Hi,
Is it possible to use the RB750 like a port based vlan switch where for eg, port-1 is the uplink port and all other ports (2-5) only communicate with port 1 and don’t see each other.
Thanks,
Best Regards,
Satyam Bachani.
sure. in general: create 4 bridges, create 4 VLAN interfaces on ether1, add the following ports to interfaces:
bridge1: vlan1 and ether2
bridge2: vlan2 and ether3
bridge3: vlan3 and ether4
bridge4: vlan4 and ether5
maybe problem can be solved by using RB’s switching chip capabilities, but I work with x86, not RB 
EDIT:
There seems to be an issue it doesn’t pass pppoe traffic.
Could there be something else I could try?
Regards,
Satyam.
should pass all kind of traffic, as far as I know… maybe some blocking firewall rules?..
Hello,
Im trying to setup port based vlan on RB750
Its my config: (doesnt work)
I dont have any filter rules.
[admin@MikroTik] /interface ethernet> print
Flags: X - disabled, R - running, S - slave
# NAME MTU MAC-ADDRESS ARP MASTER-PORT SWITCH
0 R ether1-gateway 1500 00:0C:42:56:E4:6D enabled
1 ether2-local-master 1500 00:0C:42:56:E4:6E enabled none 0
2 ether3-local-slave 1500 00:0C:42:56:E4:6F enabled none 0
3 ether4-local-slave 1500 00:0C:42:56:E4:70 enabled none 0
4 ether5-local-slave 1500 00:0C:42:56:E4:71 enabled none
[admin@MikroTik] /interface bridge port> print brief
Flags: X - disabled, I - inactive, D - dynamic
# INTERFACE BRIDGE PRIORITY PATH-COST HORIZON
0 vlan1 lan1 0x80 10 none
1 vlan2 lan2 0x80 10 none
2 vlan3 lan3 0x80 10 none
3 vlan4 lan4 0x80 10 none
4 I ether2-local-master lan1 0x80 10 none
5 I ether3-local-slave lan2 0x80 10 none
6 I ether4-local-slave lan3 0x80 10 none
7 I ether5-local-slave lan4 0x80 10 none
[admin@MikroTik] /interface bridge> print
Flags: X - disabled, R - running
0 R name="lan1" mtu=1500 l2mtu=1522 arp=enabled mac-address=00:0C:42:56:E4:6D protocol-mode=none priority=0x8000 auto-mac=yes
admin-mac=00:00:00:00:00:00 max-message-age=20s forward-delay=15s transmit-hold-count=6 ageing-time=5m
1 R name="lan2" mtu=1500 l2mtu=1522 arp=enabled mac-address=00:0C:42:56:E4:6D protocol-mode=none priority=0x8000 auto-mac=yes
admin-mac=00:00:00:00:00:00 max-message-age=20s forward-delay=15s transmit-hold-count=6 ageing-time=5m
2 R name="lan3" mtu=1500 l2mtu=1522 arp=enabled mac-address=00:0C:42:56:E4:6D protocol-mode=none priority=0x8000 auto-mac=yes
admin-mac=00:00:00:00:00:00 max-message-age=20s forward-delay=15s transmit-hold-count=6 ageing-time=5m
3 R name="lan4" mtu=1500 l2mtu=1522 arp=enabled mac-address=00:0C:42:56:E4:6D protocol-mode=none priority=0x8000 auto-mac=yes
admin-mac=00:00:00:00:00:00 max-message-age=20s forward-delay=15s transmit-hold-count=6 ageing-time=5m
hmmm… all your ether* in bridges are inactive… why?..
because at that moment I used only ether1 (ether2,3,4,5 was unplugged)
Any suggestions how to set up port based vlan on mikrotik 3.x on rb750?
switch mode is disabled.
see above?..
Could you export sample config? That isn’t work on my RB750.
migo, you have to remove/clear the SLAVE (Master Port) options from the Ether3-5 interfaces. I had a similar problem where my VLANs didn’t work due to Ether3-5 being the slave of Ether2.
Here’s my thread where I wanted to have 2 VLAN’s on 1 interface: 1 VLAN bridged with the WAN Ethernet interface & 1 bridged with the other LAN interfaces.
http://forum.mikrotik.com/viewtopic.php?f=2&t=37508&start=0
Pada, look for my first post in this topic.
[admin@MikroTik] /interface ethernet> print
Flags: X - disabled, R - running, S - slave
# NAME MTU MAC-ADDRESS ARP MASTER-PORT SWITCH
0 R ether1-gateway 1500 00:0C:42:56:E4:6D enabled
1 ether2-local-master 1500 00:0C:42:56:E4:6E enabled none 0
2 ether3-local-slave 1500 00:0C:42:56:E4:6F enabled none 0
3 ether4-local-slave 1500 00:0C:42:56:E4:70 enabled none 0
4 ether5-local-slave 1500 00:0C:42:56:E4:71 enabled none
my apologies migo, I skipped the master-port column since your interface names stated master/slave.
Why don’t you simply upgrade your firmware to ROS 4.4?
Setup description:
- Ethernet interfaces: 1x wan port & 4x local ports
- VLAN interfaces: 4 vlan’s with unique id’s assigned to the wan port
- Bridge interfaces: 4 bridges : bridging each vlan with a local port
- Switching rules: add vlan id’s to each local port
My sample config looks like:
- UPDATED:
/interface ethernet
set 0 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
"" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:56:E4:6D \
master-port=none mtu=1500 name=ether1-wan speed=100Mbps
set 1 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
"" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:56:E4:6E \
master-port=none mtu=1500 name=ether2-local speed=100Mbps
set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
"" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:56:E4:6F \
master-port=none mtu=1500 name=ether3-local speed=100Mbps
set 3 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
"" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:56:E4:70 \
master-port=none mtu=1500 name=ether4-local speed=100Mbps
set 4 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
"" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:56:E4:71 \
master-port=none mtu=1500 name=ether5-local speed=100Mbps
/interface vlan
add arp=enabled comment="" disabled=no interface=ether1-wan l2mtu=1520 \
mtu=1500 name=vlan1 use-service-tag=no vlan-id=1
add arp=enabled comment="" disabled=no interface=ether1-wan l2mtu=1520 \
mtu=1500 name=vlan2 use-service-tag=no vlan-id=2
add arp=enabled comment="" disabled=no interface=ether1-wan l2mtu=1520 \
mtu=1500 name=vlan3 use-service-tag=no vlan-id=3
add arp=enabled comment="" disabled=no interface=ether1-wan l2mtu=1520 \
mtu=1500 name=vlan4 use-service-tag=no vlan-id=4
/interface bridge
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
comment="" disabled=no forward-delay=15s l2mtu=1520 max-message-age=20s \
mtu=1500 name=bridge-vlan1 priority=0x8000 protocol-mode=none \
transmit-hold-count=6
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
comment="" disabled=no forward-delay=15s l2mtu=1520 max-message-age=20s \
mtu=1500 name=bridge-vlan2 priority=0x8000 protocol-mode=none \
transmit-hold-count=6
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
comment="" disabled=no forward-delay=15s l2mtu=1520 max-message-age=20s \
mtu=1500 name=bridge-vlan3 priority=0x8000 protocol-mode=none \
transmit-hold-count=6
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
comment="" disabled=no forward-delay=15s l2mtu=1520 max-message-age=20s \
mtu=1500 name=bridge-vlan4 priority=0x8000 protocol-mode=none \
transmit-hold-count=6
/interface bridge port
add bridge=bridge-vlan1 comment="" disabled=no edge=auto external-fdb=auto \
horizon=none interface=vlan1 path-cost=10 point-to-point=auto \
priority=0x80
add bridge=bridge-vlan2 comment="" disabled=no edge=auto external-fdb=auto \
horizon=none interface=vlan2 path-cost=10 point-to-point=auto \
priority=0x80
add bridge=bridge-vlan3 comment="" disabled=no edge=auto external-fdb=auto \
horizon=none interface=vlan3 path-cost=10 point-to-point=auto \
priority=0x80
add bridge=bridge-vlan4 comment="" disabled=no edge=auto external-fdb=auto \
horizon=none interface=vlan4 path-cost=10 point-to-point=auto \
priority=0x80
add bridge=bridge-vlan1 comment="" disabled=no edge=auto external-fdb=auto \
horizon=none interface=ether2-local path-cost=10 point-to-point=auto \
priority=0x80
add bridge=bridge-vlan2 comment="" disabled=no edge=auto external-fdb=auto \
horizon=none interface=ether3-local path-cost=10 point-to-point=auto \
priority=0x80
add bridge=bridge-vlan3 comment="" disabled=no edge=auto external-fdb=auto \
horizon=none interface=ether4-local path-cost=10 point-to-point=auto \
priority=0x80
add bridge=bridge-vlan4 comment="" disabled=no edge=auto external-fdb=auto \
horizon=none interface=ether5-local path-cost=10 point-to-point=auto \
priority=0x80
/interface ethernet switch port
set (unknown) vlan-mode=fallback
set (unknown) vlan-mode=fallback
set (unknown) vlan-mode=fallback
set (unknown) vlan-mode=fallback
set (unknown) vlan-mode=fallback
/interface ethernet switch rule
add switch=0 ports=ether2-local new-vlan-id=1
add switch=0 ports=ether3-local new-vlan-id=2
add switch=0 ports=ether4-local new-vlan-id=3
add switch=0 ports=ether5-local new-vlan-id=4
Note: I haven’t tested that config and I don’t have that much experience with VLAN’s yet.
Hi everybody,
did anyone just test the last post’s solution?
there is nothing like the following in my RB750 
:
/interface ethernet switch
what is the problem?
Thanks,
Do you have version 4 or above of the software? Default on my RB750 was 3.31 iirc.
no, I have v3.29 running on mine
I have tested this conf on RB750g (v.4.6) and looks like not working.
But why to use port based vlan on mikrotik?
/interface bridge filter
add action=drop chain=input in-interface=!ether1 mac-protocol=ip
add chain=forward in-interface=ether1
add chain=forward in-interface=!ether1 out-interface=ether1
add action=drop chain=forward in-interface=!ether1
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
Can it be equivalent a port based-vlan?
Port 1 is the main, and 2,3,4 and 5 clients
(admin ‘input’ only for port 1)
I hate to drag up an old thread, but I want to do exactly this..
The server can see everybody on port 1 (lets say) and the other hosts on ports 2,3,4,etc. can see the server, but not each other.
It seems to be the config described here isn’t quite right. Traffic leaving port 1 will be tagged and untagged traffic will be ignored when it comes in on port 1…
Am I missing somthing??
I have tried to do this on a RB450 with no success is switch mode and as described here..
Honestly I did not use it finally, but this works fine in my tests…