To make a long question short… I’ve got an RB750GL set up with ether1 as WAN and ether2 as the Master port for ether3, 4, and 5. I’ve got a Planet Networks switch sending traffic to it with vlan1 and vlan4 headers, and those work perfectly.
How do I get traffic from devices plugged straight into the RB750GL to be tagged as vlan1?
In Interface / VLAN i’ve got:
vlan1 → VID1 → ether2-master-local
vlan4 → VID4 → ether2-master-local
I think you need to take the ports out of the switch and then bridge them to the vlan.
Eg remove master port from ether4
Then add a bridge and add the vlan and ether4 as ports into the bridge.
Nick.
RB750GL switch is quite limited when working with VLAN, but you can achieve this using bridge and VLAN interfaces. Take a look at this example to get the idea: http://wiki.mikrotik.com/wiki/Vlans_on_Mikrotik_environment
Currently such VLAN management at hardware is possible on router with AR8316 switch chips (RB493G, RB1200, RB450G, RB435G). We are working to diagnose problems why it is not working correctly on routers with Ar8327 switch chips (RB750GL).
Thanks for the info.
So for vlan1 right now I have its interface set as ether2-master-local. If I’m going to have multiple ports as part of vlan1, should I create a bridge and then change the interface from ether2 to br-vlan1?
Since the 750’s(and most of the routerboards I’v seen) are logically divided so to speak into the switch side of the 750 and the CPU side(IP/routing/scriptable logic!/etc…). Some of the previous examples is using the CPU side of the unit to deal with VLAN’s.
You can also acheive what you are doing simply using the SWITCH CHIP side of the 750’s.
Have a look at http://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features
the example at the bottom of the page shows how to utalize the 750g’s switch chip with VLAN’s.
Using the switch chip will throuput data quicker than kicking data up to the cpu for processing and back down again. Also if you want to push data from the switch chip function up to the CPU remember to click COPY to CPU in the (winbox) Switch->Rule->Action Tab. That way you can look at adding an IP if need be to a `bridged’ VLAN for that port. Yes its messy, but so far I’m yet to see some nice clear MIKROTIK written examples that gives better examples of working with VLAN’s.
The switch ship can VLAN tag and untag data on the ingress and egress of each port onthe 750’g.
The only thing to be cautious about is loosing connectivity to the cpu, as you need to talk to that to implement changes to the device with things like winbox or telnetting. As you can end up cutting off the cpu completely with the switch commands!! Thus I have used the Copy to CPU option in the rules and bound an IP to the interface so I can at least make changes to the device.
You will also find in the /switch part of the mikrotik terminal that there are more command there than what is shown in the winbox unit.
Good luck..
You are wrong, that’s not true for the RB750GL. The AR8327 chip cannot remove, add or change VLAN header. Very bad…
Hi, I’m not sure why you say I am wrong.
The chip `CAN’ add and change vlan headers. Just look at the atheros AR8327 datasheet.
If anything the AR8327 can do more than 7240 chip.
Solution Highlights
• One GMII or two RGMII MAC interfaces
• Single SERDES/SGMII Interface
• 5 integrated 10/100/1000Base-T PHYs with integrated termination
for the MDI interface
• Supports IEEE 802.3az standard
• Atheros ETHOS-Designed Green Ethernet (EDGE™) power saving modes
• QoS support with four traffic classes based on port, IEE802.1p,
IPV4 TOS, IPV6 TC and MAC addresses
• Full VLAN support including QinQ and VLAN tag insertion and removal,
with IVL and SVL
• VLAN translation and mapping
• Line rate hardware NAT (AR8327N)
• Hardware IGMP V1/2/3 and MLD V1/2 snooping, join and fast leave
• 96 Custom ACLs and rule based counters
• Ingress and Egress rate limiting and bandwidth control
• Broadcast storm suppression
http://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features
AR8327_Datasheet.PDF (554 KB)
According the the referenced WiKi page:
Vlan-header option (configured in /interface ethernet switch port) sets the VLAN tag mode on egress port. This option works only with Atheros 8316 switch chip and takes the following values:
leave-as-is - packet remains unchanged on egress port;
always-strip - if VLAN header is present it is removed from the packet;
add-if-missing - if VLAN header is not present it is added to the packet.
I just had a look at a 751U-2HnD (7240 chip) running 5.18 - the VLAN header option is not there.
Any reason to believe that it has been implemented on any of the 8327 chip routerboards?
Dup.