I’d like to configure VLANs using switch features (rather than bridge) for performance reasons. Configuration using bridge is pretty easy and straightforward, however, I find it extremelly difficult to configure using switch features.
Here is switch ports description:
eth1 - traffic ingoing from the router
eth2 - traffic outgoing to another switch
Here is the definition of “traffic” and it’s the same on both eth1 and eth2. Same untagged traffic and same tagged traffic need to pass between eht1 and eth2:
Untagged traffic
VLAN ID 10
There are a lot of examples on the internet, but none of them covers passing both untagged and tagged. As soon as I enable VLAN filtering, untagged traffic stops flowing, so basically I need someone to guide me to the right direction.
You evidently think that configuration will be the same on any device running any version of firmware. That isn’t the case. Please tell us what device you have, and what version of firmware you are running. Then we can provide better suggestions.
You also haven’t shared anything you have done. Or even what problem you are trying to solve, because as stated, a generic dumb vlan-transparent switch from a big-box store will do what you want. There is no need to use vlan filtering unless you want the switch to do something that requires vlan-aware features, like the ability to untag traffic on an access port..
You have been directed to documentation and videos that demonstrate using the switch method. Depending on what device you have, this video may be useful. Mikrotik VLANs - CRS1xx & CRS2xx - Mikrotik Tutorial It’s the companion to the CRS3XX Step by Step link @anav posted. Here’s another one that @anav didn’t list. Mikrotik Bridge VLAN Filtering which was made with v6.47.x on several different devices. Some devices have better bridge and switch support in v7.
Again, without knowing exactly what you tried, how can anyone point our what is wrong?
In the example with 3 tagged VLANS on ether2 trunk port, if you want to extend a “hybrid” trunk link through two switch ports that you want to pass tagged 10 and untagged (some other vlan, which one you choose doesn’t really matter in this case, it just has to be something that isn’t used on any other ports you want to be isolated from), then you just need to configure the trunk port with pvid or for the VLAN you want untagged on the hybrid trunk link. Both switch ports need to be configured in the same way, e.g. both ports should have the same pvid configured (for the untagged traffic), and be tagged for vlan 10.
After a while I am back to this problem again. Let me upload a chart this time. What I am trying to achieve is quite simple:
For CRS3xx switches (guide) it’s fairly easy and I got it working just fine, but I am using CRS1xx/2xx series switches (guide) and I need to configure using
/interface ethernet switch
features for hardware accelerated filtering…
However, I do not understand how to implement it using this guide: This is the configuration I’ve built following those examples that does not work:
The most confusing part is how to forward untagged traffic from one port to another without tagging it? Once I enable last rule (to enable vlan filtering), router becomes inaccessible. How do I do it?
Isn’t that what you need?
