Community discussions

 
Louis2
newbie
Topic Author
Posts: 26
Joined: Mon Aug 05, 2019 9:00 pm

Very Vague CPU-port- and Bridge-port-access and Bridge to VLAN-binding!

Tue Aug 27, 2019 5:32 pm

Hallo,

I am trying to understand the Mikrotik RouterOS GUI / system behavoir.
In a bit more complex situation are two very relevant questions:
- How to access the CPU in order to configure the device
- How to bind the Bridge in a VLAN

How to access the CPU?
I would expect that you could assign addresses to CPU and Bridge like:
- Address Assign CPU vlan-1 Address-1,
- Address Assign Gateway vlan-1 Address-2,
- Address Assign CPU vlan-2 Address-3,
- Address Assign Gateway vlan-2 Address-4,
- Address Assign Bridge vlan-3 Address-5 (perhaps);
Something like that, not so ……

I detected that if you define an IP-range, that the OS
- assumes that the gateway is delivered by the CRS (not always the case !!! ,
e.g. when the VLAN is coming from external). Quite, Quite annoying! ☹ ☹
- gateway address is also management interface IP ☹,
- further on we have the strange PIVD in the bridge setup under vlan-filtering. It seems to offer the possibility to each the CPU via ports having that PIVD “kind of half way vlan” (I do not like it at all);

How to bind the bridge?
Tja, what to say about that ….
- if you assign a VLAN to the bridge, you would think that it is not necessary to include the bridge as port in your VLAN. That is as far as I know, true with two exceptions:
o You want access to the CPU via that VLAN (important),
o The VLAN does not have an always connected port or trunk. Than you can assign the Bridgeport, to the VLAN to hold the VLAN is the “active state” (only necessary it you need to test the GW);

I hope I described this part of RouterOS behavior correctly and it helps others. Please correct if not so. However that I like that behavior / the GUI, no not at all !!

Sincerely,

Louis
 
mkx
Forum Guru
Forum Guru
Posts: 2829
Joined: Thu Mar 03, 2016 10:23 pm

Re: Very Vague CPU-port- and Bridge-port-access and Bridge to VLAN-binding!

Tue Aug 27, 2019 8:47 pm

I'm not quite sure that I understand all the details of your "complaint". I agree that VLANs are slightly confusing on ROS. But there is one thing that I guess confuses many people: the bridge.

Bridge in ROS has two personalities:
  1. "kind of a switch" personality which passes traffic between member ports. Since ROS 6.41 it's a "smart" switch with decent support for VLANs (if enabled)
  2. L2 "interface" personality, quite similar to ethernet or wireless interfaces. Which is, as @Louis put it, essentially CPU port.
    The confusing part is that this "interface" gets created implicitly and has identical.
If administrator keeps this distinction in his/her mind, it's then easier to configure things. And it's easier to imagine how packets flow (one can not know that as ROS sources are not available to check).
BR,
Metod

Who is online

Users browsing this forum: No registered users and 13 guests