Hi. I have worked with VLAN setups on Mikrotik a lot in the past, both configured in SW mode and in HW (switch) mode.
Today I tried to get a pretty simple VLAN setup to work config to work with the new 6.41 way of doing things.
It seems the VLAN part works fine, but I cannot for get the router to “talk” with the VLAN.
I followed the example #3 from guide: https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#Bridge_VLAN_Filtering
I do not have any configs to post as I had to get something to work quick and had to reconfig in a hurry without VLAN.
But what I want to achive is to route 2 different VLANS to an internet connection (WLAN).
I basically did all config from example 3, and then added dhcp servers on the VLAN interfaces, and a masquerade rule for traffic going out on WLAN1.
No FW at all except for the masquerade rule.
I could not get any connections to the mikrotiks through “untagged” ports on VLAN - so only way to still connect to it through winbox was through a port not defined with VLAN (so it defaults to VLAN1), I also did not get IP from dhcp servers.
If I disabled bridge VLAN (and moved IP adresses and dhcp server to bridge) all worked fine, but ofcourse only with one network.
How am I supposed to “connect” a VLAN to routeros if not only with a simple
/interface vlan
add interface=bridge1 name=vlan200 vlan-id=200
and
/ip address
add address=10.0.0.1/24 interface=vlan200 network=10.0.0.0
?
That’s not a good start, debugging an unknown configuration is to me an example of what impossible means
The example at wiki to which you refer contains one important point which is easy to miss. Simplifying it as much as possible, if you want vlan 5 at ether2 untagged and at ether1 tagged, you have to use, among the other settings,
However strange it may seem, it is not enough to mention the name of the bridge in the “bridge” parameter of the “add” alone but you must also mention it at the list of tagged member interfaces for that vlan group, otherwise the miracle does not happen. I’m not sure whether it is an intended behaviour but as this is what the wiki says and as it does not work without this setting, I’d assume that there is some clever idea behind it.
You can still use VLANs using the old way, without vlan-filtering, though. The vlan-filtering needs to be on to support different physical topologies of different groups of vlans, where the same MAC address may be accessible through different network paths (and, consequently, through different local interfaces) in different VLANs. So if this is not your concern, you may do well without it.
You are totally correct, I misread this and ignored to add the bridge itself to vlan. I guess the logic is that bridge and bridge vlan filtering is two different things.
“/interface bridge vlan
add bridge=bridge1 tagged=bridge1 untagged=ether6 vlan-ids=200
add bridge=bridge1 tagged=bridge1 untagged=ether7 vlan-ids=300
add bridge=bridge1 tagged=bridge1 untagged=ether8 vlan-ids=400”
When I read (and understand) this it makes totally sense.
