CRS3xx Series Best VLAN Approach

Hello,

I’ve been using and enjoying Mikrotik Routers for a while.I decided to change my switches with Mikrotik Switches.

I have a setups like following;

Main Router —> SW1 —> End_Switches

I have multiple VLAN for End_Switches and would like to configure them properly. What I want is the connection between Main_Router to SW1 should pass all VLANs. From SW1 to End_Switches I want to do Port Based VLAN and I believe its done in Bridge section.

So lets say;

Main Router → vlan id : 1 → SW1 (ether1 to ether1)
SW1 should only allow VLAN10 to SW2 (ether2 to ether2)
SW1 should allow VLAN10,20,30 to SW3 (ether3 to ether3)
SW1 should only allow VLAN 40 to SW4 (ether4 to ether4)

What I did is (assuming all ports added to bridge with hw=yes);

/interface bridge port
add bridge=bridge1 interface=ether1 pvid=1
add bridge=bridge1 interface=ether2 pvid=10
add bridge=bridge1 interface=ether3 pvid=20
add bridge=bridge1 interface=ether4 pvid=40

/interface bridge vlan
add bridge=bridge1 tagged=ether3 vlan-ids=10,20,30

/interface bridge
add name=bridge1 vlan-filtering=yes

With this configuration, I couldn’t get it work. Is there anything am i missing?

If end switches are VLAN aware (and configured), then you should not configure pvid on any of ports … your example config shows contains an error: ether3 is configured as access port for VID 20 (meaning untagged on wire side of port) and at the same time as tagged member of the same VID.

At the same time ether1 only accepts untagged frames for VID1.

As I already wrote: get rid of all pvid settings, configure ether ports as tagged members of corresponding VIDs. If you want to pass all VLANs through ether1 (even those not yet used on CRS), you can do it using config command

/interface bridge vlan
add bridge=bridge1 tagged=ether1 vlan-ids=1-4094

And don’t forget to set-up management interface properly. I suggest you to enable safe-mode every time before setting bridge with vlan-filtering=yes