good afternoon, I’m just studying microtick, and I have a simple question to which I have not yet been able to find the answer,
I have mikrotik hex on port ether1 which receives tagged traffic - vlan 30, how do I output this traffic to ether2 with the new vlan 20 tag?
/interface bridge
add name=bridge1 protocol-mode=none vlan-filtering=yes
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=vlan1
/interface bridge vlan
add bridge=bridge1 tagged=bridge1,ether1 vlan-ids=30
add bridge=bridge1 tagged=vlan1,ether2 vlan-ids=20
/interface vlan
add interface=bridge1 name=vlan1 vlan-id=30
is that correct? or am I making a mistake?
Is the hex acting as a router or a switch?
Why would you want to change the tagging of a vlan? ( dont think its possible in your context )
Does bridge vlan filtering on hex on used as a router or a switch work differently?
I always considered this to be the basic functionality of VLAN.
Vlans are used to keep traffic within a closed subnet at layer2.
They also permit one to push many subnets through a single interface port.
Its not about switching the vlan tags on a whim, which is by the way is not a feasible idea.
VLAN is Virtual LAN … so one VID equals one ethernet infrastructure (in ancient legacy terms). If one builds multiple LANs, it’s because one wants to keep traffic apart … and only allow traffic between them in a controlled way, i.e. using router (and firewall). So changing VID as L2 opereration compares to connecting switch port of one LAN with switch port of another LAN. Guess what? This creates a single (larger) LAN with confusing L3 settings.
So yes, this is a sin (and definitely not a “basic functionality of VLAN”).
BTW, you can connect two VLANs (and change VID on the fly) by adding a bridge:
/interface bridge
add name=intervlan
/interface vlan
add interface=bridge1 name=vid20 vlan-id=20
add interface=bridge1 name=vid30 vlan-id=30
/interface bridge port
add bridge=intervlan interface=vid20
add bridge=intervlan interface=vid30
Beware though, that the above will be entirely done in software, so it’ll bog down the CPU.
You could do it with single VLAN interface and without additional bridge (as per your example). vlan1 interface would have to be untagged bridge port with pvid set to 20. But performance wise it wouldn’t be much better while config readability wise it’s much more convoluted.
Not something normally done. What is your use case for this?
in our working network, vlan numbers are defined by technical documentation, and I cannot change them, and in this case, another network provider provides its services with other VLANs, which we also cannot influence in any way
we previously used a router on linux and there was no problem adding, change, union, because the tag is just 802.1Q Header, but now we decided to try to compact the computer into a hypervisor and virtual routers, including really liked Mikrotik CHR, and to get to know him, purchased the hEX version as close in capabilities and training, including at home. but reading the documentation on mikrotik vlan, misconfiguration, tag stacking, I had questions.
mkx, thanks for your response, i used ‘interface=vlan1 pvid=20’ , I am sympathetic to this decision