Hello,
I have got a question regarding Mikrotik CRS switch. I am using CRS212-1G-10S-1S+IN configured with 802.1Q VLAN forwarding. I am using VLAN ingress rule to translate untagged traffic from some specific ports into tagged VLAN frames, which are then sent through uplink port. Also fully tagged traffic is going through, hence some ports are “hybrid” with untagged/tagged traffic. All of this IS working.
Basically the configuration is very similar to “Example 2” from here http://wiki.mikrotik.com/wiki/Manual:CRS_examples#VLAN
And now the question is. I would like to separate untagged traffic, coming from port, based on source IP and redirect the traffic into separate VLANs. There is similar feature for protocol based VLANs and MAC based VLANs.
Example:
- Untagged traffic coming from sfp1 sourced from 192.168.200.0/24 … translate to … tagged frames with VLAN200 coming out using uplink port eth0
- All other untagged traffic from sfp1 … translate to … tagged frames with VLAN40 (this is working now with ingress rule)
As I researched capabilities of VLAN settings/translating etc. this is not possible. Anyway I have found some clues in Switch/ACL sub-menu. There is a possibility to create new ACL rule matching desired traffic (IPv4 matching) and I can set target to FORWARD and I can set new-customer-id to whatever VLAN I want. Anyway this is not working. I tried many configurations. I understand, that I need to do such translation in both ways (from uplink to access port and back). What I see as a problem, is the lack of MAC addresses learning throughout the translation.
Any clues on this? Or is this completely out of mind? 