So I have a question about how exactly to utilize the switch chip vlans and was hoping someone could provide some guidance. My current configuration is below.
I have a RB2011 in which ether1 is my gateway, ether2-5 are grouped (to ether2), and ether6-10 are grouped (to ether6). Ether2 and Ether6 are in a bridge named bridge-local which is where everything runs. I would like to setup one of the ports in the first group as a VLAN trunk, but I would ideally like to leave it in the switch group for speed reasons.
I was able to get it to work by removing ether3 from the group, and then adding vlan=10 to ether3, and then adding ether3 to the bridge-local. The downside is that also removed it from the switch group which puts more on the processor.
Here is the config as it exists:
/interface ethernet
set 0 name=ether1-gateway
set 1 name=ether2-master-local
set 2 master-port=ether2-master-local name=ether3-slave
set 3 master-port=ether2-master-local name=ether4-slave
set 4 master-port=ether2-master-local name=ether5-slave
set 5 name=ether6-master-local
set 6 master-port=ether6-master-local name=ether7-slave-local
set 7 master-port=ether6-master-local name=ether8-slave-local
set 8 master-port=ether6-master-local name=ether9-slave-local
set 9 master-port=ether6-master-local name=ether10-slave-local
set 10 disabled=yes name=sfp1-gateway
/interface bridge
add auto-mac=no l2mtu=1598 name=bridge-local protocol-mode=rstp
/interface bridge port
add bridge=bridge-local interface=ether2-master-local
add bridge=bridge-local interface=ether6-master-local
And this is what I was considering… is this correct? Can someone shed some light?
/add interface=ether3 l2mtu=1594 name=vlan-guest vlan-id=100
/interface ethernet switch port
set ether2 vlan-mode=fallback
I tried this… but it didn’t work as I thought it might.
My GOALs
a) pass traffic from ether2 through ether5 that are untagged that ARE NOT destined for the routerboard straight through at the switch level
b) pass traffic from ether3 tagged with VLAN ID 100 through the switch cpu to the routerboard for processing…
What did I do wrong? Anyone help me fix this?
/interface ethernet
set 0 name=ether1-gateway
set 1 name=ether2-master-local
set 2 master-port=ether2-master-local name=ether3-slave
set 3 master-port=ether2-master-local name=ether4-slave
set 4 master-port=ether2-master-local name=ether5-slave
Latest after playing with it it SEEMS to work, but I am not entirely sure how to tell whether or not vlan100 packets are coming out of ether2,4,5… anyone?
From what I can tell this will use switch layer for all untagged packets between ether2-5 and cpu AND use switch later for VLAN100 between ether3 and CPU only. So theoretically this should provide full speed switching between all of the ether2-5 ports and also utilize ether3 as a trunk port… all with the CPU also able to see untagged traffic on the ether2 interface (master) and vlan100 traffic on the “vlan-local” interface.
Am I correct?
/interface ethernet
set 0 name=ether1-gateway
set 1 name=ether2-master-local
set 2 master-port=ether2-master-local name=ether3-slave-local
set 3 master-port=ether2-master-local name=ether4-slave-local
set 4 master-port=ether2-master-local name=ether5-slave-local
/interface bridge port
add bridge=bridge-guest interface=vlan-guest
add bridge=bridge-local interface=ether2-master-local
/interface ethernet switch port
set 2 vlan-header=always-strip vlan-mode=fallback
set 3 vlan-header=leave-as-is vlan-mode=fallback
set 4 vlan-header=always-strip vlan-mode=fallback
set 5 vlan-header=always-strip vlan-mode=fallback
For anyone that is interested in this my final version is below. This is based on some feedback from the support staff. I am still waiting for one clarification from them.
/interface ethernet
set 0 name=ether1-gateway
set 1 name=ether2-master-local
set 2 master-port=ether2-master-local name=ether3-slave-local
set 3 master-port=ether2-master-local name=ether4-slave-local
set 4 master-port=ether2-master-local name=ether5-slave-local
/interface bridge port
add bridge=bridge-guest interface=vlan-guest
add bridge=bridge-local interface=ether2-master-local
/interface ethernet switch port
set 2 vlan-header=always-strip vlan-mode=secure
set 3 vlan-header=leave-as-is vlan-mode=secure
set 4 vlan-header=always-strip vlan-mode=secure
set 5 vlan-header=always-strip vlan-mode=secure
The routerboard is after a switch which tagges the packages. If I use ethernet ports, everything is working fine, but on the wlan interface I don’t know how to set it.
I am sorry of my bad english, and I hope, anybody can help me.
Post your export and what you need to go where… (e.g. what configuration are you trying to get… a list works, something like
ether1 - vlan1 tagged, vlan100 untagged
ether2 - vlan1 untagged, vlan100 tagged, etc).