I just bought a mikrotik HEX and I’m trying to configure it (and learn some networking also)
on ether-1 I have configured internet connection, PPPoE interface with VLAN 835 (as requested by my provider)
I would like to use the other ports (ether-2,3,4,5) to my PCs/switches around the house: do I need a bridge for that? (I see that it’s created by default in the interface list)
more generally, what is a bridge used for, in a common home LAN setup? I read the theory but I don’t understand its practical implementation
Bridge will group the interfaces together bind them under a single interface you can refer to
Most common SOHO routers sold in stores will use two VLANs to separate WAN and LAN
So usually WAN is VLAN 1 and the LAN Bridge is VLAN 2 which group the LAN interfaces
I find this configuration very clean and use it much the same way on Mikrotik
But on Mikrotik there is more than one way to do it and you are not bound by anything.
The single bridge in the hEX will get hw offloading (fast chip switch speeds in hardware).
You can use bridge as interface and as stated bind several etherports together and provide single DHCP serving network.
Or you could assign different LANS to the etherports but they are all associated to the bridge at the end if you want them all to see each other at layer2.
If you want to block lan(s) from other Lan(s) use two bridges for exampe or one bridge for a bunch of lans and one LAN not on the bridge thus blocking at layer 2 and then use FW rules to ensure they dont talk.
However if you start to get complicated guest wifi and other things then VLANs are your best bet.
Then I pull out my hair and age rapidly, so I am not there yet but soon will have to be…
I think the easiest way is to describe bridges as software switches, allowing you to “switch” between its assigned ports (interfaces).
Some could be ethernet interfaces and SFP ports, which allow the help of a real hardware switch chip if available (and this is named hardware offload), others could be other real interfaces (e.g. wireless adapters) or some virtual things, like EoIP tunnels and VLANS defined as individual interfaces (basically any interface that could carry L2 ethernet frames can be a bridge port).
Just keep in mind: to benefit from HW offloading, you may not use the more advanced bridge functions, like packet filtering or IGMP snooping, which are done in software only.