How to share a vlan interface with a bridge and a trunk port?!

RouterOS General
1

Hello everyone,

i need help!

I have to configure a router where i have a port (lets say eth5), which is a “trunk” port and there needs be 3 tagged vlans on it.
And what i need are some untagged ports, too. Now that i have configured a trunk port and the bridges, i realised that i cant “share” the same vlan interface on both interfaces (the bridge and the phisycal port[eth5]).

What is the proper aproach?

  1. Create two vlan interfaces for one vlan id (lets say, “vlan10” and “bridge-vlan10”, both having vlan id 10) and for “vlan10” interface i give(lets say) 192.168.10.1/24 and for the “bridge-vlan10” i give the address 192.168.10.2/24 (this sound like that the router has to do more work?!)
    or
  2. Create two vlan interfaces for one vlan id (lets say, “vlan10” and “bridge-vlan10”, both having vlan id 10) and give both of the vlan interfaces the same IP address, (lets say) 192.168.10.1/24 [cuz trough winbox this is possible->but i don’t know if this would be a proper aproach?]

Thank you guys/girls in advance!

2

If i have to give the two interfaces other IP address (not the same - sry for my english), how can i “share” a dhcp server on both interfaces? I really wouldnt like to create two dhcp server, with different pools for one subnet and i don’t even think this would be a good idea.

3

Maybe i need to bridge the two vlans, with the same vlan id and put on that bridge an IP address and a DHCP server?

4

Look at bridge VLAN filtering:

https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#Bridge_VLAN_Filtering
http://forum.mikrotik.com/t/using-routeros-to-vlan-your-network/126489/1

It uses bridge to connect vlans on different ports and allows to set where they should be tagged or untagged.

5

Thank you!
I tried with bridging the vlan interfaces and it works as expected! Thank you and have a nice day!

6

@Sob, why in the example on the first link/URL (wiki), is the bridge itself not tagged brigde1? with a hybrid port scenario, all ports are a combination of access and trunk ports.

Add Bridge VLAN entries and specify tagged and untagged ports in them. In this example egress VLAN tagging is done on ether6,ether7,ether8 ports too, making them into hybrid ports.
/interface bridge vlan
add bridge=bridge1 tagged=?, ether2,ether7,ether8 untagged=ether6 vlan-ids=200
add bridge=bridge1 tagged=?, =ether2,ether6,ether8 untagged=ether7 vlan-ids=300
add bridge=bridge1 tagged=?, =ether2,ether6,ether7 untagged=ether8 vlan-ids=400

But below that in the next example it shows the Bridge being tagged (when just access ports, no trunk ports)
Add Bridge VLAN entries and specify tagged and untagged ports in them. In this example bridge1 interface is the VLAN trunk that will send traffic further to do InterVLAN routing:

/interface bridge vlan
add bridge=bridge1 tagged=bridge1 untagged=ether6 vlan-ids=200
add bridge=bridge1 tagged=bridge1 untagged=ether7 vlan-ids=300
add bridge=bridge1 tagged=bridge1 untagged=ether8 vlan-ids=400


If I recall from setting up vlans:
a. one definitely tagged the bridge when trunk ports where identified!!!
b. one definitely didnt require to tag the bridge for solely access ports!!!

Hence my confusion on both counts as the example are reversed from what i expected and as explained in the second link/URL VLAN Thread. Please explain.

7

Anav, we need to explain this again?

If RB itself is not interacting with certain VLAN (i.e. doesn’t need/have vlan interface created), then bridge interface doesn’t have to be member of said VLAN, neither tagged nor untagged.

Use cases: when RB is switching/bridging VLANs, it bridge interface doesn’t have to be member of VLAN.
When RB is routing traffic for certain VLAN, then bridge interface has to be member of that VLAN.

8

Okay mkx, will look at the diagram articles linked with that in mind… Thanks for the reminder… I think I viewed switching as routing :frowning: