Hi, I have a trunk / access-port setup with a mix/tree of Mikrotik RB260GSP (SwOS) and Mikrotik Powerbox (Pro) (RouterOS). Trunk/Access Port setup is like here:
Now I would like to add a management VLAN with VLAN ID 30, over which I would like to be able to access all these Mikrotik devices. They are all interconnected via VLAN trunk port(s). On the RB260GSP / SwOS I have the setting System->“Allow From VLAN” and have added “30” in there and for these devices this works. However for the Mikrotik Powerbox (Pro) / RouterOS I have not found such a setting. How could I make these devices reachable over a managment VLAN, too? Ideally, how to set this up via the Web-UI in RouterOS. The Powerboxes / Powerbox Pros are configured in bridge-mode in my setup.
Just wanted to come back here with a solution. Gave this another go two years later and found a working setup not only for the RB260GSP/SwitchOS but for the PowerBox Pro / RouterOS now, too.
Currently I have VLANs configured on this Powerbox Pro via Bridge->VLANs in the Web-UI (not sure if that is the performant way, might no use the switch chip’s VLAN offloading capabilities / might unnecessarily copy packets from the switch to kernel, probably does not use the modern Linux DSA architecture yet? But found this the easiest to work with). The management VLAN is 30, IP address of the PB on this VLAN is 192.168.3.5/24.
Steps I did:
Interfaces->VLAN->Add New
Name: vlan30
VLAN ID: 30
Interface: bridge (default)
IP->Adresses->Add New
Address: 192.168.3.5/24
Interface: vlan30
Bridge->VLANS->Add New
Bridge: bridge
VLAN IDs: 30
Tagged:
bridge ← add this
Now I can configure a VLAN 30 access port on any of our managed switches or configure VLAN 30 on a device that is connected to a VLAN trunk port. And then access the PowerBox Pro via http://192.168.3.5/.
Hello TuX7
I am curious what does your device show as its Local Lan address in Quick Set? I have a design scenario that includes a fiber OLT (Cambuim Networks) does not allow VLAN 1 to pass through fiber network switches. This means I have to move my management VLAN to something else. But when I programmed my bridge as you did I end up with my IP on both the bridge and the Local Lan (Ether2 by default).