Hello,
TLDR: A beginner is asking how to mark all traffic on a single port as VLAN, while allowing other untagged traffic on the bridge.
there is mixed (tagged and untaged) traffic on all current ports in a bridge, how do i tag all incoming traffic on an another port so it can share the same network and services with the tagged traffic?
thank you!
Long story:
I have been using mikrotik produtcts for home networking for many years without problems. However, i have run into some trouble while trying to put together a somwhat more complicated setup. It is a bit complicated to explain, so please bear with me.:
My family has recently moved into a larger house and I am trying to have one wifi network covering the whole building, There are three households that share one internet connection using a single routerboard Rb2011 in the basement. Each household has their own private LAN and wifi (using RBD52G), on each of these routers i have also setup a wifi network with the same SSID (plexus) which has a VLAN ID 10 and is bridged to the wan port of each of the routers. Then I have set up a vlan in the main router bridge with a dhcp server. This way any device connected to this network can roam the whole building, while allowing the households to have their own separate networks. So I was quite satisfied with the result, until i noticed that the basement is not really covered. So i thought i could only plug an old AP into one of the ports of the main router (Rb2011) mark all traffic on that port as VLAN10 and it would work the same way as with the router board. However - so far, i was unable to do so. I have tried many different settings with bridge vlan filtering on and off and it just always failed somehow.
Main router config:
# jan/23/2021 23:21:18 by RouterOS 6.47.4
# software id = 957N-7LRV
#
# model = RB2011iL
# serial number = 8E7A0BBCAD5C
/interface bridge
add admin-mac=C4:AD:34:89:AF:0D auto-mac=no comment=defconf name=bridgeLocal
add disabled=yes name=roamingbridge
add disabled=yes name=sklepbridge
/interface vlan
add interface=bridgeLocal name=roaming vlan-id=10
/interface ethernet switch port
set 8 default-vlan-id=10 vlan-header=always-strip
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.77.3-192.168.77.254
add name=sklep ranges=192.168.11.10-192.168.11.254
add name=roamingVLAN10 ranges=192.168.10.2-192.168.10.199
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridgeLocal name=dhcp1
add address-pool=sklep disabled=no interface=ether7 name=sklepdhcp
add address-pool=roamingVLAN10 disabled=no interface=roaming name=roaming_dhcp
/interface bridge port
add bridge=bridgeLocal comment=defconf interface=ether2
add bridge=bridgeLocal comment=defconf interface=ether3
add bridge=bridgeLocal comment=defconf interface=ether4
add bridge=bridgeLocal comment=defconf interface=ether8
add bridge=bridgeLocal comment=defconf interface=ether10
add bridge=bridgeLocal interface=roaming
add bridge=bridgeLocal interface=ether9 pvid=10
/interface bridge vlan
add bridge=bridgeLocal disabled=yes tagged=bridgeLocal vlan-ids=1
add bridge=bridgeLocal tagged=bridgeLocal untagged=ether9 vlan-ids=10
/interface list member
add interface=bridgeLocal list=LAN
/ip address
add address=192.168.77.1/24 interface=bridgeLocal network=192.168.77.0
add address=192.168.11.1/24 interface=ether7 network=192.168.11.0
add address=192.168.10.1/24 interface=roaming network=192.168.10.0
/ip dhcp-client
add disabled=no interface=ether1
/ip dhcp-server lease
add address=192.168.77.4 client-id=1:c4:ad:34:e0:92:db mac-address=\
C4:AD:34:E0:92:DB server=dhcp1
add address=192.168.77.2 client-id=1:48:8f:5a:29:74:cf mac-address=\
48:8F:5A:29:74:CF server=dhcp1
add address=192.168.77.3 client-id=1:64:0:6a:61:42:c4 mac-address=\
64:00:6A:61:42:C4 server=dhcp1
/ip dhcp-server network
add address=192.168.10.0/24 dns-server=1.1.1.1,8.8.8.8,192.168.77.1 gateway=\
192.168.10.1 netmask=24
add address=192.168.11.0/24 dns-server=192.168.77.1,1.1.1.1,8.8.8.8 gateway=\
192.168.11.1 netmask=24
add address=192.168.77.0/24 dns-server=192.168.77.1,8.8.4.4,10.0.0.138 \
gateway=192.168.77.1 netmask=24
/ip dns static
add address=192.168.77.4 name=AdamTik.lan ttl=59m59s
add address=192.168.77.2 name=RodicTik.lan ttl=59m59s
add address=192.168.77.3 name=SosakTiK.lan ttl=59m59s
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether5
/ip route
add distance=1 dst-address=192.168.22.0/24 gateway=192.168.77.2
add distance=1 dst-address=192.168.33.0/24 gateway=192.168.77.3
add distance=1 dst-address=192.168.44.0/24 gateway=192.168.77.4