Hello,
I need a little help with mikrotik configuration.
I have a situation:
I need to make a vlan on interface 8. Vlan must work as a slave of physical master port 1, that means vlan must be a part of “subnet 1”. Vlan have id tag 2 (for example).
Any ideas how to make it? Thanks.
Yes just create your vlan and then on the interface drop down of the vlan assign it to port 1 of the router.
Nonono…I think what kmish is saying is that he needs the tagged VLAN on port 8 to be on the same L2 broadcast domain as what is already on port 1.
To do this, you create the VLAN on port 8, then create a bridge, and put port 1 and the VLAN interface (but not port 8 itself) into the bridge.
Make sure that after you do this, you change the interface for any IP addresses on port 1 (e.g., gateway for subnet 1) to be on the bridge interface instead.
– Nathan
Ahhhh gotcha, yeah I read that wrong…
thank you guys! that's exactly what I need!
here is full solution, if anybody need it too:
[admin@MikroTik] /interface bridge> add
[admin@MikroTik] /interface bridge> print
Flags: X - disabled, R - running
0 R name="bridge1" mtu=1500 l2mtu=65535 arp=enabled
mac-address=00:00:00:00:00:00 protocol-mode=none priority=0x8000
auto-mac=yes admin-mac=00:00:00:00:00:00 max-message-age=20s
forward-delay=15s transmit-hold-count=6 ageing-time=5m
[admin@MikroTik] /interface bridge port> add bridge=bridge1 interface=ether1
[admin@MikroTik] /interface bridge port> add bridge=bridge1 interface=vlan-ether
[admin@MikroTik] /interface bridge port> print
Flags: X - disabled, I - inactive, D - dynamic
0 ether1 bridge1 0x80 10 none
1 vlan-ether bridge1 0x80 10 none
Do you have a device with a Switchchip? For those I have a different approach to archive that. What i usually do:
After doing that i can handle vlan as i used to from switches.
I can add a vlan and assign port as members to it. If i want to have the Router to be a member of a vlan itself i need to add the cpu port as a vlan member and create a vlan interface over the master port.
Example config from a RB2011, note i renamed the gigabit ports to g1 to g5 and the sftp port is my master port
sfp(0) and Port 1 are trunks. 2-5 are untagged members of VLAN 2304
/interface ethernet switch port
set 0 vlan-header=add-if-missing vlan-mode=secure
set 1 vlan-header=add-if-missing vlan-mode=secure
set 2 default-vlan-id=2304 vlan-mode=secure
set 3 default-vlan-id=2304 vlan-mode=secure
set 4 default-vlan-id=2304 vlan-mode=secure
set 5 default-vlan-id=2304 vlan-mode=secure
/interface ethernet switch vlan
add independent-learning=yes ports=sfp1,g1,switch1-cpu switch=switch1 vlan-id=2004
add independent-learning=yes ports=g2,g3,g4,g5,switch1-cpu switch=switch1 vlan-id=2304
add independent-learning=yes ports=sfp1,g1,switch1-cpu switch=switch1 vlan-id=2104
add independent-learning=yes ports=sfp1,g1,switch1-cpu switch=switch1 vlan-id=2504
/interface vlan
add interface=sfp1 l2mtu=1594 name=sw1v2004 vlan-id=2004
add interface=sfp1 l2mtu=1594 name=sw1v2104 vlan-id=2104
add interface=sfp1 l2mtu=1594 name=sw1v2304 vlan-id=2304
add interface=sfp1 l2mtu=1594 name=sw1v2504 vlan-id=2504
try to attach the VLAN using the switch chip if your routerboard uses it. Bridging uses CPU.
unfortunately, I need 2 masterports, because I use mikrotik as a router for 2 networks,
therefore switchchip cant help here.
bridge is the only method, and it takes 100% cpu with speed about 250-300mbit/s (Routerboard 1100),
that is not good.
will try to find another way with configuring vlan on another switch before it comes to mikrotik.
thanks all for help 
Without a switch build into the device i would also suggest to add a seperate switch. Personally i avoid bridges as much as possible. Only use : as a loopback and as a connection of a radio with wired network.