I have 3 VLANs, for example Vlan10 (IP 10.10.10.1/24), Vlan20 (IP 10.20.20.1/24), Vlan30 (10.30.30.1/24).
What I want to achieve is that I would like to have:
Ether1 with Vlan 10 in access mode
Ether2 with Vlan 20 in access mode
Ether3 with Vlan 30 in access mode
Ether4 with tagged Vlan 10, tagged Vlan20 and tagged Vlan30
Ether4 with tagged Vlan20, tagged Vlan30 and Vlan10 as native vlan(without tag).
My device is CRS326-24G-2S+RM with SW 6.42.6
If I associate IP address with Vlan interface I can’t get it working on interfaces in access mode.
If I associate IP address with Bridge interface, and connect PC to Ethernet interface I can ping with tag and without tag, looks like Vlan tagging is not working.
Any help would be appreciated.
That’s the legacy way of doing it. For a CRS3xx, you’ll want this example and the section which follows it. The advantage of using Bridge VLAN Filtering vs. the legacy way is that you’ll maintain hardware-offloaded switching for intra-VLAN traffic on a CRS3xx (routed traffic still goes through the CPU).
I admit I can’t be 100% sure since I haven’t tested it, but I’m fairly certain that any traffic which goes through a vlan interface goes through the CPU. In OP’s example, that would exclude vlan10 traffic that is untagged between ether1 and ether5 (I assume OP meant ether5) but everything else would go through a vlan interface at some point.
If you want “real” (no-CPU) vlan switching assuming it’s present on your hardware, traditionally you had to go through the switch menu which is a pain, and (before the CRS) sometimes does unexpected things and sometimes can’t handle certain edge cases. It wasn’t until 6.41 (I believe) and the CRS3xx series that we got real vlan switching combined with a sane way to configure it, what MikroTik calls Bridge VLAN Filtering (and is only offloaded to the switch chip on a CRS3xx).
But only on the eth interfaces, the vlan interfaces are not tagged HW-Offload, correct? Like I said, switching directly between two eth interfaces can be done by the switch chip, but any time traffic goes through a vlan interface, it goes through the CPU.
Give it a try yourself, e.g. doing a btest through a router with the config below on the untagged vlan shouldn’t generate any CPU usage, but the same test through vlan100 will spike the CPU (unless I’m wrong, but I don’t think I am…).