I do have a VLAN configured in a bridge.
The config command you posted a few posts back indicates that you're configuring VLANs on switch chip.
So there are two ways of doing it:
- On switch chip
You configure things in /interface ethernet switch port and /interface ethernet switch vlan configuraton subtrees.
The first one essentially configures ingress behaviour (or, rather, mix of behaviours: default-vlan-id is for ingress, while vlan-header is for egress) and the second one egress behaviour.
- On bridge
You configure things in /interface bridge port and /interface bridge vlan configuration subtrees. In addition to that, you have to set vlan-filtering=yes on VLAN-aware bridge.
The first one configures ingress behaviour and the second one configures egress behaviour.
In both cases you configure "L2.5" using /interface vlan
... which exposes individual VLANs for L3 setup.
I advise you to read through this tutorial
. It is about the bridge vlan setup (#2 in my list above), it helps to understand some basic concepts and the way they're implemented in ROS. If you decide to go with switch chip (#1) way, you can adapt configuration later, conceptually it is similar but perhaps a bit harder to grasp the details if you start to do it without some good background.
Tx mkx, much appreciated.
I realised there are two different ways of doing VPN's, and it confuses the heck out of my because of two reasons:
1) I don't really know the practical differences between the two
2) When I'm reading a tutorial, I can't tell which of both methods is being used
Regarding this situation:
- I'd like multiple ports to act as 'single switch' (what I think is called a bridge)
- I'd like to run 2 VLAN's on that 'bridge'
- I can choose if for one of those VLAN's I leave all traffic untagged, or I need to let the board tag it
What would be the best approach for this, which method, and do I use untagged traffic or should I tag it all?
Thanks so much!