Hey! I have rb2011, and i have local network on eth2 (10.10.1.0/24) connected to port 2 on HP HPE 1620 switch. I want to add VLAN to separate traffic on some pc’s in the network. This is what i do → Create vlan 50 , add VLAN50 to eth2, add ip address (10.10.50.1/24) for VLAN50, make DHCP for VLAN50 interface. On the switch port 2 i tag vlan 50. After that i make port3 on the switch access to vlan 50 and connect PC. The pc didnt get any address and no internet. Can you guys help me?
It will for sure not work that way.
Are you sending VLAN tagged to the HP switch?
You need to use Brdiging.
With 6.41+ RouterOS do like this.
Create a bridge and turn on vlan filtering
eth2 connectd to bridge with pvid=1
Create a VLAN 50 connect it to the bridge.
Connect IP and DHCP for Vlan 50 and connect it to VLAN 50
use bridge vlan to tell that vlan 50 should go tagged in the bridge and to interface connected to HP switch.
If you post a drawing I may be able to give you a more exact config.
Tnx for your reply but no results the way you described. I cannot paint anything now, but the topology is really really simple i will try to explain better
on eth 2 i have local network 1.1.1.1 (running without problems), this ETH2 port on the mtik is connected to the HP switch port 2. I want to add VLAN50 on the same physical interface (eth2) to separate some pc’s on lan without affecting network 1.1.1.1.
So you have a router.
On port
Eth 1 Wan
Eth 2 will connect to HP switch?
Eth 3 ?
Eth 4 ?
I only use eth2 for lans. 3,4 etc are not used
Sent from my X7pro using Tapatalk
Hi Zigmund
So what you are saying is that for example you have
eth1 being your WAN port
eth2 being your LAN port (and you dont use any other eth ports for your lan) and that etheport first goes to a managed switch.
Right now the managed switch it not really doing much but now you have decided to, for some PCs, attached to the managed switch add vlan50.
No problem
First in winbox use safemode.
- add bridge to mickrotik call it homebridge (we will come back to this as the last step as well to add one more item)
- Add vlan and the interface for it is the bridge “homebridge” call it “vlan50”, vlanid=50
- add ip address for the vlan, interface is vlan50
- Add ip pool -vlanpool50 interface is vlan50
5., dhcp server - vlan50server, interface is vlan50 - add dhcp server network
+++++++++++++++++++++++++++
/interface
eth2 = myhomelan
/interface list
homebridge=LAN
vlan50=LAN
WAN1ISP=WAN
On the router, there is no need to do anything extra in vlan work as the access port is on the switch so its straightforward.
/interface bridge port
add bridge=homebridge interface=eth2
/interface bridge vlan
add bridge=homebridge tagged=homebridge, eth2 vlan-ids=50
-
LAST STEP for bridge setup, go back to /bridge and enable vlan filtering check box (or yes cant remember which) ***
-
Firewall rules, If your last Forward Rule is drop all. (which I recommend - block all and define what is allowed) then you will only have to enable a vlan50 to WAN forward accept rule.
++++++++++++++++++++++++++++++++++++++++++++++++++++++
on the switch the port that eth2 connects to on the managed switch is a TRUNK PORT, simply ensure that VLAN 50 is identified as allowed.
on the switch the port that connects to the PC from the managed switch is an ACCESS PORT.
you will probably want ingress-filtering applied to this port and identify it as pvid=50.
*** Regarding normal internet traffic. This flows transparently using the default vlan1. I am assuming the switch operates the same way as both have been communicating back and forth already using the default vlan without any special programming for the router or managed switch. There will be no interruption to this traffic by adding vlan50.
So on eth2 you will connect HP swtcih.
Fro MT you will then have Vlan1 and Vlan50 on eth2.
Then you will setup a trunk port on HP and use Vlan 1 and Vlan 50 on various port there?