Hello.
I have a RB3011UiAS that I’m trying to set up new. I have set up several vlans that I’m passing to a managed switch by creating vlan interfaces. Works fine. I cannot figure out how to configure a port on the RB3011UiAS to be untagged in vlan 3. I’d like the native vlan on port 6 to be vlan 3. I have tried just about every way I can see to do it to no avail.
I found some articles online and even found the manual but I still can’t get it to work. Seems like a simple thing to do.
Anyone have some tips?
Attaching current working config.
On a procurve, it’s two commands “vlan 3” and “untag 6”. Not sure if this thing is broke or what but it seems like it shouldn’t be this difficult to create an access port. I have been all over this thing. I clearly don’t understand something. lol
RB3011Export.txt (4.76 KB)
Best article here ITEM C. here - https://forum.mikrotik.com/viewtopic.php?p=906567#p906567
Focus on understanding the functionality/usage/purpose of the items you are missing or not applying:
a. /interface bridge port
b. /interface bridge vlan
I’ve tried to set the PVID on “bridge” bridge port. I tried to set “admit only untagged and priority tagged”.
I’ve tried to create a new bridge and put ether6 in it and set the bridge vlan filtering PVID to 3.
I’ve tried to delete ether6 from all bridges and go into switch–>port–>ether6 and set the “default VLAN ID” to 3.
I’ve tried to set in bridge–>VLANs and set the untagged vlan and tied the new bridge to it.
I tried combinations of a few other things.
I know the VLAN works because I can untag a switchport on my managed switch and it drops be right in the broadcast domain of vlan 3. I have internet, I can get a DHCP lease, etc…
I’ll keep trying. 
You currenly have only simple bridge with VLANs on all ports. What you need is more intelligent bridge VLAN filtering (vlan-filtering=yes), and only then you can define tagged and untagged ports.
Which one would have pickup from reading the links...........
Every example ends with.....
#######################################
Turn on VLAN mode
#######################################
/interface bridge set BR1 vlan-filtering=yes
Guess I have to highlight this fact.......
By the way pcunite adds the bridge port and bridge vlans settings and then turns vlanfiltering ON, not the other way around!
OK I didn’t show anything I tried in the config before. I have a laptop patched into ether6 with a static IP on the NIC 172.16.3.66/24. I’m not sure if this config is correct but I still have no access on ether6. I have set:
/interface bridge
add name=Untagged3 pvid=3 vlan-filtering=yes
add admin-mac=DC:2C:DE:9F:8F:E1 auto-mac=no comment=defconf name=bridge
/interface vlan
add interface=bridge name=vlan3 vlan-id=3
add interface=bridge name=vlan27 vlan-id=27
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=ether10
add bridge=bridge comment=defconf interface=sfp1
add bridge=Untagged3 interface=ether6 pvid=3
/interface bridge vlan
add bridge=Untagged3 untagged=ether6 vlan-ids=3
You need only one common bridge. Add untagged port (not bridge) with pvid=3. And in “/interface bridge vlan” you need tagged=bridge,etherX,etherY,… for all VLAN ids.
SInce it does not appear to be clear or getting through!
Besides only need one bridge…
The main bridge setting is left to defaults, do not touch, the only thing you do here is at the end turn vlan filtering=yes (on).
/interface bridge port
…
add bridge=bridge comment=defconf interface=ether6 pvid=3 ingress-filtering=yes frame-types=admin-only-priority-and-untagged
/interface bridge vlan
add bridge=bridge tagged=bridge untagged=ether6 vlan-ids=3
Thank you for the replies. It worked, kind of. The laptop is in vlan 3. However, it broke vlan 3 and 27 for tagged devices. I have:
/interface bridge
add admin-mac=DC:2C:DE:9F:8F:E1 auto-mac=no comment=defconf name=bridge vlan-filtering=yes
/interface vlan
add interface=bridge name=vlan3 vlan-id=3
add interface=bridge name=vlan27 vlan-id=27
/interface bridge port
add bridge=bridge comment=defconf frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether6 pvid=3
/interface bridge vlan
add bridge=bridge tagged=bridge untagged=ether6 vlan-ids=3
You need to list all tagged interfaces in “/interface bridge vlan” as tagged=bridge,. And then add another similar item for vlan 27.
Oh! Got it working! Thanks to all! By “” you mean physical interfaces, not vlan interfaces. Adding the vlan interface to “tagged” broke things. Heck that’s easy once you get what the device is doing. So enabling “VLAN filtering” under the bridge pretty much turns on function in the bridge vlan tab.
Can I add and remove ports in bridge–>VLANs at will now without having to toggle the bridge VLAN filtering option? There seemed to be emphasis on doing it last after all the other config is done.
You don’t need to toggle it. I’m not sure why tutorials enable it only at the end. I guess the idea is that if you enable it prematurely, before you have everything configured, you could lock yourself out. But it can happen too, if you enable it last, but you made some mistake before.
That is one of the reasons I created the OFF BRIDGE setup, and recommend DOING IT before monkeying with the vlan setup.
Great! This device is pretty capable, still learning it though. I’ve only had it for a few days now. The scripting seems very useful. Thanks again everyone for the assistance!