Hi ,
ich have ether1, ether2, ether3 in1 Bridge on an CRS. Works fine. No VLAN, no tagged traffic. No filter. every port can communicte with the other. Ports in switch all dynamically vlan1 untagged.
Now i will put Traffic vlan201 on ether4 to this bridge (traffic). only devices behind the vlan201 on ether4 should communicate with ether1, ether2, ether3 (untagged).
How can i make this while HW offload should work on ether4?
thanks
Christian
If I understand you correctly, you want to have a subnet consisting of
Hypothetically (or in the future) you want to have another subnet consisting of, say,
So you need to add ether4 to bridge, configure ether1, ether2 and ether3 with pvid, add an appropriate entry under /interface bridge vlan and enable vlan-filtering on bridge. Optionally (but I strongly suggest to do it) also configure security properties: frame-types and ingress-filtering on bridge ports.
If you also want your CRS to participate in certain VLAN (e.g. because you want management access to it from that VLAN), you have to add bridge interface to the list of tagged ports for selected VLAN, create vlan interface and add IP setup (address et al.) to that vlan interface.
Things are pretty well explained in this tutorial. Read it, understand it and configure your CRS. While doing it, don’t change settings regarding the port you’re using to do the management, when changing L2 config it’s very easy to loose access and you then have to reset config and start over.
So you need to add ether4 to bridge, configure ether1, ether2 and ether3 with pvid, add an appropriate entry under /interface bridge vlan and enable vlan-filtering on bridge. Optionally (but I strongly suggest to do it) also configure security properties: frame-types and ingress-filtering on bridge ports.
O.k. Thank you. This will work. But what is, when i in future will add more than 1 VLAN to this ports ether1,ether2,ether3 (vlan300 from ether5 to the same ports).
I can’t set pvid 201 and 300 at same time to ether1,ether2,ether3?
thanks
Christian
You can’t have single port untagged member of multiple VLANs … switch/bridge has no means of guessing which VLAN tag it should apply on ingress. Having multiple VLANs untagged on certain port could work on egress. So you have to decide and only use single untagged VLAN (PVID).
Actually there’s advanced topic about untagged and multiple VLANs (you can goolge “MAC-based VLAN” to get an idea).
If you decide to add tagged VLAN to some of these ports (e.g. add tagged VLAN 300 to ether1), it’s pretty simple: add ether1 as tagged member to VLAN 300 under /interface bridge vlan and (if you changed property before) change ether1 property frame-types to any (under /interface bridge port). BTW, frame-types=any is default setting.