Hello, I’m new to MikroTik and I have a question, I’m working on Mikrotik rb3011uias and my assignment is to put 320,350,100 tagged VLANs on eth6 and 320,350 goes to eth 5 tagged and 100 untagged. I can’t figure out this untagged part, can anyone help me I spent hours reading and still can’t figure out.
Ty,
BR, Olga
Hello, I read this but these commands don’t work, don’t know why, any idea?
Which ROS Version do you have, i.e. Pre 6.41 or Post 6.41?
Hello, version: 6.38.5
You have commands there for both pre & post 6.41.
You do need to adjust the commands there to your case, not just copy paste. Did you adapted the instructions?
bridge interface VLAN 100 and eth 5
Hello, ok I tried that did something and now they say that is not done that way, I need to use bridges and VLANs, I understand VLANs good in cisco but here no luck, can someone explain me the term "untagged VLAN " how can I make VLAN 100 become an “untagged VLAN” ? Just can’t wrap my mind around that…
Untagged vlan means that frames that belongs to 100 VLAN with 802.1Q header, will be received with this 802.1Q header and after this, switch will strip this header and frame will forward in VLAN 100 in CAM table as untagged in this VLAN. If outbound port is access, there will be no 802.1Q header in frame. If port is mapped as trunk or tagged in this VLAN, frame will be with 802.1Q header with VLAN ID 100. MikroTik means that if you’ll type this:
/interface ethernet switch vlan
add ports=ether2,ether3,ether4,ether5 switch=switch1 vlan-id=200
add ports=ether2,ether3,ether4,ether5 switch=switch1 vlan-id=300
add ports=ether2,ether3,ether4,ether5 switch=switch1 vlan-id=400
you’ll assign VLAN ID in global sense on this port and traffic will be tagged with this VLANs.
And this:
/interface ethernet switch port
set ether2 vlan-mode=secure
set ether3 vlan-mode=secure default-vlan-id=200
set ether4 vlan-mode=secure default-vlan-id=300
set ether5 vlan-mode=secure default-vlan-id=400
making traffic in vlan flow without VLAN ID, means untagged, but untagged only on ether3 by VLAN 200, ether4 - 300 and ether5 - 400. set ether2 vlan-mode=secure - means trunk port. All traffic in all VLANs will be tagged with this VLANs IDs.
Hello, ty for explanation,
My assignment is :
Add VLAN_240 to eth_2 tagged
Add Vlan_320 to eth_5 tagged
Add VLAN_350 to eth_5 tagged
Add VLAN_100 to eth_5 tagged
Add VLAN_320 to eth_6 tagged
Add VLAN_350 to eth_6 tagged
Add VLAN_100 to eth_6 untagged
Here is my config
Eth_2 config:
VLAN_240 is added to port eth_2 and named it e2.240
I created a bridge called VLAN_240 and added e2.240 and added it this to bridge
Added IP address to bridge VLAN_240
Created DHCP for VLAN_240 and added to interface bridge VLAN_240
When I connect with a cable to this port I cant get an IP address, and it should be that way if its tagged right?
But when I connect this port to a switch on which I connected server which uses VLAN_240 he gets an IP address and can go out to the internet
Soi thinks this par works as it should.
And I configured nat and DNS..
Eth_5 config:
VLAN_320 added to this port and named e5.320
VLAN_350 added to this port and named e5.350
VLAN_100 added to this port and named e5.100
I created a bridge called VLAN_320 and added e5.320 and added it this to bridge
I created a bridge called VLAN_350 and added e5.350 and added it this to bridge
I created a bridge called VLAN_100 and added e5.100 and added it this to bridge
Eth_6 config:
VLAN_320 added to this port and named e6.320
VLAN_350 added to this port and named e6.350
I added e6.320 to bridge VLAN_320
I added e6.350 to bridge VLAN_350
To get untagged VLAN_100 on eth_6 i did this:
added eth_6 to bridge VLAN_100
Is this okay?
Sorry if I made it complicated and for my grammar, English is not my native.
And I’m working on a router, not a switch.
Don’t know how to test it.
В бридж добавляете только ВЛАН 100 с портом, который будет untag , Вы бы схему посмотрели У этой железки 5 и 6 порты в разных Свитч чипах находится , нет ли возможность все на одном свит чипе развернуть не гоняя трафик через CPU ?
I google translated what you have written,
Got this :
In the bridge, add only VLAN 100 with the port that will be untagged, you would look at the diagram. At this piece of hardware, the 5 and 6 ports in different Switches are located, is not it possible to deploy everything on one of the systems without running traffic through the CPU?
I did like you said, maybe wrote it wrong but, I created a bridge called VLAN_100 and added eth_6 and e5.100 to this bridge, or I need to add vlan_100 to eth_6 like I did with Vlans 320,350.
And i use Mikrotik RB3011UiAS and yes ports 5 and 6 are located on different switches
create VLAN 100 add eth5 in this inteface = tagged
create bridge
add to bridge interface VLAN 100 and eth6 = vlan 100 untagged
Ok, I think I did it, is there a way I can test it? Using only my laptop, can’t access my test server right now.
I can connect my laptop to eth_6 and it works with static IP address, I have a DHCP set up on my bridge named vlan_100, and eth_6 is part of that bridge but DHCP doesn’t offer and IP lease to my laptop when I connect to eth_6 witch is supposed to be set up as a VLAN_100 untagged. Or it should be that way?
My bad wrong pool.
I quite sure I did it right if someone else needs, excellent explanation here https://wiki.mikrotik.com/wiki/Manual:Interface/VLAN.
/interface vlan
add interface=ether5 name=vlan320-e5 vlan-id=320
add interface=ether6 name=vlan320-e6 vlan-id=320
add interface=ether5 name=vlan350-e5 vlan-id=350
add interface=ether6 name=vlan350-e6 vlan-id=350
add interface=ether5 name=vlan100-e5 vlan-id=100
/interface bridge
add name=vlan320-e5-e6
add name=vlan350-e5-e6
add name=vlan100-e5-e6
/interface bridge port
add bridge=vlan320-e5-e6 interface=vlan320-e5
add bridge=vlan320-e5-e6 interface=vlan320-e6
add bridge=vlan100-e5-e6 interface=vlan100-e5
add bridge=vlan350-e5-e6 interface=vlan350-e5
add bridge=vlan350-e5-e6 interface=vlan350-e6
add bridge=vlan100-e5-e6 interface=ether6
tested on real equipment
If your laptop use NIC realtek. Download Realtek Ethernet Diagnostic Utilities and configure on NIC Vlan.
Thanks a lot 
, our configs match now I’m sure i configured it right, that part bugged me to how to set up VLAN on my nic.
Can you tell me some example’s when do we use untagged vlan’s? Or is there a lab example i can recreate?, i have some real equipment 3x mikrotiks, some cisco if needed, server and 2x laptops i can get more.