This is a quite long post, as I found the subject is a bit complex at least on RouterOS.
After some time working with RBs and found it very good device with many and powerful features and easy to manage… until I need to deploy VLANs on it.
I thought that theorically it was going to be easy, as on many devices should require only to define VLANs and then set which ports belong to each VLAN and to tag or not the packets. Far from this
After trying simply to mark the ports and VLANs on the /interface ethernet switch section and found didn’t work, I read the wiki, documentation and many posts in both official and non-official forums with different solutions, scenarios proposals and methods. Finnally I reached a almost success configuraion which I describe below:
- RB750G with wifi
- ether1 and ether2 form a LACP port named ‘Trunk’ (Bonding) which is connected to a switch and will trunk ALL the VLANs. So I configured both ether1 and ether2 on all VLANs vlan-mode=default vlan-header=leave-as-is
- ether3 is currently connected to production network which I will designate as VLAN567, I set it on the VLAN and configured as ‘always-strip’ with PVID 567
- ether4 belongs to another network and so VLAN109 I set it on the VLAN and configured as ‘always-strip’ with PVID 109
- ether5 is connected to WAN and for my purpose doesn’t matter on this issue.
- I configured all the vlan interfaces for each vlan (named vlanXXX) over the ‘Trunk’ interfaces
In order to allow the traffic pass on each VLANs wether from which port enters the RB, I needed to setup a bridge for each vlan and put all the interfaces belonging to that VLAN to that bridge (so vlan interface, and ether port). I call this the BRIDGE PER VLAN approach.
This solution though doesn’t like me very much: What if I need to put 50 VLANs? 50 Brdiges? bridging costs performance.
So, as some one suggested, I went for the ONE BRIDGE approach: I simply put all the interfaces (ethers and vlans interfaces on the same bridge), so I supose that this solutions works as switch switching all the interfaces. The problem of this approach is with the DHCP servers, as the RB has one DHCP server for each VLAN, I couldn’t set the DHCP server over the vlan interface, and cannot put on the bridge because the RB will not know to which DHCP server ask from the originanting VLAN. On the BRIDGE PER VLAN approach this is simply solved selecting the needed bridge interface for each DHCP Server.
Althoguh below I ask for some other questions/recommendations and doubts that I have, my main question is:
¿How to have multiple VLANs in same bridge with a DHCP server for each VLAN?
QUESTIONS (basically best practice recommedatons)
- In which Physical interface is recommeded to put the VLANs on top? Trunk? Bridge? Physical Ethernet port?
- Where, really, is defined when to tag? Someone suggested tagging only occurs traffic outgoing from a vlan interface, but this doesn’t make sense if the traffic doesn’t come from the RB itself.
- How to ‘link’ a vlan interface on a Trunk with a physcial Ethernet port on that VLAN?
- One bridge for each VLAN?
- A unique bridge for all VLANs? (so behaves like a normal switch making VLAN trunking?)
- Where to put the IP addresses of the RB?
- On the VLAN interface?
- On the bridge (only if there is one bridge per VLAN)
- On any interface (physical/bridge or VLAN) where the VLAN is?
- What about DHCP?
- I’ve seen that if I put the VLANs on a bridge I must use the bridge as DHCP interface, this is OK for the Bridge per VLAN approach, but if I put all the VLANs in the same bridge I cannot assign the same bridge as DHCP interface for different DHCP servers each one on each IP-range/LAN segment.