MY ISP is using 2 VLAN’s, one for Internet (VLAN 20) and one for IPTV (VLAN 30). I want my RB260 close to the fiber and install my hAP ax2 in the livingroom. That is peace of cake, just create two trunks on the RB260 and ready to go.
But…I want to have my home network available on the RB260 as well.
On the RB260 I added 2 trunk ports (ISP: VLAN 20 & 30, Trunk to router: VLAN 10 & 20 & 30).
Would somebody be so kind to evaluate my non-traditional approach? Should this work? I left the ISP part out, that part wont be the problem (just plain masquerade and igmp-proxy).
I don’t see what good does exclusion of ether1 (trunk) from bridge … traffic inside VLAN 10 will be bridged instead of switched. I wouldn’t do it like this. Neither would I do it on RB260GS (but there one should configure vlans in /interface/ethernet/switch sub-menu to use HW offload).
But if you insist on that kind of setup, then bridge-LAN should be all untagged with member ports the LAN interfaces (e.g. ether3) and vlan1.10 (which is untagged end, the tagged end is anchored to ether1). The way you have it now is complete crap.
Thanks for the fast feedback, @mkx. Just to clear things up: I didn’t do a complete export (and am aware that all access ports can be configured untagged. What would be the reason for adding ether1 to the bridge as well? I would not expect any (untagged) traffic on it…correct? Still can add it of course. And what makes it complete crap…is this the lacking of the access ports? I’ll add them to the topic start.
The RB260GSP only supports SwOS (I think you refer to the RB960?).
If there is a better way…please advice me (as well).
First of all, remember that vlan1.10 is the untagged end of that “pipe-like” interface. With the first line you added interface as access port (untagged), which is fine by it self. With the next line you set vlan1.10 as tagged port … which is in contradiction with the first one (and wrong as interface is untagged by definition).
The part I didn’t quote (ether2-5) is crap as well: you added these interfaces as bridge ports but you did not explicitly set pvid (which leaves it at pvid=1). Which means that untagged frames will get tagged with VID=1 … and you don’t have that VID present on trunk port eth1. Then you added these ports untagged members of vlan 10 …
What I’d do would be really simple single-bridge all-ports-members setup:
If you go for switched IPTV (that’s what I’m doing, I tried with PIM and what not but it didn’t work well), then you don’t need bridge to be member of VLAN 30 (and hence you don’t need vlan1.30 interface), you just have to add appropriate configuration to port where IPTV receiver is connected, with my ISP it needs to be tagged for IPTV as well).
Thanks again @mkx, will give it a try tonight. Your suggested approach is exactely how I configured my other router…can’t explain how I came up with this approach…
That appears to be a typo. Shouldn't it be vlan-id=30
What is happening to IPTV on the hAP ax2? I expected to see vlan-filtering and a port on the hAP ax2 dedicated to the IPTV box, instead of all 4 non-trunk ports being for vlan 10.