I am a beginner and I am asking your help.
My ISP provides the FTTH with an ONT.
A RB5009 is connected to the ONT with a 2.5 Gbps ethernet.
On the eth of the ONT, 3 VLans are provided by the ISP
- native VLan \ untagged: to manage the ONT itself
- Vlan ID 100 for data traffic
- Vlan ID 200 for VoIP traffic
Until now I used just the data and not the VoIP since I still do not have an ATA adapter
on the RB5009:
- ETH1 is for the WAN, on top there is the Vlan 100 configured and on top to the Vlan 100 there is the PPPoE client
- ETH2 to ETH 8 are bridged togheter and used for clients and access points
etc. etc. firewall... NAT... port maps... etc. etc. and everything works perfectly
Now... I just got an ATA adapter so I need to pass the VLan ID 200 to another eth port and keep the Vlan tagged. Maybe I have to remove one eth port out of the bridge and dedicate this to the ATA.
How can I do that?
Regards.
Re: Two VLans on WAN interface
I am using a RB5009 where all the ports ether1-8 and sfp-sfpplus1 are under one bridge without a problem. What you can do now is to:
* Under /interface bridge vlan, add a new entry for vlan-ids=100, bridge=bridge (your main bridge) tagged=bridge,ether1
* Under /interface bridge vlan, add a new entry for vlan-ids=200, bridge=bridge (your main bridge) tagged=bridge,ether1,ether7
* Under /interface bridge vlan, add a new entry for vlan-ids=1000, bridge=bridge (your main bridge) tagged=bridge (only bridge!)
* Under /interface vlan, edit the property of the existing vlan100 interface that you use for internet data, swap the value of interface from ether1 to bridge (your main bridge).
* Under /interface vlan, add a new vlan interface for vlan-id=200, interface=bridge, name=vlan200 (this is optional, you can omit if you don't need to look at the VoIP traffic in RouterOS).
* Under /interface vlan, add a new vlan interface for vlan-id=1000, interface=bridge, name=vlan1000
* Go to /interface bridge port, add an entry for interface=ether1, pvid=1000, frame-types=admit-all
* Turn on VLAN filtering (tab VLAN) in the property of the main bridge if you did not already done it.
Now your ether1 ports has become a hybrid port, member of the main bridge. The interface vlan100 still has internet traffic and works as before. The new interface vlan200 has the VoIP traffic, port ether7 also has that as tagged VLAN 200 so that you can plug the ATA adapter to that port. If you want another port than ether7, change it in the /interface bridge vlan entry with vlan-ids=200 above.
You can manage your ISP ONT by using the interface vlan1000, under /ip address assign an IP address for it in the same range as the management address of the ONT, and add interface vlan1000 to the WAN interface list so that the masquerade rule applies (assuming you have the defconf firewall configuration).
* Under /interface bridge vlan, add a new entry for vlan-ids=100, bridge=bridge (your main bridge) tagged=bridge,ether1
* Under /interface bridge vlan, add a new entry for vlan-ids=200, bridge=bridge (your main bridge) tagged=bridge,ether1,ether7
* Under /interface bridge vlan, add a new entry for vlan-ids=1000, bridge=bridge (your main bridge) tagged=bridge (only bridge!)
* Under /interface vlan, edit the property of the existing vlan100 interface that you use for internet data, swap the value of interface from ether1 to bridge (your main bridge).
* Under /interface vlan, add a new vlan interface for vlan-id=200, interface=bridge, name=vlan200 (this is optional, you can omit if you don't need to look at the VoIP traffic in RouterOS).
* Under /interface vlan, add a new vlan interface for vlan-id=1000, interface=bridge, name=vlan1000
* Go to /interface bridge port, add an entry for interface=ether1, pvid=1000, frame-types=admit-all
* Turn on VLAN filtering (tab VLAN) in the property of the main bridge if you did not already done it.
Now your ether1 ports has become a hybrid port, member of the main bridge. The interface vlan100 still has internet traffic and works as before. The new interface vlan200 has the VoIP traffic, port ether7 also has that as tagged VLAN 200 so that you can plug the ATA adapter to that port. If you want another port than ether7, change it in the /interface bridge vlan entry with vlan-ids=200 above.
You can manage your ISP ONT by using the interface vlan1000, under /ip address assign an IP address for it in the same range as the management address of the ONT, and add interface vlan1000 to the WAN interface list so that the masquerade rule applies (assuming you have the defconf firewall configuration).