I need to introduce VLANs to a L2 network without changing the subnets.
Hardware is mostly CRS3xx. There are several /24 subnets in the network and I am planning to go the single bridge with VLAN filtering route.
I need to be able to do this on a port by port / switch by switch basis but once VLAN filtering is enabled on the bridge, any ports not assigned to one of the new VLANs stays on PVID 1 and thus stops communicating with the devices on the same subnet that now has a different PVID.
Would greatly appreciate any tips on how to achieve this in ROS 7.
Thank you for replying, I think maybe I am not explaining my question very well. I have read the linked forum post and many others while familiarizing myself with VLAN configuration for Mikrotik and I think I understood that part. My question is more about if there is a way to do this in a live network while minimizing interruptions to the traffic flow, that is, to allow devices in a switch that has been “VLAN converted” to continue to talk to devices in the same /24 network connected to switches that does not have tagged / untagged ports or VLAN filtering enabled.
What I want to achieve is to add VLAN configuration to a L2 network according to the method in the post (assuming I understood it correctly), i.e:
Create VLAN interfaces for every VLAN in the core switch
Add the VLAN interfaces to a single bridge together with all the physical interfaces
Set uplink ports (and sometimes the bridge) as tagged
Set PVID=VLAN-ID for access ports
Enable VLAN Filtering
Once I do this in the first switch though, the devices that now has a PVID other than 1 will not be able to communicate with the rest of the network. I guess what I am trying to achieve is a form of VLAN bridging during the migration allowing devices in the same /24 network but with different VLAN tags talk to each other if that makes sense.
I would not attempt this on a live system during work hours.
I would do this via EVE NG or the like to ensure the setup that you will use works in the lab environment
I would do this at 2am LOL
I would never count on unmanaged switches to pass vlans correctly to further devices…