I realise that vlans have been discussed in many posts on this board but I’m having a hard time filtering the relevant information.
We are looking to implement the following setup on a rb2011iL-RM. It needs to function as a switch, no firewall/routing/dhcp etc needed.
We do need a bunch of vlans:
I would prefer to use the switch chip but in all honesty I’m having massive trouble figuring out how to get this to work. If anyone can help me with this setup it would be greatly appreciated.
IMO using the switch chip would be a cleaner config and faster. If you use bridging, you’d need a bridge for each VLAN and a bridge for your untagged vlan and ports.
I believe the 2011 has two switch chips, so you’d need to bridge the two to allow them to communicate. To enable the switching functionality, you go into interface config and assign a master port (this is usually going to be your first ethernet port in each switch, so eth1 for swi1 and eth6 for sw2). You’d create your VLANs in the switch config and assign them to each particular port that needs them. You’ll also want your management VLAN assigned to the switch CPU ports.
To allow hybrid ports (untagged and tagged frames on same interface), you’d set the VLAN header to add if missing and assign the VLAN ID for your untagged port. For VLAN mode, secure would only allow VLANs you’ve defined.
If I dig out my 2011 from storage I could probably cobble together a config, but I hope maybe this information can help you get going in the right direction. I’ll admit I had some troubles initially grasping the config for the switch, but this website helped me understand it a lot better: http://www.breekeenbeen.nl/2014/12/11/mikrotik-vlan-switching-without-bridging/