Page 1 of 1

Two ISP providers on two vlans in one interface + bridge

Posted: Tue Dec 03, 2019 10:03 am
by Vladislav2
Hello everyone!
I have a problem with configuring VLANs on Mikrotik.
I have two ISP providers which connected to a managed switch:

First provider in port 1, VLAN 10. Provider gives 5 IP addresses with static assignment, not DHCP;
second provider in port 2, VLAN 20 Provider gives only 1 IP address via DHCP;
Port 3 is tagged port, which connected to Mikrotik's ether1.

On Mikrotik's side I need to use First provider as main link to internet. I can use three IP addresses from the provider's pool, but I need to bypass two IP addresses to other devices, which connected to ether2 and ether3 of Mikrotik.
Second provider as failover link, used only by Mikrotik.

I have configured bypassing IPs with manual "VLAN in bridge with a physical interface" from Wiki, and devices which connected to ether2 and ether3 works fine.
Here is the part of config:
/interface bridge
add name=bridge1 vlan-filtering=yes
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether2 pvid=10
add bridge=bridge1 interface=ether3 pvid=10
/interface bridge vlan
add bridge=bridge1 tagged=ether1 untagged=ether2,ether3 vlan-ids=10
But I don't know how to use 3 addresses which left for Mikrotik and Second provider. The Wiki article "Layer2 misconfiguration" says that is bad to add VLAN interface to slave interface in bridge (ether1 is bridged). But when I'm adding VLAN interface to bridge1 - I can't ping any resources with this interface and it seems the packets don't run.
Maybe my fundamental knowledge is not enough for doing this, or my Mikrotik knowledge is poor, but I'm stuck and need help. Thanks!

Re: Two ISP providers on two vlans in one interface + bridge

Posted: Tue Dec 03, 2019 10:37 am
by mkx
You have to create vlan interfaces off the bridge:

/interface vlan
add name=vlan10 interface=bridge1 vlan-id=10
add name=vlan20 interface=bridge1 vlan-id=20

and add bridge interface as tagged member of both VLANs

/interface bridge vlan
add bridge=bridge1 tagged=bridge1 vlan-ids=10,20

and then use vlan10 and vlan20 interfaces to configure whatever needed (static IP on vlan10, DHCP client on vlan20).

If you're using default firewall for SOHO devices, then be careful about /interface list members as those are used in firewall rules.