Hello,
I have RB2011UiAS with FW7.6
I simply want to split a port that receives multiple VLANs (tagged) to other ports (untagged). Preferably not through the CPU, but simply through the switch chip. No firewall…
( port1:vl4, vl6, vl10, v12 → port2:vl4, port3:vl6, port4:vl10 and port5:vl12 )
Or need I also add some bridges (I think that are CPU that’s will used CPU power)
Thanks
Steven
So it works using bridge and vlans for you, but its too slow?
Almost like you want, you need to move the trunk to ether1 and add ether2 as an access port. And adjust the vlans to the vlans you want. You should be able to figure it out from that example.
VLAN Example 1 (Trunk and Access Ports)
To split a port that receives multiple tagged VLANs to other ports as untagged VLANs on the RB2011UiAS router with Firmware 7.6, you can achieve this by configuring VLAN interfaces and bridge settings.
Yes that’s, thanks (both). It seems to work… a bit 
I have multiply camera, three are connected through a RB2011 (see config) and the rest directly to the RB5009. Only the video of the part that connected to the RB2011 freeze some times (every 5 a 10 seconds)
The CPU on the RB2011 if not loaded very much (this time), so that would not the bottleneck (this time) the config of the RB2011 (fw 6.49.7).
( O sorry I have two RB2011, FW 6.49.7 and FW7.6)
/interface bridge
# add arp=local-proxy-arp fast-forward=no name=the_bridge_01
add arp=local-proxy-arp fast-forward=no name=the_bridge_02
/interface ethernet switch port
# set 1 vlan-header=add-if-missing vlan-mode=secure
# set 2 default-vlan-id=4 vlan-header=always-strip vlan-mode=secure
# set 4 default-vlan-id=17 vlan-header=always-strip vlan-mode=secure
# set 5 default-vlan-id=12 vlan-header=always-strip vlan-mode=secure
set 6 vlan-header=add-if-missing vlan-mode=secure
set 7 default-vlan-id=200 vlan-header=always-strip vlan-mode=secure
set 8 default-vlan-id=100vlan-header=always-strip vlan-mode=secure
set 9 default-vlan-id=100 vlan-header=always-strip vlan-mode=secure
set 10 default-vlan-id=100vlan-header=always-strip vlan-mode=secure
/interface bridge port
# add bridge=the_bridge_01 ingress-filtering=yes interface=ether1
# add bridge=the_bridge_01 ingress-filtering=yes interface=ether2
# add bridge=the_bridge_01 ingress-filtering=yes interface=ether3
# add bridge=the_bridge_01 ingress-filtering=yes interface=ether4
# add bridge=the_bridge_01 ingress-filtering=yes interface=ether5
add bridge=the_bridge_02 ingress-filtering=yes interface=ether6
add bridge=the_bridge_02 ingress-filtering=yes interface=ether7
add bridge=the_bridge_02 ingress-filtering=yes interface=ether8
add bridge=the_bridge_02 ingress-filtering=yes interface=ether9
add bridge=the_bridge_02 ingress-filtering=yes interface=ether10
/ip settings
set max-neighbor-entries=4096
/interface ethernet switch vlan
# add independent-learning=no ports=ether1,ether5 switch=switch1 vlan-id=12
# add independent-learning=no ports=ether1,ether2 switch=switch1 vlan-id=4
# add independent-learning=no ports=ether1,ether4 switch=switch1 vlan-id=17
add ports=ether6,ether7 switch=switch2 vlan-id=200
add ports=ether6,ether10,ether9,ether8 switch=switch2 vlan-id=100
Here’s the “universal” way, but won’t be done in the switch chip on the RB2011
VLAN Example - Trunk and Access Ports
How is the RB5009 connected to the RB2011? Is it connected to the same switch as the cameras?
You wrote “I have multiply camera, three are connected through a RB2011 (see config) and the rest directly to the RB5009.” but it isn’t obvious to me what ports the camera or the RB5009 are connected through.
And the config seems to have nothing in common with your original post “( port1:vl4, vl6, vl10, v12 → port2:vl4, port3:vl6, port4:vl10 and port5:vl12 )”
If you want help, try to make it easier to help you. Providing a diagram and complete (sanitized) configs of the RB2011 and the RB5009 would be a good start.
I had already put everything in a textual scheme for myself, but here as a picture.
Before I used the RB5009, the cameras were also connected to the RB2011(no interruptions). The RB2011 had the role of the RB5009.
Only the image(stream) from cameras 2,3 and 4 falter with this setting. The bandwidth on the RB2011 is sufficient when I run a speed test via VL200 I see there’s enough left.
Update.
I have replaced the RB2011 with a TL-SG105E and the stream is smooth
I can’t imagine the RB2011 couldn’t handle this data-streams and the SG105E could. (there for in the old setup the RB2011 works fine) I want to use the RB2011 as a simple managed switch, so I don’t have to throw them away.
update2
this is 10x better than with the CPU/Switch/VLAN setup, but why?
/interface bridge
add fast-forward=no name=bridge_vlan200
add name=bridge_vlan100
/interface vlan
add interface=ether6 name=vlan200 vlan-id=200
add interface=ether6 name=vlan100 vlan-id=100 interface bridge port
add bridge=bridge_vlan100 interface=ether9
add bridge=bridge_vlan100 interface=ether8
add bridge=bridge_vlan100 interface=vlan100
add bridge=bridge_vlan100 interface=ether10
add bridge=bridge_vlan200 interface=ether7
add bridge=bridge_vlan200 interface=vlan200
But not the best. With some other (test) data streams through VLAN200, the three camera streams are buggy ( does not continue ) again.
(interface list) VLAN overview:
vlan100 TX between 7 and 10 Mbps, RX max 1Mbps
vlan200 TX max 5Mbps, RX max 95Mbps
Max total 111Mbps, is that maybe the limit for the RB2011 (on the 100Mb ports)?
Why are you using the 100Mbps ports on the RB2011 instead of the 1Gbps ether1-ether5 as you stated in the original post?
How are you testing?
The diagram helps us understand what your layout is, but tells us nothing about your test points, or how the RB5009 is configured. But since you said that an SG105E “smart” switch worked well, the RB5009 is probably configured in a way that works with it.
The only MikroTik routers I own both have a single switch chip (RB760iGS (hEX S), and the RB5009), so any info I give you about the RB2011 is not first hand, it is only from reading. But my understanding is that you should not use more bridges than switches if you want hardware switching to occur. And all ports connected to a vlan must be on the same switch (in other words their must be a direct path between the all ports in a vlan on the same switch in the router, i.e. “through the CPU” will kill the ability to handle in the switch ASIC). By introducing a second bridge on the same switch ASIC you are forcing the CPU to be involved. For routed traffic, that makes little difference, because the CPU will already be involved, but for switched layers 2 traffic, the traffic never needs to go through the CPU, and forcing it through the CPU will slow things down.
I know what I would do in your situation. I would buy another switch (but probably an 8 port, since they are only a few dollars more). And I would use the RB2011 as a lab router/backup router. Or sell it. But you should be able to get it to work as two independent switches, one 5 port GB switch and one 5 port 100Mbs switch, and they should perform ok.
RB2011 series Atheros8327 (ether1-ether5+sfp1); Atheros8227 (ether6-ether10) from Switch Chip Features - Introduction
The Atheros switch ASICS have some quirks and at least some of the 100Mb ASICs have problems with hybrid trunks (where one vlan is untagged on the “trunk” link and also on another access port). And there is this warning in the Host Table section.
Also read the CPU Flow Control section. If you used the 1Gb switch (ether1-ether5) the need for any pause frames would be reduced. But I would really only expect those to show up when downloading a file from the NAS to the PC connected to the RB2011.