name=default out-filter="" redistribute-connected=\
    no redistribute-ospf=no redistribute-other-bgp=no redistribute-rip=no \
    redistribute-static=no router-id=0.0.0.0 routing-table=""
/routing ospf instance
set [ find default=yes ] disabled=no distribute-default=never in-filter=\
    ospf-in metric-bgp=auto metric-connected=20 metric-default=1 \
    metric-other-ospf=auto metric-rip=20 metric-static=20 name=default \
    out-filter=ospf-out redistribute-bgp=no redistribute-connected=no \
    redistribute-other-ospf=no redistribute-rip=no redistribute-static=no \
    router-id=0.0.0.0
/routing ospf area
set [ find default=yes ] area-id=0.0.0.0 disabled=no instance=default name=\
    backbone type=default
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0 authentication-password="" \
    authentication-protocol=MD5 encryption-password="" encryption-protocol=\
    DES name=public read-access=yes security=none write-access=no
/system logging action
set 0 memory-lines=100 memory-stop-on-full=no name=memory target=memory
set 1 disk-file-count=2 disk-file-name=log disk-lines-per-file=100 \
    disk-stop-on-full=no name=disk target=disk
set 2 name=echo remember=yes target=echo
set 3 bsd-syslog=no name=remote remote-port=514 src-address=0.0.0.0 \
    syslog-facility=daemon syslog-severity=auto target=remote
/tool user-manager customer
add backup-allowed=yes disabled=no login=admin password="" \
    paypal-accept-pending=no paypal-allowed=no paypal-secure-response=no \
    permissions=owner signup-allowed=no time-zone=-00:00
/user group
set read name=read policy="local,telnet,ssh,reboot,read,test,winbox,password,w\
    eb,sniff,sensitive,api,!ftp,!write,!policy" skin=default
set write name=write policy="local,telnet,ssh,reboot,read,write,test,winbox,pa\
    ssword,web,sniff,sensitive,api,!ftp,!policy" skin=default
set full name=full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,\
    winbox,password,web,sniff,sensitive,api" skin=default
/interface bridge port
add bridge=br-mng disabled=no edge=auto external-fdb=auto horizon=none \
    interface=ether2 path-cost=10 point-to-point=auto priority=0x80
add bridge=br-vlan10 disabled=no edge=auto external-fdb=auto horizon=none \
    interface=ether3 path-cost=10 point-to-point=auto priority=0x80
add bridge=br-vlan20 disabled=no edge=auto external-fdb=auto horizon=none \
    interface=ether4 path-cost=10 point-to-point=auto priority=0x80
add bridge=br-mng disabled=no edge=auto external-fdb=auto horizon=none \
    interface=ether5 path-cost=10 point-to-point=auto priority=0x80
add bridge=br-vlan10 disabled=no edge=auto external-fdb=auto horizon=none \
    interface=vlan10 path-cost=10 point-to-point=auto priority=0x80
add bridge=br-vlan20 disabled=no edge=auto external-fdb=auto horizon=none \
    interface=vlan20 path-cost=10 point-to-point=auto priority=0x80
/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=\
    no
/interface ethernet switch port
set 0 vlan-header=leave-as-is vlan-mode=fallback
set 1 vlan-header=leave-as-is vlan-mode=fallback
set 2 vlan-header=leave-as-is vlan-mode=fallback
set 3 vlan-header=leave-as-is vlan-mode=fallback
set 4 vlan-header=leave-as-is vlan-mode=fallback
set 5 vlan-header=leave-as-is vlan-mode=fallback
/interface l2tp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=\
    default-encryption enabled=no max-mru=1460 max-mtu=1460 mrru=disabled
/interface ovpn-server server
set auth=sha1,md5 certificate=none cipher=blowfish128,aes128 default-profile=\
    default enabled=no keepalive-timeout=60 mac-address=FE:5E:70:DF:39:7D \
    max-mtu=1500 mode=ip netmask=24 port=1194 require-client-certificate=no
/interface pptp-server server
set authentication=mschap1,mschap2 default-profile=default-encryption \
    enabled=no keepalive-timeout=30 max-mru=1460 max-mtu=1460 mrru=disabled
/interface sstp-server server
set authentication=pap,chap,mschap1,mschap2 certificate=none default-profile=\
    default enabled=no keepalive-timeout=60 max-mru=1500 max-mtu=1500 mrru=\
    disabled port=443 verify-client-certificate=no
/ip accounting
set account-local-traffic=no enabled=no threshold=256
/ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ip address
add address=192.168.0.1/24 disabled=no interface=br-mng network=192.168.0.0
add address=192.168.10.1/24 disabled=no interface=br-vlan10 network=\
    192.168.10.0
add address=192.168.20.1/24 disabled=no interface=br-vlan20 network=\
    192.168.20.0
/ip dhcp-client
add add-default-route=yes default-route-distance=0 disabled=no interface=\
    ether1 use-peer-dns=yes use-peer-ntp=yes
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server network
add address=192.168.0.0/24 dhcp-option="" dns-server=8.8.8.8 gateway=\
    192.168.0.1 ntp-server="" wins-server=""
add address=192.168.10.0/24 dhcp-option="" dns-server=8.8.8.8 gateway=\
    192.168.10.1 ntp-server="" wins-server=""
add address=192.168.20.0/24 dhcp-option="" dns-server=8.8.8.8 gateway=\
    192.168.20.1 ntp-server="" wins-server=""
/ip dns
set allow-remote-requests=no cache-max-ttl=1w cache-size=2048KiB \
    max-udp-packet-size=4096 servers=""
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
    tcp-close-wait-timeout=10s tcp-established-timeout=1d \
    tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
    tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
    tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall nat
add action=masquerade chain=srcnat comment="outbound nat" disabled=no \
    out-interface=ether1 to-addresses=0.0.0.0
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061 sip-direct-media=yes
set pptp disabled=no
/ip hotspot service-port
set ftp disabled=no ports=21
/ip neighbor discovery
set ether1 disabled=no
set ether2 disabled=no
set ether3 disabled=no
set ether4 disabled=no
set ether5 disabled=no
set br-vlan10 disabled=no
set br-vlan20 disabled=no
set br-mng disabled=no
set vlan10 disabled=yes
set vlan20 disabled=yes
/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 \
    cache-on-disk=no enabled=no max-cache-size=none max-client-connections=\
    600 max-fresh-time=3d max-server-connections=600 parent-proxy=0.0.0.0 \
    parent-proxy-port=0 port=8080 serialize-connections=no src-address=\
    0.0.0.0
/ip service
set telnet address="" disabled=no port=23
set ftp address="" disabled=no port=21
set www address="" disabled=no port=80
set ssh address="" disabled=no port=22
set www-ssl address="" certificate=none disabled=yes port=443
set api address="" disabled=yes port=8728
set winbox address="" disabled=no port=8291
/ip smb
set allow-guests=yes comment=MikrotikSMB domain=MSHOME enabled=no interfaces=\
    all
/ip smb shares
set [ find default=yes ] comment="default share" directory=/pub disabled=no \
    max-sessions=10 name=pub
/ip smb users
set [ find default=yes ] disabled=no name=guest password="" read-only=yes
/ip socks
set connection-idle-timeout=2m enabled=no max-connections=200 port=1080
/ip traffic-flow
set active-flow-timeout=30m cache-entries=4k enabled=no \
    inactive-flow-timeout=15s interfaces=all
/ip upnp
set allow-disable-external-interface=yes enabled=no show-dummy-rule=yes
/mpls
set dynamic-label-range=16-1048575 propagate-ttl=yes
/mpls interface
set [ find default=yes ] disabled=no interface=all mpls-mtu=1508
/mpls ldp
set distribute-for-default-route=no enabled=no hop-limit=255 loop-detect=no \
    lsr-id=0.0.0.0 path-vector-limit=255 transport-address=0.0.0.0 \
    use-explicit-null=no
/port firmware
set directory=firmware ignore-directip-modem=no
/ppp aaa
set accounting=yes interim-update=0s use-radius=no
/queue interface
set ether1 queue=only-hardware-queue
set ether2 queue=only-hardware-queue
set ether3 queue=only-hardware-queue
set ether4 queue=only-hardware-queue
set ether5 queue=only-hardware-queue
/radius incoming
set accept=no port=3799
/routing bfd interface
set [ find default=yes ] disabled=no interface=all interval=0.2s min-rx=0.2s \
    multiplier=5
/routing igmp-proxy
set query-interval=2m5s query-response-interval=10s quick-leave=no
/routing mme
set bidirectional-timeout=2 gateway-class=none gateway-keepalive=1m \
    gateway-selection=no-gateway origination-interval=5s preferred-gateway=\
    0.0.0.0 timeout=1m ttl=50
/routing pim
set switch-to-spt=yes switch-to-spt-bytes=0 switch-to-spt-interval=1m40s
/routing rip
set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1 \
    metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no \
    redistribute-connected=no redistribute-ospf=no redistribute-static=no \
    routing-table=main timeout-timer=3m update-timer=30s
/snmp
set contact="" enabled=no engine-id="" location="" trap-generators="" \
    trap-target="" trap-version=1
/system clock
set time-zone-name=manual
/system clock manual
set dst-delta=+00:00 dst-end="jan/01/1970 00:00:00" dst-start=\
    "jan/01/1970 00:00:00" time-zone=+00:00
/system console
set [ find port=serial0 ] channel=0 disabled=no port=serial0 term=vt102
/system identity
set name=MikroTik
/system logging
set 0 action=memory disabled=no prefix="" topics=info
set 1 action=memory disabled=no prefix="" topics=error
set 2 action=memory disabled=no prefix="" topics=warning
set 3 action=echo disabled=no prefix="" topics=critical
/system note
set note="" show-at-login=yes
/system ntp client
set enabled=no mode=unicast primary-ntp=0.0.0.0 secondary-ntp=0.0.0.0
/system ntp server
set broadcast=no broadcast-addresses="" enabled=no manycast=yes multicast=no
/system resource irq
set 0 cpu=auto
set 1 cpu=auto
set 2 cpu=auto
set 3 cpu=auto
/system routerboard settings
set baud-rate=115200 boot-delay=2s boot-device=nand-if-fail-then-ethernet \
    boot-protocol=bootp cpu-frequency=680MHz enable-jumper-reset=yes \
    enter-setup-on=any-key force-backup-booter=no silent-boot=no
/system upgrade mirror
set check-interval=1d enabled=no primary-server=0.0.0.0 secondary-server=\
    0.0.0.0 user=""
/system watchdog
set auto-send-supout=no automatic-supout=yes no-ping-delay=5m watch-address=\
    none watchdog-timer=yes
/tool bandwidth-server
set allocate-udp-ports-from=2000 authenticate=yes enabled=yes max-sessions=\
    100
/tool e-mail
set address=0.0.0.0 from=<> password="" port=25 starttls=no user=""
/tool graphing
set page-refresh=300 store-every=5min
/tool mac-server
set [ find default=yes ] disabled=no interface=all
/tool mac-server mac-winbox
set [ find default=yes ] disabled=no interface=all
/tool mac-server ping
set enabled=yes
/tool sms
set allowed-number="" channel=0 keep-max-sms=0 receive-enabled=no secret=""
/tool sniffer
set file-limit=1000KiB file-name="" filter-ip-address="" filter-ip-protocol=\
    "" filter-mac-address="" filter-mac-protocol="" filter-port="" \
    filter-stream=yes interface=all memory-limit=100KiB memory-scroll=yes \
    only-headers=no streaming-enabled=no streaming-server=0.0.0.0
/tool traffic-generator
set latency-distribution-scale=10 test-id=0
/user aaa
set accounting=yes default-group=read exclude-groups="" interim-update=0s \
    use-radius=no
Top
 
User avatar
tomaskir
Trainer
Trainer
Posts: 1162
Joined: Sat Sep 24, 2011 2:32 pm
Location: Slovakia

Re: Another RB450G VLAN question

Mon Oct 15, 2012 2:13 am

Please do "/export compact", going through your whole raw config would take forever :)
Top
 
squeezypiano
newbie
Topic Author
Posts: 45
Joined: Tue Oct 09, 2012 10:05 pm

Re: Another RB450G VLAN question

Mon Oct 15, 2012 11:35 am

Please do "/export compact", going through your whole raw config would take forever :)
Here it is...
Code: Select all
/interface bridge
add l2mtu=1516 name=br-vlan10
add l2mtu=1516 name=br-vlan20
add l2mtu=1520 name=br-mng
/interface vlan
add interface=ether5 l2mtu=1516 name=vlan10 vlan-id=10
add interface=ether5 l2mtu=1516 name=vlan20 vlan-id=20
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m
/ip pool
add name=dhcp_pool1 ranges=192.168.0.101-192.168.0.105
add name=dhcp_pool2 ranges=192.168.10.111-192.168.10.115
add name=dhcp_pool3 ranges=192.168.20.121-192.168.20.125
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=br-mng name=dhcp1
add address-pool=dhcp_pool2 disabled=no interface=br-vlan10 name=dhcp2
add address-pool=dhcp_pool3 disabled=no interface=br-vlan20 name=dhcp3
/tool user-manager customer
add backup-allowed=yes disabled=no login=admin password="" \
    paypal-accept-pending=no paypal-allowed=no paypal-secure-response=no \
    permissions=owner signup-allowed=no time-zone=-00:00
/interface bridge port
add bridge=br-mng interface=ether2
add bridge=br-vlan10 interface=ether3
add bridge=br-vlan20 interface=ether4
add bridge=br-mng interface=ether5
add bridge=br-vlan10 interface=vlan10
add bridge=br-vlan20 interface=vlan20
/ip address
add address=192.168.0.1/24 interface=br-mng
add address=192.168.10.1/24 interface=br-vlan10
add address=192.168.20.1/24 interface=br-vlan20
/ip dhcp-client
add default-route-distance=0 disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.0.0/24 dns-server=8.8.8.8 gateway=192.168.0.1
add address=192.168.10.0/24 dns-server=8.8.8.8 gateway=192.168.10.1
add address=192.168.20.0/24 dns-server=8.8.8.8 gateway=192.168.20.1
/ip firewall nat
add action=masquerade chain=srcnat comment="outbound nat" out-interface=\
    ether1 to-addresses=0.0.0.0
/ip neighbor discovery
set vlan10 disabled=yes
set vlan20 disabled=yes
Top
 
User avatar
tomaskir
Trainer
Trainer
Posts: 1162
Joined: Sat Sep 24, 2011 2:32 pm
Location: Slovakia

Re: Another RB450G VLAN question

Mon Oct 15, 2012 12:52 pm

The config is OK and should work. I would guess something is configured wrong on your switches.

As an example, this is a config of one of my 1100AH, it connects to 4 switches on port 1-4 tagged in vlan 250, and bridges that for direct access the the management vlan on ports 9,10.
Code: Select all
/interface vlan
add comment=Management interface=ether1 name=vlan250-sw1 vlan-id=250
add interface=ether2 name=vlan250-sw2 vlan-id=250
add interface=ether3 name=vlan250-sw3 vlan-id=250
add interface=ether4 name=vlan250-sw4 vlan-id=250

/interface bridge
add comment=Management name=bridge-vlan250 protocol-mode=rstp

/interface bridge port
add bridge=bridge-vlan250 comment=Management interface=vlan250-sw1
add bridge=bridge-vlan250 interface=vlan250-sw2
add bridge=bridge-vlan250 interface=vlan250-sw3
add bridge=bridge-vlan250 interface=vlan250-sw4
add bridge=bridge-vlan250 interface=ether9
add bridge=bridge-vlan250 interface=ether10
Top
Post Reply

Who is online

Users browsing this forum: No registered users and 126 guests
  4. RouterOS
  5. General