Community discussions

 
YASSKYLIGHT
just joined
Topic Author
Posts: 15
Joined: Sun Sep 02, 2012 9:12 pm
Contact:

Bridge untagged ether1 with tagged vlan3 on ether1.

Tue Aug 20, 2019 7:56 pm

Hello.
Could you please help me with bridging vlan interface with etherne interface?
I have a Router with two phisical interfaces, wlan1 (wireless) and ether1.
wlan1 is connected to the internet, so it's WAN.
On local network I need have ether1 untagged, and vlan3 on ether1 with tag 3. After there is a management swith, which have access ports for untaged and tagged traffic.

MikroTik now is on 6.44.3, but it's not a problem to update or downgrate it.
After router reset I setup wireles and do.
/interface vlan
add interface=ether1 name=vlan3 vlan-id=3

/ip address
add address=172.16.2.1/24 interface=ether1 network=172.16.2.0
add address=172.16.3.1/24 interface=vlan3 network=172.16.3.0
On this point everything is works, pinging.
/interface bridge
add name=bridge1

/ip address
set [/ip address find address="172.16.2.1/24"] interface=bridge1
set [/ip address find address="172.16.3.1/24"] interface=bridge1

/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=vlan3
For this moment it's works. But after router restart, not working at all.

If I'm disable one interface, on other everything start work.
/interface bridge port
set [/interface bridge port find interface=ether1] disable=yes

I feel what something is missing.
After some playing with disabling interfaces in bridge, it becomes worked again.
 
anav
Forum Guru
Forum Guru
Posts: 3122
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: Bridge untagged ether1 with tagged vlan3 on ether1.

Tue Aug 20, 2019 9:24 pm

Recommend reading this resource and the examples.........
viewtopic.php?f=13&t=143620

This one may help as well.........
https://wiki.mikrotik.com/wiki/Manual:Bridge_VLAN_Table
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1790
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: Bridge untagged ether1 with tagged vlan3 on ether1.

Tue Aug 20, 2019 9:54 pm

Hey

Why would you need the bridge anyway?
There is only one interface of each...
 
YASSKYLIGHT
just joined
Topic Author
Posts: 15
Joined: Sun Sep 02, 2012 9:12 pm
Contact:

Re: Bridge untagged ether1 with tagged vlan3 on ether1.

Wed Aug 21, 2019 1:13 am

Hey

Why would you need the bridge anyway?
There is only one interface of each...
Network growed up and I have to separate different devices. This cannot be done in a short time.
I wish to prepare a separate vlan and merge it with the current network.
When devices and network connections (correct ports) will be done (This process could take a month.), I'll divide them and everybody will be happy.
It's in a short way.
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1790
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: Bridge untagged ether1 with tagged vlan3 on ether1.

Wed Aug 21, 2019 10:48 am

Let me rephrase: bridge is not what you are looking for = wrong in this case.

vlan3 & lan have different ip ranges so direct communication between devices is not possible -> a router between is needed to do the forwarding. A bridge will not solve that.
 
User avatar
Steveocee
Forum Guru
Forum Guru
Posts: 1110
Joined: Tue Jul 21, 2015 10:09 pm
Location: UK
Contact:

Re: Bridge untagged ether1 with tagged vlan3 on ether1.

Wed Aug 21, 2019 10:50 am

Bridging isn't what is needed here. You have 2 separate segments on the same interface and you want to bring them together?

If you want the networks to talk to one another then you need to put a router between them.........so you have that bit sorted.
Steve "Steveocee" Carter
PC Gamer, Airsofter, MikroTik Nerd
My Website - My MikroTik Tutorials
 
anav
Forum Guru
Forum Guru
Posts: 3122
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: Bridge untagged ether1 with tagged vlan3 on ether1.

Wed Aug 21, 2019 5:23 pm

Your requirements are not clearly stated and are at the least confusing.
First there is no indication of what MT unit you are discussing.

did you read the articles presented.
In generall there are trunk ports and access ports.
Ether 1 is clearly a trunk port.
Although hybrid ports are possible second reference --> 4 or 5th diagram its better to keep it clean.

Use of the bridge is not as evil as the so called experts are decrying. Or more accurately I like to pick the opposite side just for the fun of it. :-)
In fact its much tidier from a laymans perspective to use the bridge.

Create vlan10 (this will be your untagged net)
keep vlan3 for your tagged net.

Assign both vlans to the bridge
Assign etherport 1 to the bridge.
assign dhcps to the vlans etc.........
have one forward chain firewall rule that allows any access you require as an admin to the other vlan.
have other forward chain firewall rules if needed to allow access to a shared device across the vlans (ie printer, subnet to vlan IP address one way)
ensure last forward chain firewall rule is drop all.

At the managed switch assign the port coming from the router is a trunk port and includes vlan 10, 3. Identify all ports for unmanaged devices with vlan10 (data coming from untagged devices is tagged with vlan10) and when the packets leave the switch heading to the devices the tag is stripped off.
Which managed switch are you using again??
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1790
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: Bridge untagged ether1 with tagged vlan3 on ether1.

Wed Aug 21, 2019 5:38 pm

And what is the point of all that? These are still separate networks...

At least your footer is totally correct :-p
 
YASSKYLIGHT
just joined
Topic Author
Posts: 15
Joined: Sun Sep 02, 2012 9:12 pm
Contact:

Re: Bridge untagged ether1 with tagged vlan3 on ether1.

Wed Aug 21, 2019 6:51 pm

Hello. Sorry for inactivity.
There no two separate LANs with separate IP ranges. They only will be there, in a future.
At the moment there only one ethernet interface (physical), with two IP ranges on it.
Now, I need to have tagged and untagged traffic on this single interface, that will be merged at L2 level (for DHCP for example).
There also a lot of things which I can't tell and explain.
Afterward LANs will be separated and and this bridge isn't needed. But it will be after some months, may be.
This is a temporary solution, not permanent.
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1790
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: Bridge untagged ether1 with tagged vlan3 on ether1.

Wed Aug 21, 2019 8:13 pm

Anyway, once you put interfaces in a bridge, all configuration related to them needs to be done on the level of bridge. That includes ips, vlans, ...
from the sound of it, you would want to bridge the vlans only, 3 and "1" (or another but untagged on ether1)

If that's not enough, I would advise you to hire a consultant, have a NDA signed, and then you can tell the whole story
 
anav
Forum Guru
Forum Guru
Posts: 3122
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: Bridge untagged ether1 with tagged vlan3 on ether1.

Thu Aug 22, 2019 4:32 pm

Would have to concur with Sebastia!! Also, I am currently unavailable to work as consultant, due to the impending lawsuit from the VLAN consortium which has the gall to accuse me of abusing VLAN usage.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)

Who is online

Users browsing this forum: No registered users and 24 guests