Hello,
All low- and middle-end models have switch-chip:
http://i.mt.lv/routerboard/files/RB3011UiAS-160307123613.png
high-end models do not have switch chip:
http://i.mt.lv/routerboard/files/CCR1016-12G-160219130439.png
but we need some switch-like vlan functionality for ports on these high-end models:
VLAN Header action for incoming and outgoing packets:
Is already available! VLAN interfaces and bridge.
>>Is already available! VLAN interfaces and bridge.
I have already asked, how can i add tag for incoming traffic, and strip tag on outgoing traffic, but got no response: http://forum.mikrotik.com/t/bridge-and-vlan-tag-management/97076/1
How you propose add tag or strip tag w/o switch-chip??
Create a VLAN interface with parent etherx and desired VLAN tag, and add that VLAN interface to the bridge.
When you ask so many questions yet accept no answers or advise, it is not remarkable that at some point
you get ignored. I would advise you to leave tasks that are above your capability to someone else when you
do not want to study the matter.
>>Create a VLAN interface with parent etherx and desired VLAN tag, and add that VLAN interface to the bridge.
When i create a VLAN interface with parent etherx and desired VLAN tag, i get TAGGED traffic. This interface can receive only packets with tag, and transmit packet with tag.
How can i add tag for incoming (untagged) traffic, and strip tag on outgoing traffic?
Here is the link to VLAN examples which should help:
http://wiki.mikrotik.com/wiki/Vlans_on_Mikrotik_environment
>>Here is the link to VLAN examples which should help
omg! how it works???
you connect tagged vlan10 interface and untagged ether1 interface. they should not communicate!
It looks like the Mikrotik bridge automatically add tags and strip tags!
But, your bridge documentation (http://wiki.mikrotik.com/wiki/Manual:Interface/Bridge) does not contain any information about this CRITICAL feature!
Mikrotik team, you need to place on the site more detailed documentation!
The virtual vlan interface connected to a physical interface is the one untagging incoming and tagging outgoing traffic.
If you put 2 physical interfaces (without attached vlan interfaces) on a bridge, the ports will behave like trunks, keeping all the tags.
If you bridge only vlan interfaces, the traffic inside the bridge is untagged, being stripped by the vlan interfaces.
The traffic extracted by a vlan interface attached to the physical one will not appear in a bridge in which the physical interface is part of (while all other vlans will).
That is why this works:
But, how to connect two bridge??
mikrotik_bb.png
i need communicate from internet to IP1 and IP2.
i tried this:
create vlan1 on interface bridge1; add vlan1 to bridge2.
THIS NOT WORK!
create vlan1 on interface bridge2; add vlan1 to bridge1.
THIS NOT WORK!
create vlan1 on interface bridge1; create vlan2 on interface bridge2; create bridge3; add vlan1 and vlan2 to bridge3.
THIS NOT WORK!
(communication work only when i add ether4 to bridge1)
Why variants 1) 2) 3) do not work?
Why are you even creating VLANS? your explanation is not clear.
Why not create 1 Bridge and then add ether1, ether3 & ether4 to the bridge? Are you trying to tag traffic out ether3 & ether4?
please see full story: http://forum.mikrotik.com/t/how-can-i-add-interface-to-two-bridge/97015/1
Ok, should be fine.
Create vlan 10 on ether3
Create vlan 11 on ether3
Create vlan 20 on ether4
Create vlan 21 on ether4
Create 2 bridges
BridgeISP-A
Ether1, vlan10, vlan20
BridgeISP-B
Ether2, vlan11, vlan21
Then tag the esxi host interface with those vlans and you should achieve your goal
omg! see picture and link
traffic should be UNTAGGED!
wow.
With an attitude like that its no wonder you are not getting help.
How can you possibly think that putting two different networks on the same broadcast domain is a smart thing to do.
The issue is not Mikrotik its the way you think it needs to be done.
Cheers
>>How can you possibly think that putting two different networks on the same broadcast domain
where you see the two different networks at the picture above?
You know what the problem is? You came here, because you wanted to solve something. Some big goal consisting of several parts/steps. But you don’t tell us about big goal and all its details. You just told us about step #1, which you’re set on doing in one specific way, and refuse to accept that it might not be the right way. And when you get working solution (that would be ZeroByte’s option 3 in the other thread(*)), you start doing something else on top of that and then complain how it does not work. But you don’t bother to tell anyone what’s the next thing you’re trying to do now. Which in fact you should have told us about in advance, because it could influence what the proper solution for step #1 is.
(*) I don’t know what’s the idea behind spreading your problem over several threads and I don’t think it makes things clearer at all.
Don’t take it a wrong way, it’s meant as friendly advice.
Please draw a complete map of the entire solution you want to see with all involved connections and addresses.
Don’t use fake addresses all over the place. You can do some fake address for an external address but not
for RFC1918 addresses. And when you use a fake address don’t use a RFC1919 value.
Then explain us how it should function (e.g. where it should NAT if anywhere, what it should filter, which incoming
translations there should be if there is NAT, etc)
Only with a complete picture of the situation it is possible to explain how you should approach the problem.
Most likely there will be no bridge involved, and certainly no bridge with more than ether3 and ether4.
I already some times described my configuration, and what I want to get:
http://forum.mikrotik.com/t/how-can-i-add-interface-to-two-bridge/97015/1
http://forum.mikrotik.com/t/how-can-i-add-interface-to-two-bridge/97015/1
one more time
I have:
ISP1 and ISP2 connected to ether1 and ether2
host1 and host2 connected to ether3 and ether4
all external traffic should be untagged.
I need:
But, currently this is impossible to implement without external switch.
If necessary, I can buy a Mikrotik CCR with switch-chip.