Do switch rules on the RB5009ug+s+in work to assign VLAN by MAC?

slink3495874 · November 17, 2024, 9:11am

So I have a RB5009ug+s+in (v7.16.1) and I want to be able to assign the VLAN by Mac address as the devices I am required to use have no concept of VLANs. While I know I can set the PVID correctly for each device, I need it dynamic as I cannot control where they will ultimately be plugged in. I need the RB5009 to see the Mac and then follow the rule to assign it to the proper VLAN.

I am trying to follow the guidance given at https://help.mikrotik.com/docs/spaces/ROS/pages/30474317/CRS3xx+CRS5xx+CCR2116+CCR2216+switch+chip+features#CRS3xx,CRS5xx,CCR2116,CCR2216switchchipfeatures-MACBasedVLAN - but it does not work for me. I have literally built the example in the above link and only swapped out the MAC addresses and it’s like the rules never apply. I have done a full reset and built from scratch and everything works great VLAN wise in the bridge but no matter what rule I put in, I can never assign the VLAN by MAC address.

I have also followed the recommendations shown at http://forum.mikrotik.com/t/advice-pitfalls-of-switch-rule-set-vlan-from-mac/172374/1 but I cannot get that to work either.

Is there some nuance on the RB5009ug+s+in that I need to be aware of to make this work? If any of you have a moment and have a RB5009, can you see if you can get the documented config to work or even any config where the applied rules dynamically change the VLAN based upon the Mac?

Thanks so much for your help!

holvoetn · November 17, 2024, 9:32am

That first article you link to refers to a table with supported switch chips and models.

Neither 88E6393 ( swich used in RB5009) nor RB5009 are mentioned there.

The second link you mention is related to netpower, which is mentioned in the first table.

So why do you think those instructions would apply ?

It might be possible but probably not using the approach you are trying.

wrkq · November 17, 2024, 11:34am

OK guys so…
https://help.mikrotik.com/docs/spaces/ROS/pages/15302988/Switch+Chip+Features#SwitchChipFeatures-RuleTable
(links to a chapter further down, if it didn’t scroll on open click “Rule Table” in the table of contents near top)

The parameter in table is listed as

new-vlan-id (integer: 0..4095) Changes the VLAN ID to the specified value or adds a new VLAN tag if one was not already present (the property only applies to the Atheros8316, and 88E6393X switch chips)

RB5009 has 88E6393X so it should be able to do it, with the syntax as in your other two links.

Note however that in your wiki link (https://help.mikrotik.com/docs/spaces/ROS/pages/30474317/CRS3xx+CRS5xx+CCR2116+CCR2216+switch+chip+features#CRS3xx,CRS5xx,CCR2116,CCR2216switchchipfeatures-MACBasedVLAN) there is this bit in the yellow warning frame:

MAC-based VLANs will only work properly between switch ports and not between switch ports and CPU. When a packet is being forwarded to the CPU, the pvid property for the bridge port will be always used instead of new-vlan-id from ACL rules.

So are you just using the RB as a switch, or are you trying to receive the “re-vlan’d” packets on the CPU interface to process them further?

ZoeMurray · December 5, 2024, 10:56am

Thank you so much for sharing the link.