Bridging VLAN-s in a router

RouterOS Beginner Basics
1

Hi!

Trying to solve typical Layer2 misconfigurations. Have a look at the table below (requirements):

+-----+-----------+-------+----------------+--------------+-------------------+----------+----------------+-------------+
| Row | Hardware  | Cloud |    Packets     | Physical int | Virtual interface | Bridging |    Routing     |  Services   |
+-----+-----------+-------+----------------+--------------+-------------------+----------+----------------+-------------+
|   1 |           |       | untagged inet  |              | untagged inet     |          | from dhcp      | dhcp client |
|   2 | ISP cable | WAN   | tagged vlan4   | ether1       | vlan4 interface   | bridge2  | from dhcp      | dhcp client |
|   3 |           |       | eoip tunnel    |              | eoip1 interface   | bridge2  |                |             |
|   4 |           |       |                |              |                   |          |                |             |
|   5 | Server    | DMZ   | untagged vlan5 | ether4       | vlan5 interface   | bridge1  | 192.168.5.0/24 | dhcp server |
|   6 |           |       |                |              |                   |          |                |             |
|   7 |           |       | tagged vlan3   |              | vlan3 interface   |          | 192.168.3.0/24 | management  |
|   8 | Switch    | LAN   | tagged vlan4   | sfp-sfpplus1 | vlan4 interface   | bridge2  |                |             |
|   9 |           |       | tagged vlan5   |              | vlan5 interface   | bridge1  | 192.168.5.0/24 | dhcp server |
+-----+-----------+-------+----------------+--------------+-------------------+----------+----------------+-------------+

Column “Hardware” describes what is connected to the router. Switch is CRS317 and this is configured properly (bridge vlan filtering).

Question is in the router’s configuration.

Rows 2, 3 and 8 must be bridged together somehow. Same with 5 and 9.
Mikrotik describes it as a typical misconfiguration: https://wiki.mikrotik.com/wiki/Manual:Layer2_misconfiguration#Bridged_VLAN

How to solve given task so that it would not be a misconfigured router?

Currently, I have got some sort of a working configuration that is a typical misconfigured and disordered clutter :slight_smile: I did not post the configuration here because the above example is better to understand. If necessary, will post the conf. Hardware is a CCR.

2

Sorry but I am unfamiliar with cloud, inet, and eoip LOL.
I like working from one bridge only as well :slight_smile:
I dont know when it is appropriate to create two bridges? :frowning:

My observations/questions are:
1- that there is no need for vlan4 at the switch.
The ISP vlan is to your router and that where it should end.
2 - Is EOIP show up like an interface , equivalent to a ethport or WLAN, or is it something else? Like a vlan, or virtual WLAN and if so what is its parent interface usually???

3

1 vlan4 at the switch (CRS317 - column Hardware) connected to router via sfp-sfpplus1 is required, because this is the way iptv is distributed from WAN to all tvs connected to LAN
2 eoip is ethernet like port in this iptv bridge2 on top of ipsec policy

I have spotted a mistake in the requirements, ie dhcp client is not necessary in the router on vlan4. Usually, the minimal method dealing with iptv is:

#1 Create new bridge for iptv
/interface bridge add name=bridge2

#2 Add VLAN4 interface for iptv
/interface vlan add interface=ether1 name=ether1-vlan4 vlan-id=4

#3 Add ether2 and ether1-vlan4 into bridge you just created
/interface bridge port add bridge=bridge2 interface=ether1-vlan4
/interface bridge port set ether2 bridge=bridge2

Solution #3 is another misconfiguration according to https://wiki.mikrotik.com/wiki/Manual:Layer2_misconfiguration#VLAN_in_bridge_with_a_physical_interface but it works and people use it a lot.

The requirement for vlan4 is to extend the vlan4 to big layer2 switched network through the CRS317 backbone switch. Access switches connected to backbone switch will be configured exactly like the #1#2#3 configuration above. Although the suggested configuration is to implement access switches with bridge vlan filtering. I have done it like this below:

# Access switch hAP ac
# RouterOS 6.43.4
# model = RouterBOARD 962UiGS-5HacT2HnT
#
/interface bridge
add igmp-snooping=yes name=bridge1 vlan-filtering=yes
/interface ethernet
set ether1 comment="untagged vlan 4"
set ether2 comment="untagged vlan 5"
set sfp1 comment="tagged vlans to-and-from backbone switch"
/interface bridge port
add bridge=bridge1 comment="vlan access port" interface=wlan1 pvid=5
add bridge=bridge1 comment="vlan access port" interface=wlan2 pvid=5
add bridge=bridge1 comment="vlan access port" interface=ether1 pvid=4
add bridge=bridge1 comment="vlan access port" interface=ether2 pvid=5
add bridge=bridge1 comment="vlan trunk port" interface=sfp1
/interface bridge vlan
add bridge=bridge1 tagged=bridge1,sfp1 vlan-ids=3
add bridge=bridge1 tagged=sfp1 untagged=ether1 vlan-ids=4
add bridge=bridge1 tagged=sfp1 untagged=ether2,wlan1,wlan2 vlan-ids=5
/interface vlan
add interface=bridge1 name=MGMT vlan-id=3
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=MGMT

Question still remains - I can not figure out the proper Mikrotik suggested and approved configuration in the router.

4

Two complex for me, especially with IPTV thrown in and the EOIP (still not sure what its parent interface is).
Also, I do not see a standard LAN network anywhere defined which throws me for a loop.

5

Should this be moved away from beginners forum?