Community discussions

MUM Europe 2020
 
archerious
just joined
Topic Author
Posts: 15
Joined: Sun Aug 26, 2018 7:50 am

Is VLAN bridge/filtering really needed?

Fri Nov 29, 2019 1:06 pm

I am coming from Ubiquiti, my apologies if this is a stupid question.

I created VLAN20 and VLAN50 interfaces on my RB4011 specifically on sfpplus1. Then added addresses to them, that's it. Then on my CRS309 I have it going to my Ubiquiti Edgeswitch 10X which has eth1 as a truck then on port 4 it goes to another switch then finally to a access point using Vlan20.

So here's what confuses me, everything is working. Like I see so many posts saying I need a bridge, need to do vlan filtering, need to make sure to do a truck on the CRS309 and the CSS326, etc.

So my question is, if I just continue as is what's the harm? Will I wake up to my network not working?

Vlan20= 10.10.10.0/24

Vlan50 = 192.168.10.0/24

Regular lan which I guess is vlan1 is 192.168.88.1/24.

Honest to god not sure if I need vlan filtering since Ubiquiti doesn't support that based on my googling around.

Many thanks and sorry but the mikrotik wiki just gave me more questions and I'm so confused but I really want to understand this and learn more. I'm loving the speed im getting on mikrotik and that's with some basic firewall rules like preventing 10.10.10.0/24 from outbounding to 192.168.88?0/24, and an address list of the ipcams I have not allowing them to use my WAN since phoning home is shady.

Any help is appreciated. Many thanks. :)
RB4011 Former: ER4
CRS309 Former: Ubiquiti XG-16
Edgeswitch 10X
Mikrotik CSS326
AT&T Fiber 1000/1000
https://i.imgur.com/CREztz2.png
 
mkx
Forum Guru
Forum Guru
Posts: 3345
Joined: Thu Mar 03, 2016 10:23 pm

Re: Is VLAN bridge/filtering really needed?  [SOLVED]

Fri Nov 29, 2019 5:28 pm

Bridge is similar to a switch. If you use more than one interface and want devices connected to those interfaces to communicate transparently, then you have to use bridge to join those interface to a switched group.

If you want to run VLANs over several interfaces, you need "smart switch" or "VLAN-capable switch". In ROS, that's bridge with vlan-filtering enabled.

BUT.
If you only want router to use single interface to connect to certain subnet (LAN / VLAN), then you don't have to use bridge ... no need to use switch when only single UTP cable has to be connected. It is fine to create VLAN interfaces and pin them directly to a physical interface (e.g. on sfp-sfpplus1). You just have to be careful to remove used physical interface from any bridge it might be member before. You should never pin VLAN interface to a physical interface which is part of bridge.

However, there are certain exceptions to the rule above (e.g. when you need to use some bridge functionality, such as filtering). In those cases you would have to create a bridge and add that single physical interface to that bridge (and use bridge for all further config).
BR,
Metod
 
archerious
just joined
Topic Author
Posts: 15
Joined: Sun Aug 26, 2018 7:50 am

Re: Is VLAN bridge/filtering really needed?

Sat Nov 30, 2019 8:56 am

Bridge is similar to a switch. If you use more than one interface and want devices connected to those interfaces to communicate transparently, then you have to use bridge to join those interface to a switched group.

If you want to run VLANs over several interfaces, you need "smart switch" or "VLAN-capable switch". In ROS, that's bridge with vlan-filtering enabled.

BUT.
If you only want router to use single interface to connect to certain subnet (LAN / VLAN), then you don't have to use bridge ... no need to use switch when only single UTP cable has to be connected. It is fine to create VLAN interfaces and pin them directly to a physical interface (e.g. on sfp-sfpplus1). You just have to be careful to remove used physical interface from any bridge it might be member before. You should never pin VLAN interface to a physical interface which is part of bridge.

However, there are certain exceptions to the rule above (e.g. when you need to use some bridge functionality, such as filtering). In those cases you would have to create a bridge and add that single physical interface to that bridge (and use bridge for all further config).
Thank you so much, that makes sense. I really like how VLANs are done here, I think it's simpler than Ubiquiti.
RB4011 Former: ER4
CRS309 Former: Ubiquiti XG-16
Edgeswitch 10X
Mikrotik CSS326
AT&T Fiber 1000/1000
https://i.imgur.com/CREztz2.png

Who is online

Users browsing this forum: No registered users and 20 guests