I come from years of networking with ProCurve and Cisco, and just got a hEX (750Gr3) to play with at home. I’ve read about master/slave ports being handled by the switch chip, and bridged ports being handled by software, and looked at the switch chip feature tables. Does the MT7621 and its lack of VLAN table mean that it can’t do VLAN tagging/trunking in hardware? Do I need to change to bridging to be able to do that? Still trying to wrap my head around how RouterOS does VLAN-ing…
By default, the HW switch acts like a dumb switch - meaning that it passes tagged and untagged frames alike, and doesn’t modify the VLAN headers, or restrict certain vlans to certain ports.
You can do VLANs with the HW switch, but it’s never clicked in my head as to how it’s done (check the Wiki for a howto on the subject)
I’m like you - coming from the Cisco world of VLANs and the ROS way seems strange. However, I got my head wrapped around the bridging version of VLANs pretty well and it’s pretty doggone flexible once the light comes on.
It looks like switch-port-based VLAN tagging requires a VLAN table, which the chip in the hEX doesn’t have. However, the rest of my network is ProCurve switches and an Aruba wireless controller, so I can do all of my switching there. The hEX just needs to handle the routing, which means I don’t need wire-speed switching, which means bridging is just fine. So, any tips in getting that light to come on?
If you just want the hEX to be a router for several VLANs, I’d say do this:
set up ether2 as master, ether3-5 as slave (master=ether2)
Then build vlan interfaces onto ether2.
/interface vlan add name=vlan101 interface=ether2 vlan-id=101
etc…
The switch chip will replicate this onto all 4 lan interfaces - consider it like saying “switch mode trunk + no switch trunk allowed vlan” on all 4 interfaces
Ok, that makes sense so far. Is there a ‘native VLAN’ equivalent, as well? I think this might have something to do with vlan-mode, but again, that’s listed under the “Vlan Table” section of the documentation, so I’m not sure whether it works with the hEX or not.
It seems I was overthinking things (what a surprise). ZeroByte, I used the commands you suggested, and added VLANs 2 and 3 to my ether2-master interface. Added addresses and DHCP pools to the VLAN interfaces, and it’s running beautifully. The switch treats VLAN 1 as the default/untagged VLAN, exactly as I was hoping it would. Now to tackle the firewall rules and IPv6. Thanks for your help!!
No prob. When you add a vlan subinterface, it’s the same exact thing as in a Cisco router whenever you do something like this:
interface gig0/1.101
encapsulation dot1q 101
!
If you add the vlan subinterface to a bridge (not a physical etherX interface) then it’s like a VIF:
interface vlan 101
!
That’s sort of a rough parallel way to think about vlans in Mikrotik if you’re used to Cisco.