Hi all,
I have some problems to get how vlan tagging is working with mikrotiks. At first: it seems to work. But I don't know why. I have several Mikrotiks in place. All of them have ether1 as trunk port.
one of them (.51) is my capsman and dhcp server.

My biggest problem is how it is working with different bridges. I am using wifi-bridge for VLAN 20. So now I have wlan1,wlan2 and if-vl20.ether1 (vlan interface of ether1) on that wifi-bridge. So far so good. If I now configure DHCP on if-vl20.ether1 all caps are getting an IP. But no wifi client. It is only working, if I create a if-vl20.wifi-bridge (vlan interface of wifi-bridge). This is also not part of wifi-bridge.
so my questions are:
1) why is DHCP not working for clients connectet to wifi, if DHCP is on if-vl20.ether1 (which is in same bridge as wan1 & 2)?
2) is DHCP request now tagged or untagged for wlan1 or wlan2 (with DHCP-Server on if-vl20.wifi-bridge)?
3) what is the need putting VLAN interface on bridge interface? I don't fully understand, what this is for?

Next I want to have multiple SSIDs on one or two of the CAPs. Each with a separate VLAN tag. Currently I have configured on each CAP, that wlan-interfaces are dynamicly put on wifi-bridge.
4) how do I organize that to get VL20 to untagged ether2 and a new VL21 to untagged ether3? Is it correct to create if-vl21.wifi-bridge and put it to a new bridge with ether3?

I have basic understanding of networks. But regarding vlan Tagging I am a beginner.

thanks in advance for any response

Edit: forgot to say, that in caps-man wifi datapath is configured to vlan 20

Hi all,
it seems, that I explained it too complex. So let's summarize my main problem.

What is the sense of putting a vlan-interface on a bridge rather than on a physical ethernet port?

kind regards

Hi all,
What is the sense of putting a vlan-interface on a bridge rather than on a physical ethernet port?

Now that is a good and simple question.
Atttaching a vlan interface to a bridge makes this particular vlan available on all connected bridge ports.
Pro: simple and idiot-proof.
contra: probably increased admin (and CPU) overhead if you want to sepereate it from other ports.

Attaching it directly to a physical interface makes it available only on that particular physical interface.
If this physical interface is member of a bridge, the assigned vlan id will not be present in the bridge at all and hence not on other ports connected in that bridge. You'll have to take care yourself if you want it to to be present on other physical interfaces.

Pro: super-flexible - vlan200 on ether1 can be vlan666 on ether2 and vlan100-in-200 on sfp1
contra: increased admin-overhead and probably running into issues when you create multiple bridges for your vlans and aren't really deep into RSTP.

And the best:
Everything (will ¦ can) change with 6.41 :-)
-Chris

nice explanation. thank u. i am playing also with vlan at my lab at this moment (6.40.5), and questions like this was in my mind.
questions. ...
1. if vlan100 is attached to bridge1 (ether1,ether2 is member of bridge1). both ether1 and ether2 become trunk ports?
2. if vlan200 is attached to bridge2 (ether3 is member of bridge2). ether3 is an access port?

nice explanation. thank u. i am playing also with vlan at my lab at this moment (6.40.5), and questions like this was in my mind.
questions. ...
1. if vlan100 is attached to bridge1 (ether1,ether2 is member of bridge1). both ether1 and ether2 become trunk ports?
2. if vlan200 is attached to bridge2 (ether3 is member of bridge2). ether3 is an access port?

You got it.
-Chris

So if more than one ethernet port is member of a bridge, and you add a vlan to them, all becomes trunk port?
And if only one ethernet port is memeber of a bridge, it becomes access port?

1. if vlan100 is attached to bridge1 (ether1,ether2 is member of bridge1). both ether1 and ether2 become trunk ports?
2. if vlan200 is attached to bridge2 (ether3 is member of bridge2). ether3 is an access port?

On port eth1 and eth2 here you only see tagget traffic?
And on port eth3 untagget traffic?
But if I like vlan 100 tagged and vlan 200 untagged on eth2?

Sorry i said it wrong in my previous post.
1. if vlan100,vlan200 is attached to bridge1 (ether1,ether2 is member of bridge1). both ether1 and ether2 become trunk ports.
2. if vlan300 is attached to bridge2 (ether3 is member of bridge2). ether3 is an access port.

two vlan (100,200) and more makes the ports trunks.
one vlan (300) makes them access ports

Please someone correct me if i am wrong!

That is more logical.
But will all vlan on a trunk port be tagged, or can there be one vlan without tag?

what I have learned is, that a physical port (ether1) in a bridge will be untagged at all. If you add vl100 on ether2 and add this one also to that bridge, all traffic on ehter1 will be tagged with vl100 on ehter2.
edit: see here