Same Vlan on two interfaces, Tag and Untag

eng_neovia · March 27, 2007, 1:31pm

Good Morning,

I’m new to Mikrotik RouterOS and in need of help. We are planning on use routerboard 532 with Mikrotik as our default CPE for our clients. It’s works very well as a router, NAT, Firewall, filter and bandwitdth controller, but some of our clients need only switching vlans for MPLS tunneling for example. It’s very simple, we need RB532 to act as a vlan switch forwarding 3 vlans in trunk mode thru ether1 (that’s the easy part), and we need, for example, vlan 100 to be forwarded untagged thru ether2 for VPN traffic, and vlan 101 forwarded untag thru ether3 for Natted traffic (Internet Traffic).

                                                         LAN
                                                   Client Hub-------
                                                       |           |
                                                       |          NAT
                                                       |         SERVER
                                                     eth2          |
    -------eth2-RB532-eth1--------BACKBONE------eth1-RB532-Eth3-----
    |              B                 MPLS               A
    |
Site B

For RB532-B
Eth1: vlans 100 and 1999 tagged
Eth2: vlan 100 untagged

For RB532-A
Eth1: vlans 100, 101 and 1999 tagged
Eth2: vlan 100 untagged
Eth3: vlan 101 untagged

Thanks for reading, understanding and replying!!!

savage · March 27, 2007, 1:45pm

Hmm, bridge the vlan and eth interfaces on where they get to be untagged???

eng_neovia · March 27, 2007, 2:01pm

Hello,

On RB532A, for example:

Interfaces Eth2 and Eth3 must be untagged for vlans 100 and 101 respectively cause there’s no 802.1q support after.

Interface Eth2 would be connected to a client’s switch or hub with no vlan support, and Eth3 would be connected to the outside NAT interface of a Linux Server or commercial appliance that belongs to the client and has no vlan support.

Summarizing, RB532 would have to tag the ethernet frames on the uplink and remove the 802.1q tag on the downlink, forwarding the frame thru the correct interface. Tagged frames from vlan 100 coming from eth1 would be stripped of it’s tag label and forwarded thru eth2, while tagged frames coming from eth1 would be tag-removed and then forwarded thru eth3.

On uplink, frames coming from eth2 would be tagged with vlan id 100 and forwarded thru eth1, while frames coming from eth3 would be tagged with vlan id 101 and then forwarded to eth1.

That’s it!!!

Thanks in advance!!!