So I have seen bits and pieces of this configuration before, but I was looking for a way to tie it all together and get a bit of clarification on some best practices.
The network diagram below shows a basic example of what I’m trying to accomplish:
The idea here is that the RB750G running RouterOS 5.2 is the Layer 3 termination point for each VLAN in the environment, and those VLANs can route between each other at the RB750G. This setup is similar to the ‘router on a stick’ setup, since there is a VLAN tagged ‘trunk’ interface which goes to a managed switch, and from that managed switch there could be various hosts on various VLANs.
Additionally though, I would like to use the other ports on the RB750G as ‘access ports’ or host ports for several servers that typically talk between VLANs. So some ports of the RB750G are used as layer 2 switchports, which would then pass traffic to be routed between VLANs if needed. For this example there is no firewalling, and no NAT.
I have accomplished this setup before with Cisco and Vyatta, and I’m sure RouterOS can do it, but I think I’m getting lost in the details as to how to get this configured. Usually on those devices you create ‘switched virtual interfaces’ which are VLAN interfaces not tied to a single interface. That way you can tag ports with various L2 VLANs and stay flexible as ports change. I tried to accomplish this with RouterOS by creating bridge interfaces, one for each VLAN, then tying VLAN interfaces to bridge interfaces. That way I could potentially set a port to be a member a of a certain VLAN, which then ties to a bridge, which ultimately uses a VLAN interface if need be to route between different VLANs.
I have also attached the entire configuration from the RB750G, probably more than is needed but I didn’t want to leave anything out. I feel like this is very close to actually working, but I’m struggling with how to configure the physical ports, and to just ensure I am approaching this the right way. Please note I have not done any configuration for the physical ports yet, because so far the things I have tried ended up locking me out of the device (probably due to VLAN tagging). Thanks in advance for help, and let me know if I need to clarify anything.
rb750g.txt (19.8 KB)