What does PVID do on bridge VLAN

hooyao · June 12, 2024, 2:01pm

I’m playing around with VLAN for my home. I plan to have 3 VLANS

HOME including the management access to Mikrotik - VLAN 10 on eth3
IOT wifi VLAN 20 on eth4
Guest wifi VLAN 30 on eth5
Trunk port of VLAN 20/30/40 on eth2

I setup the VLANs based on https://www.youtube.com/watch?v=4Z32oOPqCqc, simple and straightforward.

So far everything goes well, but I have trouble keeping IOT and Guest from seeing my Mikrotik router.
I tried to setting the PVID and ingress filtering on the CPU-port(from this post http://forum.mikrotik.com/t/routeros-bridge-mysteries-explained/147832/1), but nothing works. The IOT and Guest VLAN still can login to the router.
My bridge setting is as follows
Screenshot 2024-06-12 215615.png
VLAN table
Screenshot 2024-06-12 221117.png
I’m curious if the bridge settings can help keep IOT and Guest network out.

I understand my requirement can be done via firewall filter rules, still want to get a better understanding of the bridge.

I’m experimenting on rb750gr3, my home router is CHR.

tdw · June 12, 2024, 2:15pm

In Winbox the VLAN tab of a bridge interface contains the settings of the bridge-to-CPU port, in exactly the same way as the VLAN tab of a bridge port does for other ports added to the bridge.

These are layer 2 settings - they will not stop your Guest & IoT networks from accessing some IP services on the Mikrotik, you have to use firewall rules to achieve that.