Hi. I have this working but not sure if its correct.
I have 2 rb750’s connected together via cat5. Ether1 on both RB’s are connected via the cat5 cable.
There is 3 vlans on each RB. VLAN1 which runs accross Ether1 of both RB’s and VLAN 10 AND VLAN20 which are used to split up 2 different networks.
When I created both VLAN10 & VLAN20 I had to create a bridge for both of them, each.
On bridge VLAN10 I bridged VLAN10 and ether5 together on each board.
On bridge VLAN20 I bridged VLAN20 and ether4 together on each board.
When I plug 2 pc’s into ether5 of each board (using their own subnet) they ping correctly and vise versa for ether4
The documentation online is very summarised and does not mention anything about bridges when vlaning. I would just like to know if what I have done is correct or is there a different way of doing it before I deploy this scenario?
Hi, yes bridging is correct if you are using the router(cpu) side of the 750’s. Its a lot of mucking around to get the config’s just right. I know I’v been playing with the 750g’s for the past couple of months with VLAN’s. I’v recently got this type of vlan working kind of properly myself on a 750g<->rb1200 and being able to put the trunk on a generic switch so I can add in more 750g’s into the trunk!!
Since the 750’s are logically divided so to speak into the switch side of the 750 and the CPU side(IP/routing/scriptable logic!/etc…). Your example is using the CPU side of the unit to deal with VLAN’s.
You can also acheive what you are doing simply using the SWITCH CHIP side of the 750’s.
Have a look at http://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features
the example at the bottom of the page shows how to utalize the 750g’s switch chip with VLAN’s.
Using the switch chip will throuput data quicker than kicking data up to the cpu for processing and back down again. Also if you want to push data from the switch chip function up to the CPU remember to click COPY to CPU in the (winbox) Switch->Rule->Action Tab. That way you can look at adding an IP if need be to a `bridged’ VLAN for that port. Yes its messy, but so far I’m yet to see some nice clear MIKROTIK written examples that gives better examples of working with VLAN’s.
The switch ship can VLAN tag and untag data on the ingress and egress of each port onthe 750’g.
The only thing to be cautious about is loosing connectivity to the cpu, as you need to talk to that to implement changes to the device with things like winbox or telnetting. As you can end up cutting off the cpu completely with the switch commands!! Thus I have used the Copy to CPU option in the rules and bound an IP to the interface so I can at least make changes to the device.
It all really comes down to what your goals are and what you are trying to do with the network that will determine the best way to approach it.
Each VLAN in a MikroTik is treated as it’s own separate routed interface, it is after all is a router not a switch. This is not like a switch where there is a concept of a “tagged” and “untagged” port, or ports with a PVID. In order to give a port a “PVID” you have to do what you outlined, bridge a physical port with a VLAN, and as a side note you cannot bridge a VLAN with the physical port it is on.
I have never used the switch chip for anything like that, so I can’t speak to if what you are looking to do is possible by using it, or what options are there. If you want advice, provide what you are looking to accomplish with the network, and a diagram. Then people can help from there.
Thanks guys for the replies. All I have at the moment is 750’s and no MT switches.
It is working as it should, so I probably should’nt worry about it?
All I am trying to do is seperate 2 different isp networks through a licensed link. I will have 1 750 at each end of the licensed link and have each provider use one port only on each 750.