Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

Two bridged vlans, same port, same L3 domain

Post Reply
 
icsterm
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 58
Joined: Sun Mar 11, 2018 11:11 pm

Two bridged vlans, same port, same L3 domain

Sun Jan 05, 2020 1:52 pm

Hi,

I am trying to have a PC with trunk capabilities use on a single NIC:
- the default untagged VID 1 - as 1st interface
- tagged VID 999 - as 2nd interface (using different generated MAC address)
- vlans should be bridged in the same L2 domain, L3 domain (same subnet and dhcp server) running on "BRIDGE" interface.

I've tried the new way using bridge filters, but it doesn't work, I get no packets on vlan 999 but everything works fine on vlan 1 (untagged 'no vlan' way).

Here is the config:
Code: Select all
/interface bridge
arp=enabled frame-types=admit-all \
ingress-filtering=no name=BRIDGE pvid=1 vlan-filtering=yes
/interface bridge vlan
add bridge=BRIDGE disabled=no tagged=LAN1 untagged=BRIDGE vlan-ids=999
Device: hAP ac2 ROS 6.46.1

My purpose is for making specific apps, such as qBitorrent, bind to a interface, because it's the only way I can force it to use the IKEv2 tunnel on the router by forcing a different source IP.
I would like to use a single local subnet for my whole network, that's why this is my preffered solution (by using two IP's in same subnet but on different interfaces).
Top
 
icsterm
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 58
Joined: Sun Mar 11, 2018 11:11 pm

Re: Two bridged vlans, same port, same L3 domain

Sun Jan 05, 2020 2:59 pm

Solution is:
-create vlan interface, add it to the physical port to the PC
-add vlan interface in bridge
Top
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11595
Joined: Thu Mar 03, 2016 10:23 pm

Re: Two bridged vlans, same port, same L3 domain

Sun Jan 05, 2020 3:08 pm

The big problem with your requirements is the requirement that same interface running two VLANs (untagged and 999) uses two distinct MAC addresses. It is not possible in ROS ... or at least not directly, vlan interfaces don't have own MAC addresses. But then I don't see necessity for two distinct MAC addresses, the only time LAN devices see RB's MAC address is when they communicate with RB (either directly or when they use it as gateway) ... and since you want to bridge both VLANs, RB would need single IP address (and thus single MAC address) for both VLANs.

BTW, when thinking about your description of purpose of having two VLANs bridged ... I don't think you actually need that. As you're using linux you can create an alias interface and bind second IP address from the same subnet (or another subnet if that makes configuration of RB easier) by configuring "interface" <real_interface>:<alias_name> (e.g. if your real interface is eth0, use eth0:qbt ...). The only remaining problem (not specific to this case at all, it's present whenever machine has multiple IP addresses) is how to ensure that random outgoing connections use "default" IP address. Supposedly the first interface (IP address) from the list of similarly ranked interfaces is used (I guess ranking is done according to routing cost, e.g. if IP addresses are from different subnets, the directly attached wins over gateway).
For specific services it shouldn't be a problem as you can bind a daemon to specific interface.
Top
Post Reply

Who is online

Users browsing this forum: No registered users and 54 guests
  4. RouterOS
  5. Beginner Basics