I have created simple VLAN (id 2420) to connect our ISP to one of our clients about a year ago. All was straight forward and all still works. Now I needed to create exact the same type VLANs only with different IDs (2414, 300). Created, but they don't work. I searched config all trough several times, recreated several times, rebooted router, but still new VLANs don't work...
At the moment our RB1100AHx2 has v 6.30.2. (First VLAN was created on same router, but on older version).
Connection is as follows: ISP -> connected to e1 of Routerboard -> bridged e2, e3, e4 -> WiFi links -> L2 switch -> CPE
When I check MAC on L2 switch I see Routers VLAN 2420 MAC address, but don't see new created ones. If I connect CPE to switch and add IP on VLAN bridge, cant ping each other. From ISP side our router is accessible via new VLANs, but it looks like it is not bridging these VLANs to down ports (e.g. to bridge1).
The only thing at the moment I can think of - mainly all examples are with VLANs on Ethernet ports. We have from one side Ethernet port from another - bridge. Maybe bridge cant be a part of several VLANs? Otherwise I am starting to think its kind of bug.
Here are the parts regarding VLAN. VLAN 2420 works with no problems:
You create for each vlan one vlan port on each interface and one vlan port for each on bridge1.
Then you put every vlan bridge port and every vlan interface port on an individual bridge.
And you expect them to forward traffic between each other (and this will not work - see below).
In this case, why not creating one vlan interface on each ethernet port like you did and just put those interfaces on bridge1.
No extra bridges at all, only a single one:
In this case, only untagged vlan traffic will enter bridge1 and will be forwarded between vlans and tagged with the specific vlan on output. So the bridge filtering becomes superfluous.
You have to see a vlan interface as an virtual device which extracts tagged traffic from its parent and presents it untagged on that virtual interface, and gets untagged traffic and puts it tagged into the parent interface.
The way you set it up, the vlans are still existing in the main bridge (being tagged by the bridge vlan interface) and there will be no forward between them, since the bridge vlan interfaces will accept only their specific tagged traffic on bridge output. To forward between them they need to be untagged inside the bridge, and that is done by putting the ethernet vlan interface directly into the bridge.
This all is in production and my first vlan (although with additional bridgeV2420 and VLAN2420 on bridge1) works as needed.
Therefore I got back to starting point (with one existing vlan) and created only one new VLAN as you suggested:
And added this new VLAN (2414) direct to bridge1
add bridge=bridge1 interface=vlan-2414-gw
But its not working. Maybe my first post missed important information - our Mikrotik acts as router, so interface ether1 is not part of bridge1. ether1 interface is connected to ISP switch. bridge1 is our LAN and contains ether2, ether3 and ether4 interfaces. And communication between them is on Layer3. I need somehow to pass through router our ISP defined VLANs (therefore I created those additional bridges).
From router I still can see only ISP device in VLAN2414 (under Hosts on VLAN2414 interface). From LAN side (from switches who are connected to bridge1) I dont see any device on VLAN2414.
Still would appreciate any help. I also drew a simple picture.
VLAN2420 is working already as needed (I am not sure if it is perfect solution, but at least it works) - VLAN comes from ISP, passes trough our Mikrotik to our L2 switch where ISP CPE is connected (we provide their VLAN through or network). I need to create the same configuration, but with different VLAN ID. If I create the same way as for VLAN2420 that doesn’t work.
Found the problem… One of our technical stuff members installed another L2 switch in-between and didn’t added it to documentation. So configured VLAN on that missing switch and all is working.
So still if anyone has suggestions how to better configure Mikrotik in provided scenario - your suggestions are welcome.