Page 1 of 1

Access port to tagged vlan

Posted: Thu Sep 12, 2019 11:24 am
by Mrnous
Hi, maybe I'm totally stupid but somehow I'm not doing it, so please give advice :)

I have two different networks access port - untagged vlan on ether9 (i want tagged vlan 464) and ether5 (want tagged vlan 465) on my mikrotik and what i need to do is trunk port on ether2 and sfp-sfpplus1 with these vlans and my internal network in mikrotik to connect two switch Planet. So i need to planet trunk port VLAN 464,465 and internal (maybe vlan 5) It is possible?

My config:
# sep/12/2019 10:21:21 by RouterOS 6.45.5
# software id = 1N8V-6PAY
#
# model = RB4011iGS+
# serial number = B8F60A35B27D
/interface ethernet
set [ find default-name=ether2 ] comment="Planet GS-4210-24T2S"
set [ find default-name=ether5 ] comment=Fox
set [ find default-name=ether9 ] comment="Network pokladna"
set [ find default-name=sfp-sfpplus1 ] comment="Planet GS-4210-48T4S"
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
set 3 default-vlan-id=0
set 4 default-vlan-id=0
set 5 default-vlan-id=0
set 6 default-vlan-id=0
set 7 default-vlan-id=0
set 8 default-vlan-id=0
set 9 default-vlan-id=0
set 10 default-vlan-id=0
set 11 default-vlan-id=0
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip ipsec peer
# This entry is unreachable
add name=peer1 passive=yes
/ip pool
add name=privatni-dhcp ranges=192.168.10.50-192.168.10.240
add name=pptp ranges=192.168.10.241-192.168.10.254
add name=verejne-dhcp ranges=192.168.11.10-192.168.11.254
/ip dhcp-server
add add-arp=yes address-pool=privatni-dhcp conflict-detection=no disabled=no \
interface=bridge lease-time=1h name=privatni
add add-arp=yes address-pool=verejne-dhcp authoritative=after-2sec-delay \
conflict-detection=no disabled=no interface=bridge_verejny lease-script=":\
local queueName \"Client- \$leaseActMAC\";\r\
\n \r\
\n:if (\$leaseBound = \"1\") do={\r\
\n /queue simple add name=\$queueName target=(\$leaseActIP . \"/32\") l\
imit-at=4096k/10240k max-limit=4096k/10240k comment=[/ip dhcp-server lease\
\_get [find where active-mac-address=\$leaseActMAC && active-address=\$lea\
seActIP] host-name];\r\
\n} else={\r\
\n /queue simple remove \$queueName\r\
\n}\r\
\n" name=verejne
/interface bridge port
add bridge=bridge comment="Planet GS-4210-24T2S" interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge_fox comment=Foxtrot interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment="Planet GS-4210-48T4S" interface=sfp-sfpplus1
add bridge=bridge interface=ether10
add bridge=bridge_pokladny comment="S\ED\9D pokladna" interface=ether9
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.10.1/24 comment=Privatni interface=bridge network=\
192.168.10.0
add address=192.168.11.1/24 comment=Privatni interface=bridge_verejny \
network=192.168.11.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.10.0/24 gateway=192.168.10.1
add address=192.168.11.0/24 gateway=192.168.11.1
/ip dns static
add address=192.168.88.1 name=router.lan
/ip firewall address-list
add address=192.168.0.0/16 list=RFC1918
add address=192.168.10.0/24 list=povolene

Re: Access port to tagged vlan

Posted: Thu Sep 12, 2019 3:13 pm
by anav
I would add a diagram to help the reader as your explanation is lacking.

I would also state the problem in requirements. What would you like to accomplish for users, without talking about networks, or equipment.

Re: Access port to tagged vlan

Posted: Thu Sep 12, 2019 4:21 pm
by Mrnous
This i want :) from 2 acces ports to mikrotik trunk port with internal network. On ZTE i cant do Vlans...
Image

Re: Access port to tagged vlan

Posted: Thu Sep 12, 2019 5:02 pm
by tdw
Replace your two existing bridges (bridge & bridge_verejny) with a single VLAN-aware bridge, see https://wiki.mikrotik.com/wiki/Manual:I ... _Filtering and there are many posts on the forms too.

Re: Access port to tagged vlan

Posted: Sun Sep 15, 2019 1:59 am
by anav
A good reference is this one has examples and when you understand it you are ready to configure!!
viewtopic.php?f=13&t=143620

This may also be useful to read as well.
viewtopic.php?f=13&t=143620

( I do not know what a ZTE is?? where is your ISP............)