Community discussions

MUM Europe 2020
 
djsertaj
just joined
Topic Author
Posts: 8
Joined: Thu Oct 29, 2015 8:45 am

Implementing vlan in Different Ways

Mon Feb 15, 2016 4:56 pm

Hello guys. What are the differences between these configurations?

First situation;

vlan10_a -> interface ether1
vlan10_b -> interface wlan
bridge1 -> ports are vlan10_a and vlan10_b


Second situation;

bridge1 -> ports are ether1 and wlan
vlan10 > interface bridge1


I just wonder how the traffic(Including the data without tag) flows in that two different configs?
 
kiaunel
Member Candidate
Member Candidate
Posts: 211
Joined: Mon Jul 21, 2014 7:59 pm
Location: Romania

Re: Implementing vlan in Different Ways

Mon Feb 15, 2016 10:21 pm

never made an setup like this but i think in first situation ether1 ans wlan are in trunk and traffic will be tagged and in second wil be an access port and traffic wil be untagged. Hope i`m not wrong.
My setup is like this...
Vlan 100 and 200 added to ether2 and ether 3 slave to ether2. This are two trunk ports with tagged traffic.
ether4 in bridge with vlan100 and ether5 slave to ether4 as access ports with untagged
 
lambert
Long time Member
Long time Member
Posts: 533
Joined: Fri Jul 23, 2010 1:09 am

Re: Implementing vlan in Different Ways

Tue Feb 16, 2016 1:44 am

IIRC, you cannot add VLAN tags to a bridge interface. So the second configuration is not an option.

Edit: I apparently recalled incorrectly. Sorry folks. Should have kept my keyboard shut.
Last edited by lambert on Tue Feb 16, 2016 7:16 am, edited 1 time in total.
 
Sob
Forum Guru
Forum Guru
Posts: 4889
Joined: Mon Apr 20, 2009 9:11 pm

Re: Implementing vlan in Different Ways

Tue Feb 16, 2016 1:59 am

I have vlans on bridge, no problem.

Difference between the two situations is that in first case only two specified vlans are bridged together and it does not affect other vlans on same interfaces or untagged traffic. If another vlan20 happens to be on both ether1 and wlan, traffic between them won't be bridged, but only routed (if they choose to use this router as gateway).
Second case bridges whole interfaces with everything on them, so it will transparently pass all other vlans and untagged traffic between them.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
Sob
Forum Guru
Forum Guru
Posts: 4889
Joined: Mon Apr 20, 2009 9:11 pm

Re: Implementing vlan in Different Ways

Tue Feb 16, 2016 2:48 am

Simple example from my home router:
/interface bridge
add name=internal
add name=public
/interface vlan
add interface=internal name=vlan82-guest vlan-id=82
add interface=internal name=vlan240-public vlan-id=240
/interface bridge port
add bridge=public interface=wlan1-public
add bridge=public interface=vlan240-public
add bridge=internal interface=ether1
add bridge=internal interface=wlan2-home
Bridge internal contains ether1 going to switch and wlan2-home wi-fi. On top of that is vlan82-guest for guest network (it's your case #2). Wireless interface has vlan-mode=use-tag, vlan-id=82, so all unknown devices go into guest vlan. Trusted devices have entries under /interface wireless access-list with vlan-mode=no-tag, which makes them part of private internal LAN. Doing it like this allows to have only one common ssid, instead of virtual AP with different one. There's another AP in internal network with same config and ether1 and wlan1 bridged together, but without any defined vlans, so it just passess tagged guest network transparently (that's what I described in previous post). Then there's vlan240-public for internal server, to be directly part of public network, which is bridged together with WAN interface wlan1-public using bridge public (it's half your case #1, as it's vlan with physical interface).
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
djsertaj
just joined
Topic Author
Posts: 8
Joined: Thu Oct 29, 2015 8:45 am

Re: Implementing vlan in Different Ways

Thu Feb 18, 2016 9:32 am

I have vlans on bridge, no problem.

Difference between the two situations is that in first case only two specified vlans are bridged together and it does not affect other vlans on same interfaces or untagged traffic. If another vlan20 happens to be on both ether1 and wlan, traffic between them won't be bridged, but only routed (if they choose to use this router as gateway).
Second case bridges whole interfaces with everything on them, so it will transparently pass all other vlans and untagged traffic between them.
Thanks my friend. Now, I see what happens obviously.

Who is online

Users browsing this forum: No registered users and 34 guests