I’ve got the following setup:
A MikroTik router, connected to other two switches on ports ether4 and ether5.
I would like to configure Vlans so both ports ether4 and ether5 has carry traffic for all the different vlans in the LAN segment.
The Vlan configuration will overlap on both ports, i.e. I’ll would like to associate the same vlans on both ether4 and ether5
I realized that I cannot associate a VLAN interface to more than one physical interface. So in order to achieve 2. I’ll have to configure bridge interface for each vlan and than associate both ports (ether4 and ether5) for all bridge interfaces associated with any vlan.
This is how I should be able to use a VLAN tag on both interfaces, thorough its respective bridge. But than… what about the isolation? If I have multiple bridges associated with ports ether4 and ether5, will I have an isolation between the VLANs?
Or to put it differently, when I have a bridge interface associated with a VLAN, when the traffic is moved from one physical interface to another, does the Ethernet frame keep its tag?
But than… If I need more Vlans over both ports? Because they’re supposed to be trunk ports.
So if I put them in a bridge with a vlan, can I also put them on another bridge with another vlan etc. And will this isolate the traffic between the vlans?
You can add as many VLANs as you like to the bridge and they will appear on both ports. You can add other ether ports to the bridge and they will become trunk ports with the same VLANs. If you want the VLANs isolated at layer 3 you need to use forwarding filters in IP Firewall.
If you have a particular requirement in mind describe that in more detail.