MAC based VLAN

Cynrik · September 17, 2024, 3:07pm

Hello,

I want to move devices with specific MAC addresses to a dedicated VLAN.
If device with MAC address DC:2C:6E:AE:05:3B is plugged into CRS326, it should get VLAN ID 155.
This should work with any port from the CRS326 devices.

There are multiple CRS326 devices and each has a IP address within VLAN ID 155.
The VLAN setup is already working and each CRS326 can ping the IP adddress from each VLAN ID 155.

If i understood the MK help correctly, i can do a MAC based VLAN with a switch rule.

Since this setup should work with any ethernet port, does for the option “ports” the value “switch1 cpu” would work, or do i have to add all physical ports to the switch rule?
Do i need to add all ports as tagged member for the Bridge VLAN ID 155, or is it then untagged?

Regards,
Cynrik

g22113 · September 18, 2024, 8:59am

As I understand it, switch rules are applied on ingress, so if you want to assign a VLAN ID to packets arriving from physical Ethernet, then you need to select all physical Ethernet ports. Selecting “cpu” would only match packets arriving from the Mikrotik’s CPU.

Likely untagged, as your device is not expecting to receive VLAN-tagged packets and won’t know what to do with them. (Windows PCs sometimes happily ignore VLAN tags, but most other devices won’t recognize them.)