Hello,
I have vlans setup on my RB2011’s switch by following the guide in “VLAN Example #2” here: https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#Bridge_VLAN_Filtering
All seems to be working fine, and device on access ports get the correct addresses/connectivity from the router, but I cannot connect over Romon to this device any longer (had to configure another port not on the bridge for accessing the device directly). Is there something extra which needs configuring to get Romon working again?
This is the first device I have setup using VLANs on the switch chip rather than just using a bridge with vlan filtering activated.
Thanks!
Hello,
Thanks for your reply - I have read that previously to help me understand vlans in general.
I think I’m struggling to convert my knowledge over from doing all the vlan config on the bridge (vlan-filtering=yes) to doing it on the switch itself.
If I set the vlan mode to ‘fallback’ on the trunk ports, I get romon working OK. Using torch I can see that traffic appears to be arriving on vlan ID 99.
But this doesn’t make sense to me since vlan ID 99 definitely is in my vlan table on the switch. The manual says:
fallback > - the default mode - handle packets with VLAN tag that is not present in vlan table just like packets without VLAN tag. Packets with VLAN tags that are present in VLAN table, but incoming port does not match any port in VLAN table entry does not get dropped.
secure > - drop packets with VLAN tag that is not present in VLAN table. Packets with VLAN tags that are present in VLAN table, but incoming port does not match any port in VLAN table entry get dropped.
So what am I not understanding? 
I guess romon traffic somehow doesn’t have a vlan id and so gets dropped in ‘secure’ mode?
Romon by default operates on L2 directly on the connection, so it is untagged traffic. When you drop untagged traffic, it will not work.
But, you can add ports to Romon and when you add a VLAN subinterface there, it should work on that tagged VLAN as well.