If you find any error, please let me now so that I can correct it.
I will add more example with configuration and Visio later
VLAN Example #1 (Trunk and Access Ports)
Create a bridge with disabled vlan-filtering to avoid losing access to the router before VLANs are completely configured.
In the end, when VLAN configuration is complete, enable Bridge VLAN Filtering.
/interface bridge set bridge1 vlan-filtering=yes
Warning: The PVID value is set to all traffic that enters the bridge and adds the port dynamically to the bridge VLAN table for VLAN ID that matches the PVID value. If you are trying to isolate tagged traffic from untagged traffic, then make sure you have set a PVID to a bridge port that is different from the bridge’s PVID value, otherwise these ports will be dynamically added to the bridge VLAN table and will be able to forward traffic from untagged ports.
.
VLAN Example #2 (Trunk and Hybrid Ports)
Create a bridge with disabled vlan-filtering to avoid losing access to the router before VLANs are completely configured.
Add Bridge VLAN entries and specify tagged and untagged ports in them. In this example egress VLAN tagging is done on ether6,ether7,ether8 ports too, making them into hybrid ports.
In the end, when VLAN configuration is complete, enable Bridge VLAN Filtering.
/interface bridge set bridge1 vlan-filtering=yes
Warning: The PVID value is set to all traffic that enters the bridge and adds the port dynamically to the bridge VLAN table for VLAN ID that matches the PVID value. If you are trying to isolate tagged traffic from untagged traffic, then make sure you have set a PVID to a bridge port that is different from the bridge’s PVID value, otherwise these ports will be dynamically added to the bridge VLAN table and will be able to forward traffic from untagged ports.
.
VLAN Example #3 (InterVLAN Routing by Bridge)
Create a bridge with disabled vlan-filtering to avoid losing access to the router before VLANs are completely configured.
Add Bridge VLAN entries and specify tagged and untagged ports in them. In this example bridge1 interface is the VLAN trunk that will send traffic further to do InterVLAN routing.
Configure VLAN interfaces on the bridge1 to allow handling of tagged VLAN traffic at routing level and set IP addresses to ensure routing between VLANs as planned.
Management port #1
(This is based on previous configutatin)
There are multiple ways to setup management port on a device that uses bridge VLAN filtering. Below are some of the most popular approaches to properly enable access to a router/switch. Start by creating a bridge without VLAN filtering enabled:
In case VLAN filtering will not be used and access with untagged traffic is desired
The only requirement is to create an IP address on the bridge interface.
Management port #2
In case VLAN filtering is used and access from trunk and/or access ports with tagged traffic is desired
In this example VLAN 99 will be used to access the device, a VLAN interface on the bridge must be created and an IP address must be assigned to it.
For example, if you want to allow access to the router/switch from access ports ether3,ether4 and from trunk port sfp-sfpplus1, then you must add this entry to the VLAN table:
Management port #3
In case VLAN filtering is used and access from trunk and/or access ports with untagged traffic is desired
To allow untagged traffic to access the router/switch, start by creating an IP address on the bridge interface.
It is required to add VLAN 1 to ports from which you want to allow the access to the router/switch, for example, to allow access from access ports ether3,ether4 add this entry to the VLAN table:
Other devices without a built-in switch chip. https://wiki.mikrotik.com/wiki/Manual:Basic_VLAN_switching#Other_devices_without_a_built-in_switch_chip
It is possible to do VLAN filtering using the CPU, there are multiple ways to do it, but it is highly recommended by using bridge VLAN filtering.
Here the MT is configured as a switch with VLAN 20,30 and 99 Tagged on Port 1. VLAN 20 untagged on Port 2. VLAN 30 untagged on Port 3.
