I am having trouble setting up VLANs on Mikrotik gear. I can do it all day on Cisco but Mikrotik is confusing. Someone was nice enough to create an article on VLANs and VLAN trunking. need some clarification if someone can help.
Access rule-Cisco
interface FastEthernet5/0/47
switchport access vlan 100
switchport mode access
end
/interface bridge port
add bridge=bridge1 interface=sfp-sfpplus1 pvid=100 (it seems that in this rule we adding an interface "sfp-sfpxxx) to a bridge and then allocating it to access only VLAN 100) What if the interface is already part of the bridge how do you just add a port to access VLAN 100 only.)
/interface bridge VLAN
add bridge=bridge1 tagged=sfp-sfpplus2 vlan-ids=100,200 (here I can see again adding a tagged interface of sfpxx2 ?? and then allowing vlan 100 and 200 to that trunk port ??)
Additionally what is /interface bridge VLAN for? I know its part of the trunking process, just trying to wrap my head around it, in Cisco is to trunk the port or ether-channel. The syntax is very different.
Any help is greatly appreciated.
This is just the beginning need to send VLANs over a 100% Mikrotik network from RB1100 to bridge with Netmetals to powerbox back to Netmetal AP down to LGH and allow only a certain VLAN in the ethernet and another VLAN on anther LHG ethernet port.
If interface is already added as bridge port, but you need to change some of its properties, use set:
/interface bridge port
add bridge=bridge interface=sfp-sfpplus1
# set pvid on this port
set [ find interface=sfp-sfpplus1 ] pvid=100
In ROS, VLAN settings are split in two sections: /interface bridge port and /interface bridge vlan.
In the former one builds up the bridge (adds interfaces as bridge ports) and sets (mostly) ingress behaviour … some security settings (frame-types, ingress-filtering) and VID for untagged ingress packets (either access or trunk ports) - pvid parameter.
In the later one sets mostly egress behaviour (also for ingress depending on setting of ingress-filtering parameter) … port membersihp in VLAN for both tagged and untagged. Mind that access port still has to be set-up as (untagged) port member of selected VLAN …
Another thing to observe: bridge in ROS has dual personality: “something like a switch”, which is expected ftom bridge, and “something like an interface”, which is somehow unexpected … it gets created automatically for each bridge (bearing same name) and behaves much like all other interfaces - can be tagged or untagged member of a VLAN, if untagged one has to set pvid, … and accepts L3 config on its untagged part … if one needs IP config on tagged part, vlan interfaces have to be created off the bridge interface. If bridge (as switch) is supposed to forward frames of some VLAN but no L3 functions of router are needed, then bridge (as interface) doesn’t have to be member port of that VLAN.