I am working with Cisco, worked with HP, so have a good knowlede on how VLAN works.
But on Mikrotik, I do not get the hang of it, so I ask for help.
Hardware.
RB 941-2nD
or
RB 750G v3
Software.
6.41RC (latest)
Here is the setting I would like to implement.
Vlan RB.jpg eth1 ouside, nat, dhcp eth2 vlan1 untagged eth3 vlan2 untagged eth4 vlan1 untagged, vlan2 tagged
vlan1 192.168.1.0/24 vlan2 192.168.2.0/24
Optional
Wifi SSID:home net Vlan1
Wifi SSID:guest net Vlan2
If someone would be kind post the minimum setup to get this to work, I would be happy.
Is this so complicated that no one does not know how to do it.
In Cisco this is simple.
My post is a basic layout, so it would also help other to get a solution for this.
I have two network, net1 and net2. net1 is vlan1 and net2 is vlan2
They have both DHCP, Nat etc.
Connecting a PC to port 2 gives net1 and port3 gives net2
So now I only miss the tagged part of vlan2 to go out eth4
Here is how I did it.
In menu Bridge->Bridge:
Rename original bridge to bridge1
bridge1 has pvid 1
bridge2 created equal to bridge1, except pvid is set to 2
In menu Bridge->Ports
ether2 → bridge1
ether3 → bridge2
ether4 → bridge1
wifi1 → bridge1
In menu Interfaces → VLAN
vlan2-> VLAN ID:2 → Interface:bridge2
In menu IP->Pools
pool_vlan1 192.168.1.10-255
pool_vlan2 192.168.2.10-255
In menu IP->Addresses
bridge1 → 192.168.1.1/24
bridge1 → 192.168.2.1/24
In menu DHCP Server DHCP
net1 → bridge1 →
What I still miss:
How to add vlan2 tagged to eth4?
How to add a second Wifi to Vlan2?
If I go to wireless menu and click add, I get three options Virtual, WDS, Nstreme Dual.
Noen of them give me a new Wireless
I don’t want to interrupt but if we talking about the new RCs, why not use the shiny new vlan aware bridges? I find that more understandable if one used anything switchlike, and if it’s on a hardware with good switch chip we can enjoy the hw offload
-you can create one bridge let’s say br1 with vlan-filtering=yes
-you add the ports to br1 with /interface bridge port add and set PVID=untagged_vlan_id (you
/interface bridge vlan add vlan-ids=1 bridge=br1 untagged=etherX,etherZ
/interface bridge vlan add vlan-ids=2 bridge=br1 untagged=etherY tagged=etherZ
this is how you can configure easily the L2 stuff,
if you want to bring up the package to L3, you need to add the br1 to that vlan as tagged, ie:
/interface bridge vlan add vlan-ids=1 bridge=br1 untagged=etherX,etherZ tagged=br1
/interface bridge vlan add vlan-ids=2 bridge=br1 untagged=etherY tagged=etherZ,br1
and add vlan interface (like in your favorite or 2nd favorite routing os)
/interface vlan add name=vlanX interface=br1 vlan-id=X <— you can do whatever you want with this interface, assign IP, run dhcp, it’s like a vlan ip interface in cisco
Also you may or may not want to use vlan1 unless you doing something special. I learnt the hard way that each vendor handles differently the default vlan.
You need to understand that inside the bridges, your traffic is untagged and has no vlan id.
On incoming packets, the vlan2 interface will extract tagged 2 traffic from eth4 and offer it as untagged traffic to the router. All the rest of the traffic (in your case untagged) will remain on eth4. On outgoing traffic, the packets exiting the router via interface vlan2 will be tagged with id2 and sent via eth4.
Because hardware offload doesn’t work on the RB 941-2nD and RB 750G v3 once you enable VLAN filtering.
The only way of doing this properly on these devices is on the switch chip. Anything else is going to kill performance.
The ONLY device that works with this new bridge/VLAN stuff is the CRS326 - and that doesn’t have very good reports as yet - the hardware was released way before the software is finished.
Overall it’s rather a poor effort, which effectively leaves no usable devices at the current time.
I have a some CRS326, and yeah we had issues, but with RC50+ it seems to work (we still have some STP issue, which I’ll try to recreate on clean env if i have time).
I just said, even if there is no HW offload, it’s easier to config, maybe more logical for a cisco-person.
As I said, do VLANs on the switch chip if you want decent switching performance (certainly on the 941 anyway).
Here is something that should get you going. First the L2 stuff:
/interface bridge
add name=bridge1
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
/interface ethernet switch vlan
add ports=switch1-cpu,ether2,ether4 switch=switch1
add ports=switch1-cpu,ether3,ether4 switch=switch1 vlan-id=2
/interface ethernet switch port
set 1 vlan-header=always-strip vlan-mode=secure
set 2 vlan-header=always-strip vlan-mode=secure default-vlan-id=2
set 3 vlan-mode=secure
