I have noted that on any of the rOS v7.1 the function of the switch vlan is not woking.
I’m unable to make a specific port(eth3) untagged for a vlan (88).
When I try I still get all the vlans tagged on that port
/interface ethernet switch port has property vlan-header. Its setting is not shown in your config export meaning it’s set to default value. Documentation states that default value is “leave-as-is” which is suitable setting for hybrid port. But default may have changed in v7 … so do /interface ethernet switch port export verbose (/interface ethernet switch port print detail) or to verify actual setting (behaviour you described corresponds to setting vlan-header=add-if-missing).
I tried your suggestion, and notthing, it still ignores any configuration on the switch menu.
this also applies to the “new” 7.1-testing released on 02/12
Do you have any configuration related to VLANs done under /interface bridge? In ROSv6 it was possible to mix things, but sometimes things broke in some random ways so it’s better not to mix settings.
I tried this on 7.1RC4 and it seemed to work ok.
A bit of effort to figure this out though…
There are some issues.
You need to have a vlan with the correct vlan id (and an ip address) eg. vlan88 attached somewhere, if you want
the router to be able to communicate with devices on vlan 88. br-lan is likely the best place.
If you attach it direct to a port, you can only communicate with devices on that port.
port 3 will seen untagged stuff from 2 vlans, but can only connect to one of them (88)
** PROBABLY DONT DO THIS BELOW **
An option to remove 2nd untagged vlan stuff from port3:
(But causes high CPU when putting traffic through it)
Remove port 3 from bridge.
Create a new bridge, bridge 88
Assign vlan 88 address, dhcp server, etc to this bridge (Removing from above vlan object)
Connect above vlan object as a port on bridge88. (Other end remains attached to bridge)
Create a new vlan object also with vlan id of 88 (vlan88-2)
Attach vlan88-2 to ethernet port 3
Connect vlan88-2 as a port on bridge88
Switch: tagged traffic from ether1, needs to go to ether20, but I need one untagged vlan 88 port e.g. ether3.
AP: multiple SSIDs, each on one vlan.
What I get on ether3 is all vlans, still tagged, and no untagged traffic works. bridge vlan filtering does not work for me, as it kills the ability to switch at line rate, I cannot get gigabit speeds within my LAN and my IPTV starts to drop packets and artefacts are presented on the TV’s. From Mikrotik’s documentation, the switch on the hAP ac2 is capable of doing vlan “filtering” in hardware, by using the “Switch” menu.
Hi, I did similar to this (but only 1 other vlan, vlan 19), and was getting untagged packets (ex vlan 88, and bridge native) and tagged packets from vlan 19 on the port I marked
with vlan 88 as default vlan id. Note: you cannot use the hap ac2 to (correctly) view the ethernet packets.
It maybe all seems a bit fragile though. (Maybe more vlans breaks it, I don’t know)
My vlan 88 is setup as follows;
bridge88 with attached ip address for vlan88 + dhcp for vlan88
bridge88 port → vlan88 (vlan interface)
bridge88 port → wifi ssid
vlan88 (vlan interface) attached to (main) bridge
Setting the (interface/ethernet/switch/port) vlan-header parameter to leave-as-is yields the same results as add-if-missing: VLAN tags are not removed from outgoing packets that match a port’s default-vlan-id.
In addition, the (interface/ethernet/switch/vlan) independent-learning parameter does not appear to do anything.
The RB2011 have the same switch chip on the firsts 5 ports and the sfp that the hAP ac2 have, the Atheros8327, so it may be a issue affecting all models using the same chip.
