Hi,
I have an RB-951G 2HnD.
Ether1 = WAN
Ether2-4 = LAN
Ether 5 I add some VLANS
On WLAN1 I add 3 Virtual AP’s
VAP1 on VLAN 10
VAP2 on VLAN 20
VAP3 on VLAN 30
Ether5 is connected to an other Mikrotik with vlans
What is best option?
1 Make a bridge and add ether 2-4 to this bridge
2 make ether2 master port and add ether 3 and 4 to this master port
What is giving me most speed on the thes ether ports?
Using the switch chip master/slave arrangement is faster as it is implemented in the chip itself.
Ok thanks,
And to do this right I have allso to create a bridge and add ether2 and VAP-lan to the bridge? (VAP-lan is een Virtual AP that must allso connected to the ether2-4 ports)
It isn’t clear to me if you want to have the VAPs on VLANs on Ethernet 2 or 5 but wherever they exist you would bridge the VAP WLAN interface to the corresponding VLAN interface. If Ether 3 & 4 are slaved to Ether 2 any actions for Ether 2-4 are carried out on Ether 2.
I still do not completly understand
It works if I add ether3-4 to master port ether2
On ether 5 I configured vlans (becaust ether5 is allso connected to an other mikrotik and so I trunk the vlans.
But must I add ether5 allso to master port ether2 as well? or not?
If you want Ether 5 to be separate then leave it without a master and add the VLANs to it. Which way is “correct” depends on your overall goals.
Thanks for your reply.
Is it an option to put my config here? so you can see it?
I have my config in a text file with all commandline.
Hi,
This here below is my configuration
On ether5 is a second mikrotik RB 951G 2HnD connected and there are vlans on it
/systen identity set name=SW01
/interface ethernet set 0 name=ether1-public
/interface ethernet set 1 name=ether2-local
/interface ethernet set 2 name=ether3-local
/interface ethernet set 3 name=ether4-local
/interface ethernet set 4 name=ether5-local
/interface bridge add name=BR-LAN
/interface bridge add name=BR-MOBILE
/interface bridge add name=BR-GAST
/interface vlan add name=VLAN-MOBILE vlan-id=10 interface=ether5-local disabled=no
/interface vlan add name=VLAN-GAST vlan-id=20 interface=ether5-local disabled=no
/interface wireless security-profile add name=TNW.LOCAL authentication-type=wpa2-psk unicast-ciphers=aes-ccm group-ciphers=aes-ccm wpa2-pre-shared-key=“Encryption-key” mode=dynamic-keys
/interface wireless security-profile add name=GAST authentication-type=wpa2-psk unicast-ciphers=aes-ccm group-ciphers=aes-ccm wpa2-pre-shared-key=“Encryption-key” mode=dynamic-keys
/interface wireless security-profile add name=MOBILE authentication-type=wpa2-psk unicast-ciphers=aes-ccm group-ciphers=aes-ccm wpa2-pre-shared-key=“Encryption-key” mode=dynamic-keys
/interface wireless add master-interface=wlan1 ssid=TNW.LOCAL security-profile=TNW.LOCAL name=VAP-LAN wmm-support=enabled disabled=no
/interface wireless add master-interface=wlan1 ssid=GAST security-profile=GAST name=VAP-GAST wmm-support=enabled disabled=no
/interface wireless add master-interface=wlan1 ssid=MOBIL security-profile=MOBILE name=VAP-MOBILE wmm-support=enabled disabled=no
/interface bridge port add interface=ether2-local bridge=BR-LAN disabled=no
/interface bridge port add interface=VAP-LAN bridge=BR-LAN disabled=no
/interface bridge port add interface=VAP-GAST bridge=BR-GAST disabled=no
/interface bridge port add interface=VLAN-GAST bridge=BR-GAST disabled=no
/interface bridge port add interface=VAP-MOBILE bridge=BR-MOBILE disabled=no
/interface bridge port add interface=VLAN-MOBILE bridge=BR-MOBILE disabled=no
/interface ethernet set ether3-local master-port=ether2-local
/interface ethernet set ether4-local master-port=ether2-local
/interface ethernet set ether5-local master-port=ether2-local
/ip address add address=192.168.1.1/24 disabled=no interface=ether1-public
/ip address add address=192.9.201.245/24 disabled=no interface=BR-LAN
/ip address add address=192.9.210.1/24 disabled=no interface=BR-GAST
/ip address add address=192.9.220.1/24 disabled=no interface=BR-MOBILE
/ip route add dst-address=0.0.0.0/0 gateway=192.168.1.254 scope=30 target-scope=10 disabled=no distance=1
/ip firewall nat add action=masquerade chain=srcnat disabled=no out-interface=ether1-public
/ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB max-udp-packet-size=64 server=192.9.201.5
/interface wireless enable wlan1
/interface wireless set wlan1 hide-ssid=yes
/interface wireless set mode=ap-bridge wlan1 band=2ghz-b/g/n ht-txchains=0,1 ht-rxchains=0,1 wmm-support=enabled
/interface wireless set wlan1 channel-width=20/40mhz-ht-above
/interface wireless set wlan1 wireless-protocol=any
/system ntp client set primary-ntp=192.9.201.5 mode=unicast enabled=yes
#/ip pool add name=“DHCP-MOBILE” ranges=192.9.202.2-192.9.220.253
/ip dhcp-server add name=“DHCP-MOBILE” interface=BR-MOBILE lease-time=1h address-pool=static-only authoritative=after-2sec-delay bootp-support=none disabled=no
/ip dhcp-server network add address=192.9.220.0/24 gateway=192.9.220.1
/ip dhcp-server lease add address=192.9.220.2 mac-address=00:00:00:00:00:01 server=DHCP-MOBILE
/ip pool add name=“DHCP-POOL-GAST” ranges=192.9.210.2-192.9.210.253
/ip dhcp-server add name=“DHCP-GAST” interface=BR-GAST lease-time=1h address-pool=“DHCP-POOL-GAST” authoritative=after-2sec-delay bootp-support=static disabled=no
/ip dhcp-server network add address=192.9.210.0/24 gateway=192.9.210.1
#############################################################################################################################
/ip hotspot profile add name=“GAST-PROFILE” hotspot-address=192.9.210.1 dns-name=“” html-directory=hotspot http-proxy=0.0.0.0:0 login-by=http-chap,cookie use-radius=yes radius-accounting=yes
\
/ip hotspot add name=“HOTSPOT-GAST” interface=BR-GAST address-pool=“DHCP-POOL-GAST” profile=“GAST-PROFILE” disabled=no
/radius add service=hotspot address=127.0.0.1 secret=123456
/ip hotspot user add name=admin password=pwd
/tool graphing interface add interface=BR-LAN
/tool graphing interface add interface=BR-GAST
/tool graphing interface add interface=BR-MOBILE
/user set admin password=pwd
/interface ethernet set ether1 speed=1Gbps
/interface ethernet set ether2 speed=1Gbps
/interface ethernet set ether3 speed=1Gbps
/interface ethernet set ether4 speed=1Gbps
/interface ethernet set ether5 speed=1Gbps
I see the config but I’m not sure what the remaining questions are. Can you describe goal/remaining question?
It is about interface ether5-local.
Is this correct to add to the Master Port Ether2-local?
Or not because it contains VLANS and is connected to an onterh Mikrotik
If you slaved Ether 5 to Ether 2 then none of the settings for Ether 5 will apply anymore - it will behave as a slave of Ether 2. If you want the VLANs yo be available on Ethers 2 - 5 then slave 3-5 to 2 and place the VLANs on 2. It just depends what you are trying to achieve.
Ok, I only want the VLANS available on Ether5 and on the Bridges BR-GAST and BR-MOBILE
So if master/slave ports is better for performance, what is recommended setup for RB493G ? It has 2 switch CPUs. Should I slave ports 2-4 to 1 and 5-8 to 4 ?
And then bridge 1, 4 and wireless ? At the moment I have bridged every single port.
ddff
The 493G has two distinct switch chips so ports can only be enslaved to a master in the same switch group.
There is a small mistake - ports 5-9 should have master port 5 and then 1 & 5 & wireless (really? RB493G doesn’t have any) may be bridged together. It will be the best solution if you need 9-port switch.
Heavy data transfers inside each port group (1-4 / 5-9) won’t cause any CPU load, but transfers between some port of the first group and some port of the second one will use CPU. That’s why this solution is good only if it is necessary to have more than 5 ports - then it is good to think where to connect what device. For example - if you plan to do big transfers between PCs and NAS, connect them all to one switch group. Devices with low data transfers (such as printers) may use the second group.
I prefer using each group as a separate network - 1-4 as WAN switch, 5-9 as LAN switch, without any bridge. But it depends on what you need, of course 
Thanks for the answer!
In my setup port9 is used for WAN. So I slave to 1 and 5 respectively. I have modification with wireless module, so that also is in the bridge. As you’ve already mentioned I have NAS and 8 workstations, so there is some traffic, that has to go over the bridge. Would it be more effective to use external Gbit switch instead?
ddff
Yes, it would be, but it depends on what are you using the router for. According information on http://routerboard.com/RB493G RB493G should handle bridging at 1 Gbps. But it will use CPU and other performance may be limited at the same time. If you will do multiple transfers between both sides of bridge at once, it may limit transfers between WAN and LAN interface.
I don’t know how many firewall rules are you using for routing between WAN and LAN and if you are using NAT as well. I’ve measured the transfer limit - cca 350 Mbps with NAT and some firewall rules on RB493G. If you use WAN for internet connection and it’s speed is not more than 100 Mbps, you don’t have to care much about the performance. But if you would like to have a peace in mind, external gigabit switch shall be better