2 or more Trunks, 1 trunk for one port (its possible ?)

RouterOS General
1

Good day,
I'd like to ask about Trunk.
I know how to build one trunk but how to build 2 or more Trunks? Always from a different port.

Below are the ways that came to mind, but I don't think it will work properly.

I read about Vlans on the mikrotik wiki but I didn't understand it. I can set a lot, but Vlany / Trunks on multiple ports is too complicated for me

RB2011UiAS-2HnD-IN (settings - Main router)
RB952Ui-5ac2nD / RB951Ui-2nD (settings - switch) (at the end of Trunk)
A possible solution:

1Gbps ports

Eth1 Wan
eth2 PtP connection - Trunk
eth3 Boiler room - Trunk
eth4 Workshop - Trunk
eth5 office. - Trunk

100Mbps ports

eth6 living room - Trunk
eth7,8,9 cams - Vlan Cam only

(sfp and eth10 off)

These Vlans I have set up with different Vlan IDs, addresses, DHCP server with pools):
Vlan local ID 10
Vlan Voip ID 20
Vlan IoT ID 30
Vlan Cams ID 40
Vlan mkt ID 50 (network elements)

I would need to add these Vlans to the ports:
(or all Vlan on Eth2 - 6)
Eth2 Vlan - local, Voip, IoT, Cam, mkt
Eth3 Vlan - local, Voip, IoT, Cam
Eth4 Vlan - local, Voip, IoT, Cam
Eth5 Vlan - local, Voip, IoT, Cam, mkt
Eth6 Vlan - local, Voip, IoT
Eth7 Vlan - Cam
Eth8 Vlan - Cam
Eth9 Vlan - Cam

1. Make a bridge and set it to ports Eth1-6 and bridge_cams Eth7-9

  • | Bridge

  • (All vlans)

  • Eth2

  • Eth3

  • Eth4

  • Eth5

  • Eth6

  • | Bridge_cams

  • Vlan_cam2

  • Eth7

  • Eth8

  • Eth9

2. Bridges?

  • | Bridge All_Vlan

  • Eth2, Eth5, Eth6

  • Vlan local1 (ID-10, IP 192.168.10.1)

  • Vlan Voip1 (ID 20, IP 192.168.20.1)

  • Vlan IoT1 (ID 30, IP 192.168.30.1)

  • Vlan Cams1 (ID 40, IP 192.168.40.1)

  • Vlan mkt1 (ID 50, IP 192.168.50.1)

  • | Bridge Vlan2

  • Eth3, Eth4

  • Vlan local2 (ID-10, IP 192.168.10.1)

  • Vlan Voip2 (ID 20, IP 192.168.20.1)

  • Vlan IoT2 (ID 30, IP 192.168.30.1)

  • Vlan Cams2 (ID 40, IP 192.168.40.1)

  • Vlan mkt2 (ID 50, IP 192.168.50.1)

  • | Bridge Cams_Vlan

  • Eth7, Eth8, Eth9

  • Vlan Cams2 (ID 40, IP 192.168.40.1)


    3. Make many Vlans under the same ID and IP and add them to the given ports?

  • | Eth2

  • Vlan local1 (ID-10, IP 192.168.10.1)

  • Vlan Voip1 (ID 20, IP 192.168.20.1)

  • Vlan IoT1 (ID 30, IP 192.168.30.1)

  • Vlan Cams1 (ID 40, IP 192.168.40.1)

  • Vlan mkt1 (ID 50, IP 192.168.50.1)

  • | Eth3

  • Vlan local2 (ID-10, IP 192.168.10.1)

  • Vlan Voip2 (ID 20, IP 192.168.20.1)

  • Vlan IoT2 (ID 30, IP 192.168.30.1)

  • Vlan Cams2 (ID 40, IP 192.168.40.1)

  • | Eth4

  • Vlan local3 (ID-10, IP 192.168.10.1)

  • Vlan Voip3 (ID 20, IP 192.168.20.1)

  • Vlan IoT3 (ID 30, IP 192.168.30.1)

  • Vlan Cams3 (ID 40, IP 192.168.40.1)

  • | Eth5

  • Vlan local4 (ID-10, IP 192.168.10.1)

  • Vlan Voip4 (ID 20, IP 192.168.20.1)

  • Vlan IoT4 (ID 30, IP 192.168.30.1)

  • Vlan Cams4 (ID 40, IP 192.168.40.1)

  • Vlan mkt4 (ID 50, IP 192.168.50.1)

  • | Eth6

  • Vlan local5 (ID-10, IP 192.168.10.1)

  • Vlan Voip5 (ID 20, IP 192.168.20.1)

  • Vlan IoT5 (ID 30, IP 192.168.30.1)

  • Vlan Cams5 (ID 40, IP 192.168.40.1)

  • | Eth7

  • Vlan Voip6 (ID 20, IP 192.168.20.1)

  • | Eth8

  • Vlan Voip7 (ID 20, IP 192.168.20.1)

  • | Eth9

  • Vlan Voip8 (ID 20, IP 192.168.20.1)

I really don't know how to solve it, so I'd like to ask you for advice on how to do this.

Thank you for your time and opinions and any solutions.

2

There’s this new(ish) thing called Bridge VLAN Filtering. In short, you create one bridge, add all physical ports that should have any VLANs, configure where they should be and in what form (VLAN X tagged on ether2 and ether3 and untagged on ether4, VLAN Y tagged on ether2 and untagged on ether5, etc). Then for each used VLAN number you add VLAN interface on top of bridge, and you’re almost there, just add IP addresses, DHCP server, whatever you need. See examples, it’s nothing complicated.

3

Good read with examples…
http://forum.mikrotik.com/t/using-routeros-to-vlan-your-network/126489/1

4

thank you for answer.
It’s read about it and I’ve wondered before if it’s possible without an input Trunk from somewhere. and try to swap it to WAN.
Of course with adjustment.

But I will try as much as possible.

But someone told me it was done via Switch (Chip), but I still didn’t get it.

5

Thank you for answer.
I found and read the “article” but it didn’t help me much, I didn’t understand it for lack of knowledge.

6

Main thing about bridge VLAN filtering, don’t expect anything difficult, because there isn’t anything like that. Many would disagree, but I really don’t understand how they manage to find problems with it. :slight_smile: You just need to understand that there are two layers:

  1. Same thing you’d do with managed switch, i.e. you define what VLANs exist and where they are (tagged on some ports, untagged on others). That’s done using pvid in “/interface bridge port” (that’s how you define untagged access ports) and using “/interface bridge vlan” (where you define tagged VLANs).

  2. IP config for routing, DHCP, etc. For that you create VLAN interfaces in “/interface vlan” on top of bridge. And then you just use them like regular ethernet for routing, firewalling, etc.

And that’s it.

Now some bad news, bridge VLAN filtering uses hardware switch only on some RB models, on others (and I think it includes yours) it’s done in software. So if you need maximum performance, it’s not the best choice, especially on slow older RBs like yours. Alternative to that is to configure the switch directly, but it differs between RB models, and it’s no fun to work it. So I’d recommend to try bridge VLAN filtering first, and you’ll see if it’s fast enough for you.

7

This is how I have a list of settings.
and then you probably said something about
/interface ethernet switch, but it doesn’t matter much either.

Regarding bad news.
I am aware of. in time I want to buy CRS3xx

/interface bridge port
add bridge=bridge1 interface=ether1-Internet
add bridge=bridge1 interface=ether2-PtP
add bridge=bridge1 interface=ether3-Kotelna
add bridge=bridge1 interface=ether4-living_room
add bridge=bridge1 interface=ether5-PC
add bridge=bridge1 interface=ether6-Cam1
add bridge=bridge1 interface=ether7-Cam2
add bridge=bridge1 interface=ether8-Cam3
add bridge=bridge1 interface=ether9-Garange
add bridge=bridge1 interface=ether10
add bridge=bridge1 interface=wlan1-local
add bridge=bridge1 interface=wlan2-Guest
add bridge=bridge1 interface=wlan3-tv
add bridge=bridge1 interface=wlan4-IoT

/interface vlan
add interface=ether2-PtP name=vlan-local vlan-id=5
add interface=ether2-PtP name=vlan-mngm vlan-id=10
add interface=ether2-PtP name=vlan-Guest vlan-id=20
add interface=ether2-PtP name=vlan-Cam vlan-id=30
add interface=ether2-PtP name=vlan-IoT vlan-id=40
add interface=ether2-PtP name=vlan-TV vlan-id=60
add interface=ether2-PtP name=vlan-VOIP vlan-id=50

/ip address
add address=192.168.20.1/24 interface=vlan-Guest network=192.168.20.0
add address=192.168.30.1/24 interface=vlan-Cam network=192.168.30.0
add address=192.168.40.1/24 interface=vlan-IoT network=192.168.40.0
add address=192.168.50.1/24 interface=vlan-VOIP network=192.168.50.0
add address=192.168.60.1/24 interface=vlan-TV network=192.168.60.0
add address=192.168.10.1/24 interface=vlan-mngm network=192.168.10.0
add address=192.168.3.1/24 interface=vlan-local network=192.168.3.0

/ip pool
add name=dhcp_pool7 ranges=192.168.10.2-192.168.10.254
add name=dhcp_pool2 ranges=192.168.20.2-192.168.20.254
add name=dhcp_pool3 ranges=192.168.30.2-192.168.30.254
add name=dhcp_pool4 ranges=192.168.40.2-192.168.40.254
add name=dhcp_pool5 ranges=192.168.50.2-192.168.50.254
add name=dhcp_pool6 ranges=192.168.60.2-192.168.60.254
add name=dhcp_pool8 ranges=192.168.5.2-192.168.5.254

/ip dhcp-server
add address-pool=dhcp_pool2 disabled=no interface=vlan-Guest name=dhcp2
add address-pool=dhcp_pool3 disabled=no interface=vlan-Cam lease-time=1d
name=dhcp3
add address-pool=dhcp_pool4 disabled=no interface=vlan-IoT lease-time=30m
name=dhcp4
add address-pool=dhcp_pool5 disabled=no interface=vlan-VOIP name=dhcp1
add address-pool=dhcp_pool6 disabled=no interface=vlan-TV name=dhcp5
add address-pool=dhcp_pool7 disabled=no interface=vlan-mngm name=dhcp6
add address-pool=dhcp_pool8 disabled=no interface=vlan-local name=dhcp7

/ip dhcp-server network
add address=192.168.1.0/24 gateway=192.168.1.1
add address=192.168.10.0/24 gateway=192.168.10.1
add address=192.168.20.0/24 gateway=192.168.20.1
add address=192.168.30.0/24 gateway=192.168.30.1
add address=192.168.40.0/24 gateway=192.168.40.1
add address=192.168.50.0/24 gateway=192.168.50.1
add address=192.168.60.0/24 gateway=192.168.60.1
add address=192.168.3.0/24 gateway=192.168.3.1


/interface bridge vlan
add bridge=bridge1 comment=Private tagged=
ether2-PtP,ether3-Kotelna,ether4-living_room,ether5-PC,wlan1-local,bridge1
vlan-ids=5
add bridge=bridge1 comment=management tagged=ether2-PtP,bridge1 vlan-ids=10
add bridge=bridge1 comment=guests tagged=bridge1 untagged=“ether2-PtP,ether3-Kot
elna,ether4-living_room,ether9-Garange,ether10,wlan2-Guest” vlan-ids=20
add bridge=bridge1 comment=cam tagged=
ether2-PtP,ether3-Kotelna,ether9-Garange,bridge1 untagged=
ether6-Cam1,ether7-Cam2,ether8-Cam3 vlan-ids=30
add bridge=bridge1 comment=IOT tagged=
ether2-PtP,ether3-Kotelna,ether4-living_room,wlan4-IoT,bridge1 vlan-ids=40
add bridge=bridge1 comment=Voip tagged=
ether2-PtP,ether3-Kotelna,ether4-living_room,ether9-Garange,bridge1
vlan-ids=50
add bridge=bridge1 comment=TV tagged=
ether2-PtP,ether3-Kotelna,ether4-living_room,wlan3-tv,bridge1 vlan-ids=60

And

/interface bridge settings
set use-ip-firewall=no —> yes ?

8

  • Keep ether1-Internet separate, it should not be added as bridge port (it would be possible way too, and then have WAN as another VLAN, but it has no added value for you).

  • When some port should be untagged in vlan X (you define that in “/interface bridge vlan”), then that port needs pvid=X in “/interface bridge port”, e.g.:

/interface bridge port
add bridge=bridge1 interface=ether6-Cam1 pvid=30
add bridge=bridge1 interface=ether7-Cam2 pvid=30
add bridge=bridge1 interface=ether8-Cam3 pvid=30

  • Double check all your tagged/untagged vlans and where they should be, some of them look suspicious. Guests in kotelna, what would they do in there?

  • Stay away from use-ip-firewall, that one is evil and does bad things. What you’re looking for is “/interface bridge add name=bridge1 vlan-filtering=yes”. But before you enable it, it’s good idea to temporarily keep one port out of bridge, as backup access, in case something goes wrong.

Edit: One more, you probably don’t want wlan interfaces as tagged ports.

9

Hi, thanks for reply,

I forgot to write it but I have ETH1 / WAN so temporary.
And I see that I wrote a word from my language there.
I checked untagged and tagged and Guests in kotelna (the boiler room) there is because around the corner it is sitting for a visit when it is warm outside.(only for wifi).
As for Wlan, you’re right, I’m not exactly why I put them there when I can set up Pvid in them.