Dear Mikrotik Community,

im using Mikrotik for three months (Mikrotik HEX, latest firmware), and i am quite satisfied!

But i have a specific problem:
1 have two ethernet ports connected via bridge.
On the bridge i have a multiple VLAN, one of them is ID 160.

PORT A: Linked to managed switch, VLANs are separated on this switch ports.

PORT B: Just an ip cam, can not recognize VLAN ID 160.

I want to include the cam on PORT B to VLAN 160. Cant plug cam into managed switch because this switch is remote (40m), but camera is close to router.
I found the menu entry : Switch and played with it...no sucess...
I think in this menu i have to specifiy that PORT B is ID160, but untagged, because device cant handle tagged VLAN.

Can anyone help me to achieve this?

regards mikron00b

Post configuration (execute command /export hide-senstitive in terminal window) so we can see how your current VLANs are done.

Hy, here my shorted export:

/interface bridge
add admin-mac=XXXXXXXXXXXXXXX auto-mac=no name=bridgeMAIN
/interface ethernet
set [ find default-name=ether2 ] name=2LIVROOM
set [ find default-name=ether4 ] name=4FOO
/interface vlan
add comment=XXXXXXXXXXX interface=4FOO name=VLAN160 vlan-id=160
/interface bridge port
add bridge=bridgeMAIN comment=defconf interface=2LIVROOM
add bridge=bridgeMAIN comment=defconf interface=4FOO
/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-vlan=yes

2LIVOOM = Here is one CAMERA
4FOO = Here is the VLAN

I hope this info is enough...

Hy, here my shorted export:

Code: Select all

/interface bridge
add admin-mac=XXXXXXXXXXXXXXX auto-mac=no name=bridgeMAIN
/interface ethernet
set [ find default-name=ether2 ] name=2LIVROOM
set [ find default-name=ether4 ] name=4FOO
/interface vlan
add comment=XXXXXXXXXXX interface=4FOO name=VLAN160 vlan-id=160
/interface bridge port
add bridge=bridgeMAIN comment=defconf interface=2LIVROOM
add bridge=bridgeMAIN comment=defconf interface=4FOO
/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-vlan=yes

2LIVOOM = Here is one CAMERA
4FOO = Here is the VLAN

I hope this info is enough...

Please use safe mode at all times when configuring winbox.!!!!!

/interface bridge port (sets up any ingress required for access ports)
add bridge=bridgeMAIN comment=defconf interface=2LIVROOM pvid=160 admit-frames=untagged only
add bridge=bridgeMAIN comment=defconf interface=4FOO

Need interface bridge vlan rules (covers egress)
/bridge interface vlan
add bridge=bridgeMain tagged=bridgeMain,eth4 untagged=eth2 vlanid=160

Get rid of this..........
/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-vlan=yes

and make sure you have something like.......
/interface bridge
add admin-mac="your own mac" auto-mac=no comment=defconf name=\
bridgeMain vlan-filtering=yes

Hy, thynk you worked.

BUT:

Get rid of this..........
/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-vlan=yes

This is for firewall rules, when i deactivate those rules will not work anymore?

No because you set your firewall rules in
/ip firewall filter (for both input and forward chain). They apply to all traffic!!
/ip firewall NAT (for source nat and nat/fw rules for each particular dstnat)