Hello,
I have a question regarding passing traffic between a VLAN on one interface, and a sub-VLAN (Q in Q) on another interface
I have layer 2 VLANS to each site, and within those VLANS we have other VLANS (802.1Q)
I am able to pass traffic individually to each VLAN and each sub-VLAN just fine.
The question is bridging a VLAN on one interface with a sub-vlan on another interface. Ideally these two VLANs need to be treated as the same VLAN, as I want to do Layer 2 routing between these VLANS. Also would like to use the same DHCP server for both interfaces PVID 1234.
The VLAN in question is VLAN 1234.
VLAN 1234 is on Bridge (connected to one device)
VLAN 1234 is also on interface DUNBWVWND495, with parent VLAN interface VLAN ID 495.
Here is my config:
jul/08/2024 11:41:42 by RouterOS 6.49.10
software id =
/interface bridge
add admin-mac=48:A9:8A:12:BE:A2 auto-mac=no comment=defconf name=bridge
protocol-mode=none vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] comment=“CISCO Switch ASH-NEXUS-1”
disable-running-check=no loop-protect=off
set [ find default-name=ether2 ] advertise=10000M-full comment=
Cogent-Internet disable-running-check=no
set [ find default-name=ether3 ] advertise=10000M-full comment=
disable-running-check=no speed=1Gbps
set [ find default-name=ether4 ] advertise=10000M-full auto-negotiation=no
comment=Windstream-Internet disable-running-check=no loop-protect=off
/interface vlan
add interface=bridge name=CBRS1234 vlan-id=1234
add interface=ether1 name=DUNBWVWND495 vlan-id=495
add interface=DUNBWVWND495 name=CBRS-QinQ1234 vlan-id=1234
/interface list
add name=WAN
/ip pool
add name=DHCP-CBRS17219 ranges=172.19.0.2-172.19.7.253
/ip dhcp-server
add add-arp=yes address-pool=dhcp1 disabled=no interface=bridge lease-time=
23m59s name=dhcp1
add address-pool=DHCP-CBRS17219 disabled=no interface=CBRS1234 name=
DHCP-PROD-PENTE
/port
set 0 baud-rate=115200
/ppp profile
set *0 only-one=no
set *FFFFFFFE only-one=no
/snmp community
add addresses=::/0 name=l2uprivate
/system logging action
set 1 disk-file-name=flash/log
/user group
set write policy=“local,telnet,ssh,ftp,reboot,read,write,test,winbox,web,sniff
,sensitive,api,romon,tikapp,!policy,!password,!dude”
/interface bridge port
add bridge=bridge interface=ether1 multicast-router=disabled
add bridge=bridge interface=ether3
/ip neighbor discovery-settings
set discover-interface-list=all
/ipv6 settings
set accept-router-advertisements=yes
/interface bridge vlan
add bridge=bridge tagged=ether1 vlan-ids=
1027,1025,1026,2025,2026,2027,2041,1039,495
add bridge=bridge comment=CBRS tagged=
ether1,PINCHWINKWVWND2041,CULLDNWVWIND2025,bridge,DUNBWVWND495 untagged=
CBRS-QinQ1234 vlan-ids=1234
/interface l2tp-server server
set enabled=yes ipsec-secret=lkCeXqCKgxshx0jwQncTzv2BVR use-ipsec=yes
/interface list member
add interface=ether2 list=WAN
add interface=ether4 list=WAN
/ip address
add address=10.3.0.1/24 comment=LAN interface=bridge network=10.3.0.0
add address=172.19.0.1/21 comment=“CBRS - VLAN 1234” interface=CBRS1234
network=172.19.0.0
/ip cloud
set update-time=yes
/ip dhcp-server lease
/ip dhcp-server network
add address=10.3.0.0/24 dns-server=8.8.8.8,10.3.0.10 domain=local2u.com
gateway=10.3.0.1
add address=172.19.0.0/21 dns-server=8.8.8.8,1.1.1.1 domain=
crosslaneswv-cust.local2u.com gateway=172.19.0.1 netmask=21
/ip dns
set allow-remote-requests=yes servers=10.3.0.10,8.8.8.8
/system clock
set time-zone-autodetect=no time-zone-name=America/New_York
/system identity
set name=l2uashburnva
/system ntp client
set enabled=yes primary-ntp=129.6.15.27 secondary-ntp=129.6.15.30
server-dns-names=time-d-g.nist.gov
/system package update
set channel=long-term
/user aaa
set use-radius=yes
Thanks
Nick Harney
Nickologic LLC
PO Box 164, Sunset Beach CA 90742
nickologic.com