I am beginner and I am trying to create a simple network. Two switches trunked together. Each with a few access ports connected to PCs.
RouterOS 7.16
/interface bridge
add name=SW1 vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] disable-running-check=no
set [ find default-name=ether2 ] disable-running-check=no
set [ find default-name=ether3 ] disable-running-check=no
set [ find default-name=ether4 ] disable-running-check=no
set [ find default-name=ether5 ] disable-running-check=no
set [ find default-name=ether6 ] disable-running-check=no
set [ find default-name=ether7 ] disable-running-check=no
set [ find default-name=ether8 ] disable-running-check=no
/interface vlan
add interface=SW1 name=Data vlan-id=20
add interface=SW1 name=Management vlan-id=40
add interface=SW1 name=PCI vlan-id=10
add interface=SW1 name=Voice vlan-id=30
/port
set 0 name=serial0
/interface bridge port
add bridge=SW1 interface=ether1 pvid=10
add bridge=SW1 interface=ether2 pvid=20
add bridge=SW1 interface=ether3 pvid=20
add bridge=SW1 frame-types=admit-only-vlan-tagged interface=ether8
/interface bridge vlan
add bridge=SW1 tagged=ether8 vlan-ids=10
add bridge=SW1 tagged=ether8 vlan-ids=20
/ip dhcp-client
# DHCP client can not run on slave or passthrough interface!
add interface=ether1
/system identity
set name=SW1
/system note
set show-at-login=no
and
/interface bridge
add name=SW2 vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] disable-running-check=no
set [ find default-name=ether2 ] disable-running-check=no
set [ find default-name=ether3 ] disable-running-check=no
set [ find default-name=ether4 ] disable-running-check=no
set [ find default-name=ether5 ] disable-running-check=no
set [ find default-name=ether6 ] disable-running-check=no
set [ find default-name=ether7 ] disable-running-check=no
set [ find default-name=ether8 ] disable-running-check=no
/interface vlan
add interface=SW2 name=Data vlan-id=20
add interface=SW2 name=Management vlan-id=40
add interface=SW2 name=PCI vlan-id=10
add interface=SW2 name=Voice vlan-id=30
/port
set 0 name=serial0
/interface bridge port
add bridge=SW2 interface=ether1 pvid=10
add bridge=SW2 interface=ether2 pvid=10
add bridge=SW2 interface=ether3 pvid=20
add bridge=SW2 frame-types=admit-only-vlan-tagged interface=ether8
/interface bridge vlan
add bridge=SW2 tagged=ether8 vlan-ids=10
add bridge=SW2 tagged=ether8 vlan-ids=20
/ip dhcp-client
# DHCP client can not run on slave or passthrough interface!
add interface=ether1
/system identity
set name=SW2
/system note
set show-at-login=no
mkx
November 20, 2024, 7:38am
2
On both switches: if you’re using VLAN Interface, anchored off bridge, then bridge CPU-facing port has to be tagged member of corresponging VLAN:
/interface bridge vlan
add bridge=SW1 tagged=SW1,ether8 vlan-ids=40
/ip dhcp-client
add interface=Management
tdw
November 20, 2024, 12:16pm
3
Also, you only need create /interface vlan entries for VLANs accessing IP services on the Mikrotik itself, for VLANs which are just passing between switch ports they are unnecessary.
I wondered about this when I was setting it up looking at the documentation. I recently received my CCNA so I was just “initializing” the vlans before I applied them. It does provide some kind of notes for the purpose of the vlan I guess even if they’re not necessary.
On both switches: if you’re using VLAN Interface, anchored off bridge, then bridge CPU-facing port has to be tagged member of corresponging VLAN:
/interface bridge vlan
add bridge=SW1 tagged=SW1,ether8 vlan-ids=40
/ip dhcp-client
add interface=Management
Thanks a ton!
Here are my configs now and I’m able to ping from PC1 to PC4 over the trunk link now.
/interface bridge
add name=SW1 vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] disable-running-check=no
set [ find default-name=ether2 ] disable-running-check=no
set [ find default-name=ether3 ] disable-running-check=no
set [ find default-name=ether4 ] disable-running-check=no
set [ find default-name=ether5 ] disable-running-check=no
set [ find default-name=ether6 ] disable-running-check=no
set [ find default-name=ether7 ] disable-running-check=no
set [ find default-name=ether8 ] disable-running-check=no
/interface vlan
add interface=SW1 name=Data vlan-id=20
add interface=SW1 name=Management vlan-id=40
add interface=SW1 name=PCI vlan-id=10
add interface=SW1 name=Voice vlan-id=30
/port
set 0 name=serial0
/interface bridge port
add bridge=SW1 interface=ether1 pvid=10
add bridge=SW1 interface=ether2 pvid=20
add bridge=SW1 interface=ether3 pvid=20
add bridge=SW1 frame-types=admit-only-vlan-tagged interface=ether8
/interface bridge vlan
add bridge=SW1 tagged=SW1,ether8 vlan-ids=20
add bridge=SW1 tagged=SW1,ether8 vlan-ids=10
/ip dhcp-client
# DHCP client can not run on slave or passthrough interface!
add interface=ether1
/system note
set show-at-login=no
and
/interface bridge
add name=SW2 vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] disable-running-check=no
set [ find default-name=ether2 ] disable-running-check=no
set [ find default-name=ether3 ] disable-running-check=no
set [ find default-name=ether4 ] disable-running-check=no
set [ find default-name=ether5 ] disable-running-check=no
set [ find default-name=ether6 ] disable-running-check=no
set [ find default-name=ether7 ] disable-running-check=no
set [ find default-name=ether8 ] disable-running-check=no
/interface vlan
add interface=SW2 name=Data vlan-id=20
add interface=SW2 name=Management vlan-id=40
add interface=SW2 name=PCI vlan-id=10
add interface=SW2 name=Voice vlan-id=30
/port
set 0 name=serial0
/interface bridge port
add bridge=SW2 interface=ether1 pvid=10
add bridge=SW2 interface=ether2 pvid=10
add bridge=SW2 interface=ether3 pvid=20
add bridge=SW2 frame-types=admit-only-vlan-tagged interface=ether8
/interface bridge vlan
add bridge=SW2 tagged=SW2,ether8 vlan-ids=10
add bridge=SW2 tagged=SW2,ether8 vlan-ids=20
/ip dhcp-client
# DHCP client can not run on slave or passthrough interface!
add interface=ether1
/system note
set show-at-login=no
wrkq
November 22, 2024, 6:03pm
6
Cisco layer 2 vlan setup
conf term
vlan 123
name example
is Mikrotik
/interface/bridge/vlan
add bridge=my-bridge-here vlan-ids=123 comment="example"
It’s just that this same config line also does the vlan-to-port assignments in its tagged= and untagged= sections.
Mikrotik /interface/vlan section is about layer 3.
/interface/vlan
add interface=my-bridge-here name=vlan-example vlan-id=123
/ip address
add interface=vlan-example address=10.10.10.1/24
is like
conf term
interface vlan123
ip address 10.10.10.1 255.255.255.0
sitting “on top” of the switching/bridging functionality.
while Mikrotik
/interface/vlan
add interface=ether6 name=vlan-example vlan-id=123
/ip address
add interface=vlan-example address=10.10.10.1/24
would be like
conf term
interface Gi1/0/6
no switchport
interface Gi1/0/6.123
ip address 10.10.10.1 255.255.255.0
“No switchport” alone itself is basically “do not add this port to any bridge”, L3-routed processing is the default.
Hope this helps…?
