Hi guys,
I have a CRS328-24P-4S and I cannot for the life me figure out the VLAN's.
I do not have any other switches comming into the Mikrotik. I am running RouterOS and not SwitchOS as I use the firewall capabilities.
My current network is running off a Ubiquity Access Point with no VLAN and I would like to seperate network traffic using VLAN's as per below:
1) WLAN1 - 192.168.16.0/24 - No VLAN currently (would like to add a VLAN 100)
2) WLAN2 (Guest) - 192.168.168.0/24 - VLAN 999
I have configured the bridge without VLAN filtering for the time being.
1) I have then added in the ports, but this is also were I get confused, if I add the physical port to the bridge it asks for a pvid, but I cannot add more than one pvid (do I need to add a pvid here? Or do I just leave it at deault?)
2) The bridge is configured as follows:
/interface bridge
add comment="Internal LAN" name=LAN-Bridge
/interface bridge port
add bridge=LAN-Bridge interface=ether1
add bridge=LAN-Bridge interface=ether2
add bridge=LAN-Bridge interface=ether3
add bridge=LAN-Bridge interface=ether4
add bridge=LAN-Bridge interface=ether5
add bridge=LAN-Bridge interface=ether6
add bridge=LAN-Bridge interface=ether7
add bridge=LAN-Bridge interface=ether8
add bridge=LAN-Bridge interface=ether9
add bridge=LAN-Bridge interface=ether10
add bridge=LAN-Bridge interface=ether11
add bridge=LAN-Bridge interface=ether12
add bridge=LAN-Bridge interface=ether13
add bridge=LAN-Bridge interface=ether14
add bridge=LAN-Bridge interface=ether17
add bridge=LAN-Bridge interface=ether18
add bridge=LAN-Bridge interface=ether19
add bridge=LAN-Bridge interface=ether20
add interface=ether24 (Not part of the bridge, this plugs into a internet router)
add bridge=LAN-Bridge interface=ether16
add bridge=LAN-Bridge interface=ether22
add bridge=LAN-Bridge interface=ether15
add bridge=LAN-Bridge interface=ether21 multicast-router=disabled
/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-pppoe=yes use-ip-firewall-for-vlan=yes
/interface bridge vlan
add bridge=LAN-Bridge tagged=sfp-sfpplus1,sfp-sfpplus2,LAN-Bridge untagged=ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,ether11,ether12,ether13,ether14,ether15,ether16,ether17,ether18,ether19,ether20,ether21,ether22,ether23 \
vlan-ids=100
add bridge=LAN-Bridge tagged=sfp-sfpplus1,sfp-sfpplus2,IOT_v999 untagged=ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,ether11,ether12,ether13,ether14,ether15,ether16,ether17,ether18,ether19,ether20,ether21,ether22,ether23 \
vlan-ids=999
add bridge=LAN-Bridge tagged=sfp-sfpplus1,sfp-sfpplus2,LAN-Bridge untagged=ether14,ether15 vlan-ids=200
add bridge=LAN-Bridge tagged=sfp-sfpplus1,sfp-sfpplus2,LAN-Bridge untagged=ether14,ether15 vlan-ids=300
3) When I enable VLAN filtering my DHCP server running on the Mikrotik no longer hands out IP addresses and so I cannot get and IP on the IOT VLAN, the 192.168.1.0/24 traffic continues to work.
I am not sure if I actually even need to tag the ports because as mentioned I do not have any upstream or downstream switches at this point.