vlan routing and bridging

kangoo · May 23, 2011, 5:32pm

hello,
i want to do this. on ether5 create vlan 10 and 11. then bridge vlan 11 to switch port 4. on swtich port 1 (LAN) i want to create vlan 10 and give it an ip adress. i also want give vlan 10 anoter ip adress an ether5 (WAN). so it should be routing between ether1 and vlan10 on ether5. on ether5 should be a vlan trunk and on ether1 and ether4 it should be an access vlan.
the switch ports 2 and 3 should be disabled (no funktion anymore)

kind regards
kangoo

fewi · May 23, 2011, 5:51pm

Some parts of that request don’t make any sense. If you put two ports on the same VLAN they are on the same broadcast domain, and thus are switched/bridged. There is no routing within a VLAN. Assigning one IP address each on the same network to both ports makes no sense. If the IPs are on different networks then the ports shouldn’t be on the same VLAN, and should just be normal routed ports.

So assuming you mean that you want ether5 to be a trunk port for VLANs 10 and 11, and ether1 to be on VLAN 10 as a native VLAN (untagged), ether4 to be on VLAN 11 as a native VLAN (untagged) and for all other ports to be disabled, the configuration would look something like this:

# disable switch chip
/interface ethernet
set [find] master-port=none
# add vlan subinterfaces to ether5
/interface vlan
add disabled=no vlan-id=10 name=vlan10 interface=ether5
add disabled=no vlan-id=11 name=vlan11 interface=ether5
# create bridges
/interface bridge
add name=vlan10-bridge 
add name=vlan11-bridge
# add vlan10 subinterface and ether1 to vlan10 bridge
/interface bridge port
add bridge=vlan10-bridge interface=ether1
add bridge=vlan10-bridge interface=vlan10
add bridge=vlan11-bridge interface=ether4
add bridge=vlan11-bridge interface=vlan11
# disable ether2 and ether3
/interface ethernet
disable [find name=ether2]
disable [find name=ether3]

As always you’d be far better off with a VLAN capable switch rather than trying to shoehorn a router into being a switch via software bridging.

kangoo · May 23, 2011, 6:05pm

@ fewi
of course you are right. on ether1 i need another vlan. let´s call it internal with vlan id 99. then i want give vlan 10 a ip adress and vlan 99 another adress. between theese vlans routing should be installed.

regards

kangoo

fewi · May 23, 2011, 6:48pm

According to your original post ether1 was going to be an access mode (Cisco parlance) port for VLAN 10. How does VLAN 99 come into it on the same port?

I would do this with a router and a VLAN capable switch. All switched ports are on the switch, including a trunk back to the router. The router gets VLAN subinterfaces on the uplink port. IP addresses are applied to the VLAN subinterfaces. The router will automatically route between them as long as clients use the IPs the router has on the subinterfaces as their gateway.