Hi guys,
I’m trying to understand the bridge concept in Mikrotik, actually, building a vlan topology as you can see in attachment, both access and trunk port, did any bridge need to be created?
Att.
I think you need to use switches in Area1,2,3 and make respective vlan in it,
To have this level of vlan restriction, you need to follow the model where each vlan has its own bridge, and you put vlan sub-interfaces on every physical interface (trunk) where you want this vlan to be available.
So in the 450, for instance, you would make:
/interface bridge
add name=bridge204
add name=bridge205
add name=bridge206
…etc
/interface vlan
add interface=ether1 name=e1v204 vlan-id=204
add interface=ether1 name=e1v205 vlan-id=205
add interface=ether1 name=e1v206 vlan-id=206
add interface=ether2 name=e2v207 vlan-id=207
…etc
/interface bridge ports
add bridge=bridge204 interface=e1v204
add bridge=bridge205 interface=e1v205
…etc
note: if you never want vlan 204 to be available anywhere except as a tagged vlan on ether1, then you can skip the bridge portion of this on the RB450, which will be less CPU intensive.
However, if you build out vlan204 as a simple vlan interface on ether1, and later you do need to create bridge204 and extend this vlan to other interfaces, then you’ll need to remember to move EVERYTHING off of the vlan interface and onto the bridge interface. (firewall rules, IP addresses, dhcp services, etc)
On the remote sites, you’ll need to create the bridges and vlan interfaces as above, and as a final step, add the physical interface (access port) to the bridge directly wherever you want that vlan to be untagged.