RB2011: How to Bridge fastE & gigE ports with VLANs?

RouterOS General
1

I have an RB2011UiAS running 6.20 RouterOS and current firmware.

I am unable to bridge the gigE and fastE ports if I use the switch chip and activate VLANs.

How can I allow port 7 (and other switch2 ports) to have access to the VLANS from the trunk port (port 5)?

Thanks for any suggestions.

Here’s my setup:

\

/interface bridge
add mtu=1500 name=bridgeGigandFast
/interface ethernet
set [ find default-name=ether3 ] master-port=ether2
set [ find default-name=ether4 ] master-port=ether2 speed=1Gbps
set [ find default-name=ether5 ] master-port=ether2
set [ find default-name=ether7 ] master-port=ether6
set [ find default-name=ether8 ] master-port=ether6
set [ find default-name=ether9 ] master-port=ether6
set [ find default-name=ether10 ] master-port=ether6
set [ find default-name=ether1 ] master-port=ether2
/interface ethernet switch port
set 1 default-vlan-id=1
set 3 default-vlan-id=3 vlan-header=always-strip vlan-mode=secure
set 4 default-vlan-id=4 vlan-header=always-strip vlan-mode=secure
set 5 vlan-header=add-if-missing vlan-mode=secure
set 10 default-vlan-id=1
/port
set 0 name=serial0
/system logging action
set 1 disk-file-name=log
set 2 remember=yes
set 3 src-address=0.0.0.0
/interface bridge port
add bridge=bridgeGigandFast interface=ether2
add bridge=bridgeGigandFast interface=ether6
/interface ethernet switch vlan
add independent-learning=no ports=ether5,ether2,switch1-cpu,ether1,ether3
switch=switch1 vlan-id=1
add independent-learning=no ports=ether4,ether5 switch=switch1 vlan-id=4
add independent-learning=no ports=ether5,ether3 switch=switch1 vlan-id=6
add independent-learning=no ports=ether5,ether3,ether2 switch=switch1
vlan-id=3
add ports=ether6,switch2-cpu,ether7 switch=switch2 vlan-id=1
add ports=ether6,ether7 switch=switch2 vlan-id=3
/ip address
add address=192.168.1.80/24 interface=bridgeGigandFast network=192.168.1.0
/ip ipsec policy
set (unknown) dst-address=0.0.0.0/0 src-address=0.0.0.0/0
/ip proxy
set cache-path=web-proxy1
/ip upnp
set allow-disable-external-interface=no
/lcd
set enabled=no
/snmp
set trap-community=public
/tool graphing interface
add

2

i think, you have 2 options:

  1. bridge via CPU (less performance, but CPU can handle 100mbps)
  2. link the via patch cable (save CPU, but lost 1-1 ports)
3

Thanks for the suggestion.

Yes – I am trying to bridge by CPU, but just couldn’t figure out the right sequence/commands that would bridge a trunk port from switch1 to switch2.

It seems that using the switch chip makes it difficult to bridge both sides when using VLANs.

4

hey

i was trying the same on a RB2011UAS
i thought of it, tried many things and came up with this but doesn’t seem to work due to chip limitations.
gig ports work fine but not the Fa ports



interface ethernet set 0 name=eth1
interface ethernet set 1 name=eth2
interface ethernet set 2 name=eth3
interface ethernet set 3 name=eth4
interface ethernet set 4 name=eth5
interface ethernet set 5 name=eth6
interface ethernet set 6 name=eth7
interface ethernet set 7 name=eth8
interface ethernet set 8 name=wan  <<<  moving the wan to 100MBps ( waste of gig ports)
interface ethernet set 9 name=dmz


interface bridge set 0 name=br-lan

interface ethernet set 3,4,5,6 master-port=eth1      <<< eth 2345
interface ethernet set 8,9 master-port=eth6            <<< eth6,7,8

interface ethernet switch vlan add switch=switch1 vlan-id=10 ports=switch1-cpu,eth4,eth5
interface ethernet switch vlan add switch=switch2 vlan-id=10 ports=switch2-cpu,eth7

interface ethernet switch port print
interface ethernet switch port set 4,5,7 vlan-mode=secure vlan-header=add-if-missing default-vlan-id=10
interface ethernet switch port set 11,12 vlan-mode=fallback vlan-header=leave-as-is



interface vlan add name=eth1.10 vlan-id=10 interface=eth1 disabled=no
interface vlan add name=eth6.10 vlan-id=10 interface=eth6 disabled=no

interface bridge port add interface=eth1.10 bridge=br-lan 
interface bridge port add interface=eth6.10 bridge=br-lan

it looks like im in the right direction but i am missing something only thing i notice is the default vlan id on switch2_cpu is 0 instead of auto. i am definitely missing something here. i know it works for gig because if i add an ip on the bridge int. it pings one side and not the other. my tought was that those packets where not tagged and therefore did not work or something but why would it work on gigs not on fa is a mistery to me.

5

Mikrotik’s has always had a non-conventional syntax approach to Vlans. It makes it difficult at times to understand their approach when you’ve learned CISCO’s syntax.

Doesn’t mean I don’t like the Tik boxes, just wished it was a bit more conventional for cross platform knowledge. :sunglasses:

-tp

6

only problem is that i understand how its supposed to work as per their own design but it doesn’t work anyway… :frowning:
from what i gather there might be an issue with the switch chip being different i think .

from my understanding in my setup eth1 and 6 are uplink to the switch_cpu from the router standpoint and the switch_cpu is the interface towards the router. so technically adding the “sub interface”/ vlan interface should enable to bridge only that vlan here i am only working in one vlan and that does not work . i also tried bridging the master-ports directly and then binding the vlan to the master port that doesn’t work either. ( bridging the 2 Ethernet should in theory bridge all the tagged vlan together like bridging 2 switch tru a trunk .

wish programmers / microtik would pitch in on this

in my mind, if you think about this it should look like this (switch lvl)

(ethX in vlan10)<=>switch1_cpu (allvlans) <=> bridge <=>(allvlans) switch2_cpu <=> (ethY in vlan10)

in the router it should look like this (router lvl)
eth1(switch1_cpu)<=> bridge <=> eth6 (switch2_cpu)

now where/how do i put the vlan / layer 3 in this ?
vlan10 on eth1 ?
vlan10 on bridge ?
vlan10 on eth1 in the bridge?

/ scratches head…