Hello guys. What are the differences between these configurations?
First situation;
vlan10_a → interface ether1
vlan10_b → interface wlan
bridge1 → ports are vlan10_a and vlan10_b
Second situation;
bridge1 → ports are ether1 and wlan
vlan10 > interface bridge1
I just wonder how the traffic(Including the data without tag) flows in that two different configs?
never made an setup like this but i think in first situation ether1 ans wlan are in trunk and traffic will be tagged and in second wil be an access port and traffic wil be untagged. Hope i`m not wrong.
My setup is like this…
Vlan 100 and 200 added to ether2 and ether 3 slave to ether2. This are two trunk ports with tagged traffic.
ether4 in bridge with vlan100 and ether5 slave to ether4 as access ports with untagged
IIRC, you cannot add VLAN tags to a bridge interface. So the second configuration is not an option.
Edit: I apparently recalled incorrectly. Sorry folks. Should have kept my keyboard shut.
I have vlans on bridge, no problem.
Difference between the two situations is that in first case only two specified vlans are bridged together and it does not affect other vlans on same interfaces or untagged traffic. If another vlan20 happens to be on both ether1 and wlan, traffic between them won’t be bridged, but only routed (if they choose to use this router as gateway).
Second case bridges whole interfaces with everything on them, so it will transparently pass all other vlans and untagged traffic between them.
Simple example from my home router:
/interface bridge
add name=internal
add name=public
/interface vlan
add interface=internal name=vlan82-guest vlan-id=82
add interface=internal name=vlan240-public vlan-id=240
/interface bridge port
add bridge=public interface=wlan1-public
add bridge=public interface=vlan240-public
add bridge=internal interface=ether1
add bridge=internal interface=wlan2-home
Bridge internal contains ether1 going to switch and wlan2-home wi-fi. On top of that is vlan82-guest for guest network (it’s your case #2). Wireless interface has vlan-mode=use-tag, vlan-id=82, so all unknown devices go into guest vlan. Trusted devices have entries under /interface wireless access-list with vlan-mode=no-tag, which makes them part of private internal LAN. Doing it like this allows to have only one common ssid, instead of virtual AP with different one. There’s another AP in internal network with same config and ether1 and wlan1 bridged together, but without any defined vlans, so it just passess tagged guest network transparently (that’s what I described in previous post). Then there’s vlan240-public for internal server, to be directly part of public network, which is bridged together with WAN interface wlan1-public using bridge public (it’s half your case #1, as it’s vlan with physical interface).
Thanks my friend. Now, I see what happens obviously.