Hi,
I’m currently gettin’ totally insane configuring a RB450 with 5 ethernet ports similar to a simple switch but gain some more traffic control (using ip firewall etc. for traffic limitation/prioritization using bridge interface).
What I’m trying to configure is:
Port 1: Uplink Port
Port 2: Receives untagged frames; received frames should get VLAN tag added/set to id=7.
Port 2-5: All protected ports - they should only be able to communicate with the uplink port, not exchanging traffic with the other ports.
Here’s my current configuration:
/interface bridge
add name=bridge1
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
/interface bridge filter
add action=drop chain=forward in-interface=ether2 out-interface=!ether1
add action=drop chain=forward in-interface=ether3 out-interface=!ether1
add action=drop chain=forward in-interface=ether4 out-interface=!ether1
add action=drop chain=forward in-interface=ether5 out-interface=!ether1
/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-pppoe=yes use-ip-firewall-for-vlan=yes
Almost everything’s working that way, just only missing the VLAN tagging on ether2. I tried different stuff with different bridge-configurations (e.g. add an extra bridge only bridging ether2 with a new vlan-interface etc.) getting the VLAN tag set on the frames received on ether2 and stripped for frames leaving ether2. But got no chance to figure out a working configuration. Also tried the switch feature of the RB450G and succeed in setting/stripping VLAN tag on ether2, but then missing traffic control as the frames don’t get over bridge1 to the uplink port (also tried copy-to-cpu, redirect-to-cpu, switch-all-ports etc.).
The important thing here is that I need to have full control over the whole traffic which is leaving the uplink port (for PCQ and prioritization reasons). But looks like there’s no way… can somebody help me out of this mess?
Thank you,
Robert