VLAN TAG and UNTAG

RouterOS General
1

Hi there!
i have the following scenario (see attachment)
simple. I use 2 Routerboard RB750Gr3, my first one have one ethernet in trunk (vlan 10,20,30), each vlan has an IP address and one DHCP Server on it.
i would like to configure my second RB as a switch to give tag or untag on some ethernet ports.
in my case, eth1 is my trunk, and on eth3 wonna connect a PC1 (in DHCP) and expect to have something 192.168.10.x on eth4 something with 192.168.20.x

very linear. I follow this: RouterOS - RouterOS - MikroTik Documentation but without success

this is my both RB configuration:
R1
[admin@1] > export

jan/02/1970 03:41:50 by RouterOS 6.47.1

software id = XXXXX

model = RB750Gr3

serial number = XXXXX

/interface bridge
add name=bridge1
/interface ethernet
set [ find default-name=ether1 ] comment="vs 2"
/interface vlan
add interface=bridge1 name=vlan10 vlan-id=10
add interface=bridge1 name=vlan20 vlan-id=20
add interface=bridge1 name=vlan30 vlan-id=30
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp_pool0 ranges=192.168.10.20-192.168.10.200
add name=dhcp_pool1 ranges=192.168.20.20-192.168.20.200
add name=dhcp_pool2 ranges=192.168.30.20-192.168.30.200
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=vlan10 name=dhcp1
add address-pool=dhcp_pool1 disabled=no interface=vlan20 name=dhcp2
add address-pool=dhcp_pool2 disabled=no interface=vlan30 name=dhcp3
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,passw
ord,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=bridge1 interface=ether1
/ip address
add address=192.168.10.1/24 interface=vlan10 network=192.168.10.0
add address=192.168.20.1/24 interface=vlan20 network=192.168.20.0
add address=192.168.30.1/24 interface=vlan30 network=192.168.30.0
/ip dhcp-server network
add address=192.168.10.0/24 gateway=192.168.10.1
add address=192.168.20.0/24 gateway=192.168.20.1
add address=192.168.30.0/24 gateway=192.168.30.1
/ip dns
set servers=8.8.8.8,1.1.1.1
/system identity
set name=1


R2
[admin@2] > export

jan/02/1970 03:33:02 by RouterOS 6.47.1

software id = YYYYY

model = RB750Gr3

serial number = YYYYYYY

/interface bridge
add name=bridge1
/interface ethernet switch port
set 0 vlan-mode=secure
set 2 default-vlan-id=10 vlan-mode=secure
set 3 default-vlan-id=20 vlan-mode=secure
set 4 default-vlan-id=30 vlan-mode=secure
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/user group
set full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether5
/interface ethernet switch vlan
add independent-learning=yes ports=ether1,ether3 switch=switch1 vlan-id=10
add independent-learning=yes ports=ether1,ether4 switch=switch1 vlan-id=20
add independent-learning=yes ports=ether1,ether5 switch=switch1 vlan-id=30
/system identity
set name=2

net.png
net.png682×467 14.6 KB

2

If you check the same document you quoted, but top most section (introduction), you’ll see that hEXGr3 doesn’t support VLANs in hardware. Hence your config, even though it might seem to be accepted, doesn’t really work. You’ll have to configure VLANs on bridge (follow this tutorial, post Switch with a separate router (RoaS)) … but you’ll loose HW offload unfortunately.

BTW: just pointing out the obvious: R1 doesn’t have any firewall setup, hence it’s not suitable to expose it to internet.

3

Read this reference, will clear it up for you!
http://forum.mikrotik.com/t/using-routeros-to-vlan-your-network/126489/1