Can someone please confirm this is a right way to let tagged vlan50 incoming on WAN port ether1 to be routed to ether5 as untagged? (hap lite ac on default config)
The set-up works, I’m just not sure if it’s a correct way
/interface vlan add interface=bridge name=br-vlan50 vlan-id=50
/interface vlan add interface=ether1 name=eth1-vlan50 vlan-id=50
/interface bridge port set bridge=bridge pvid=50 [find interface="ether5"]
/interface bridge port add bridge=bridge interface=eth1-vlan50 pvid=50
/interface bridge vlan add bridge=bridge untagged=ether5,eth1-vlan50 vlan-ids=11,50
/interface bridge set bridge vlan-filtering=yes
If not how can I set it? (since ether1 is not a part of bridge)
hAP lite ac has the Atheros8227 switch chip attached to the 5 ethernet port. To have hardware offload (wire speed switching) with VLAN support you should not use Bridge VLAN Filtering. And you should not create two bridges like @ConnyMercier suggested neither. Instead configure the VLAN using the /interface/ethernet/switch menu. You’ll still create only one bridge, but do not turn on bridge vlan-filtering=yes. See the example here:
There is nothing that prevents you from adding ether1 to the bridge, even if it’s the WAN port. The Atheros8227 switch chip manages all 5 ethernet ports (unlike for instance the hEX refresh where ether1 is not part of the switch chip but connected to the CPU), with hardware VLAN support. You simply need to create a dummy VLAN, let’s say VLAN 1000 and make ether1 a hybrid port, untagged for VLAN ID 1000 and tagged for VLAN ID 50. Your WAN interface is then the VLAN1000 interface, instead of ether1.
In fact, I am running such configuration on my RB5009. That is also a router with a switch chip connecting all ethernet and SFP+ ports. My internet comes untagged on the SPF+ port. Instead of dialing PPPoE on the standalone sfp-sfpplus1 interface, I added that port to the main bridge (together with all the other ports), configure VLAN 1000, untagged on sfp-sfpplus1, then dial my PPPoE connection on the vlan1000 interface. It works perfectly because VLAN is handled in hardware by the switch chip.
