Community discussions

MikroTik App
 
mladenciric
just joined
Topic Author
Posts: 18
Joined: Thu Nov 14, 2013 2:26 pm

Advanced VLANs on Switch chip and Brige

Thu Apr 22, 2021 5:06 pm

Hello to all at this forum,
First to say that this post was not wrote only to ask questions, but also to give answers and config examples.
prolog: i have one fiber connection to ISP and block of public ip address which not routed to me, but they given by dhcp server on interface - this cause first problem because i must find solution to distribute public ip to hosts in LAN (public IP to servers). I have also dedicated fiber connection between HO and BO. Internet connection is on HO. At both location i have MikroTik routers and Cisco switches. Both location has to have separated LANs with different IP range which are routed by routers. LANs has to serve for PC, WiFI1, WiFi2, VoIP, Mngmt1,Mngmt2 etc. that is the second problem And for that purpose i decide to use VLANs. Because i have OnSite (HO) Servers and OffSite (BO) Servers and because this Servers has to have public IP i need to make L2 trunks for some VLANs to pass between location - and that is third problem
To clarify:
1- i must have L2 VLAN configuration: bridge with vlans and ethernet ports in bridge
2- i must have L3 IP configuration: all IP is on vlans
3- one port at each router must have IP, and to be allowed for access - emergency local access
First configuration i succeed was have common L2 misconfiguration: couple of bridges, vlans and ethernet in bridge, eoip and vlan in second bridge, vlans on ethernet interface ect. Obviously, i change that configuration immediately.
Current configuration uses VLANs on Bridge and VLAN Bridge filtering. At IP layer to achieved connectivity between IP ranges i decide to use OSPF routing protocols.
Topology
1.png
part of config R0:
/interface ethernet
set [ find default-name=ether1 ] comment="to R1" full-duplex=no name=ether1-p2p-fo1
set [ find default-name=ether2 ] comment="to SW0-1"
set [ find default-name=ether3 ] comment="to SW0-2"
set [ find default-name=ether4 ] comment="to Rsw0-1"
set [ find default-name=ether5 ] comment="to ISP" name=ISP
set [ find default-name=ether13 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment="Local Mgmt"

/interface vlan
add comment=VoIP interface=bridge-lan_vlans name=vlan4 vlan-id=4
add comment=LAN1 interface=bridge-lan_vlans name=vlan1 vlan-id=1
add comment=LAN3 interface=bridge-lan_vlans name=vlan3 vlan-id=3
add comment=LAN2 interface=bridge-lan_vlans name=vlan2 vlan-id=2
add comment=native interface=bridge-lan_vlans name=vlan999 vlan-id=999
add comment=Management interface=bridge-lan_vlans name=vlan99 vlan-id=99
add comment=WAN interface=bridge-lan_vlans name=vlan100 vlan-id=1000
add comment=p2p interface=bridge-lan_vlans name=vlan2000 vlan-id=2000

/interface bridge
add admin-mac=... auto-mac=no comment=VLANs\
    fast-forward=no name=bridge-lan_vlans vlan-filtering=yes

/interface bridge port
add bridge=bridge-lan_vlans interface=ether1-p2p-fo1 pvid=2000
add bridge=bridge-lan_vlans interface=ether2 pvid=9
add bridge=bridge-lan_vlans interface=ether3 pvid=9
add bridge=bridge-lan_vlans interface=ether4 pvid=9
add bridge=bridge-lan_vlans interface=ether5-Jotel pvid=1000

/interface bridge vlan
add bridge=bridge-lan_vlans tagged=\
    bridge-lan_vlans,ether1-p2p-fo1,ether2,ether3,ether4,ether5 \
    vlan-ids=3
add bridge=bridge-lan_vlans tagged=\
    bridge-lan_vlans,ether2,ether3,ether4,ether5 vlan-ids=1,999,99
add bridge=bridge-lan_vlans tagged=\
    bridge-lan_vlans,ether1-p2p-fo1,ether3,ether4 vlan-ids=4
add bridge=bridge-lan_vlans tagged=bridge-lan_vlans,ether1-p2p-fo1,ether3 \
    untagged=ether5 vlan-ids=1000
add bridge=bridge-lan_vlans tagged=\
    ether1-p2p-fo1,ether3,ether5,bridge-lan_vlans vlan-ids=10
add bridge=bridge-lan_vlans tagged=bridge-lan_vlans,ether1-p2p-NOC-fo1 \
    vlan-ids=2000
add bridge=bridge-lan_vlans tagged=\
    bridge-lan_vlans,ether3,ether5,ether1-p2p-fo1,ether7 vlan-ids=20
add bridge=bridge-lan_vlans tagged=\
    bridge-lan_vlans,ether1-p2p-NOC-fo1,ether2,ether3,ether4,ether5 \
    vlan-ids=2
    
part of config R1: similar as config R0
config Rsw1-1 and Rsw0-1 is the same and i choose to use vlans on switch chip because it will work only as a switches
/interface bridge
add name=bridge1
/interface ethernet
set [ find default-name=ether1 ] name=ether1-trunk
set [ find default-name=ether2 ] name=ether2-v10
set [ find default-name=ether3 ] name=ether3-v10
set [ find default-name=ether4 ] name=ether4-trunk
set [ find default-name=ether5 ] name=ether5-trunk
/interface vlan add interface=bridge1 name=vlan98 vlan-id=98
/interface ethernet switch port
set 0 vlan-header=add-if-missing vlan-mode=secure
set 1 default-vlan-id=10 vlan-header=always-strip vlan-mode=secure
set 2 default-vlan-id=10 vlan-header=always-strip vlan-mode=secure
set 3 vlan-header=add-if-missing vlan-mode=secure
set 4 default-vlan-id=98 vlan-header=leave-as-is vlan-mode=secure
/interface bridge port
add bridge=bridge1 interface=ether1-trunk
add bridge=bridge1 interface=ether2-v10
add bridge=bridge1 interface=ether3-v10
add bridge=bridge1 interface=ether4-trunk
add bridge=bridge1 interface=ether5-trunk
/interface ethernet switch vlan
add ports=ether1-trunk,switch1-cpu switch=switch1 vlan-id=99
add ports=ether1-trunk,ether4-trunk switch=switch1 vlan-id=10
add ports=ether1-trunk,ether2-v10,ether3-v10 switch=switch1 vlan-id=10
add ports=ether1-trunk,ether4-trunk switch=switch1 vlan-id=4
add ports=ether1-trunk,ether4-trunk switch=switch1 vlan-id=2

/ip address
add address=192.168.98.1/29 interface=vlan98 network=192.168.98.0
/ip route
add distance=1 gateway=192.168.98.1
Problems:
The problem i find here is that hw offload was not working. The problem is in fact that i have two switch chip on the RB and ports in the bridge was from both switch chip (both are 8327).
But the problem is also at R1 router which has only one switch chip (8316) where all ethernet ports are on same chip. I found that hw offload turn off at the moment when i use vlan filtering on bridge.
At Rsw0-1 and Rsw1-0 i have problems to have access to it using mgmt vlan. Also i find that RoMON don't work.
Also, i found many problems to make things working when i choose vlans on switch cip. Trying to pair devices with different switch chips (8136 and 7240 and 8227) and that is nightmare because they don't work at same way.

To be clear, the config i have now working, but i should improve it. Because of that i asking you folks how will you fulfill this ?
Does i have to configure all devices to use switch chips or to remain on bridge vlans on devices with router function (R0 and R1) and switch chip vlans on (Rsw0-1 and Rsw1-1) or to use bridge vlans on all devices?
Note that I expect high bandwidth demands on Rsw devices and it will be great to get maximum switch usage instead of cpu, because this device will act as switch.
Also I have to preserve RoMON function.
Finaly, i must to use all my ports on Rsw devices but also i should have one for local management as i said. To do that one port must be hybrid port (eg. ether5), that port and switch-cpu should be at the same vlan - I am unsuccessful to achieve that goal.
Note: Please don't recommend to use another deviceses or to buy another equipment that is not reason what i write here. I need solutions with devices which i own.
You do not have the required permissions to view the files attached to this post.
 
tdw
Forum Guru
Forum Guru
Posts: 1843
Joined: Sat May 05, 2018 11:55 am

Re: Advanced VLANs on Switch chip and Brige

Thu Apr 22, 2021 9:50 pm

Other than CRS3xx devices you can either use a VLAN-aware bridge without hardware switching, or a regular bridge with hardware switching.

The VLAN-aware bridge method is more straightforward and common across devices, however bridged traffic uses the CPU and may be a limiting factor on lower-powered devices.

The regular bridge method with hardware switching does provide wire-speed switching, but there are a number of limitations - the configuration differs between fast (10/100) and gigabit switch chips, fast (10/100) switch chips do not support hybrid (with an untagged plus one or more tagged VLANs) ports, some chips do not support VLANs at all, and there are specific issues on devices with multiple switch chips https://wiki.mikrotik.com/wiki/Manual:L ... itch_chips

As you are using VLAN1 you should take special care as it is the default PVID on interfaces including the bridge-to-CPU interface, consider changing the bridge PVID to one you do not use for tagged VLANs, or make the bridge tagged only:
/interface bridge
add admin-mac=... auto-mac=no comment=VLANs fast-forward=no frame-types=admit-only-vlan-tagged ingress-filtering=yes name=bridge-lan_vlans vlan-filtering=yes
 
mladenciric
just joined
Topic Author
Posts: 18
Joined: Thu Nov 14, 2013 2:26 pm

Re: Advanced VLANs on Switch chip and Brige

Fri Apr 23, 2021 9:47 am

Other than CRS3xx devices you can either use a VLAN-aware bridge without hardware switching, or a regular bridge with hardware switching.
Thank you for this information. I don't find that info at documentation or i don't understand it well.
If use vlan-aware bridge the HW offload is disabled no matter which switch chip device have?!
The VLAN-aware bridge method is more straightforward and common across devices, however bridged traffic uses the CPU and may be a limiting factor on lower-powered devices.

The regular bridge method with hardware switching does provide wire-speed switching, but there are a number of limitations - the configuration differs between fast (10/100) and gigabit switch chips, fast (10/100) switch chips do not support hybrid (with an untagged plus one or more tagged VLANs) ports, some chips do not support VLANs at all, and there are specific issues on devices with multiple switch chips https://wiki.mikrotik.com/wiki/Manual:L ... itch_chips
Yes i know by experience that switch chip config may be very confusing. I read all documentations i find at official pages.
At production i use devices with 1gbps ports, gigabit switch chips 8316 and 8327, but i also try another devices. some of them have 100mbps ports.
As you are using VLAN1 you should take special care as it is the default PVID on interfaces including the bridge-to-CPU interface, consider changing the bridge PVID to one you do not use for tagged VLANs, or make the bridge tagged only:
/interface bridge
add admin-mac=... auto-mac=no comment=VLANs fast-forward=no frame-types=admit-only-vlan-tagged ingress-filtering=yes name=bridge-lan_vlans vlan-filtering=yes
Yes. I am aware of that fact. I forgot to say that this is not my production config. Posted line of code are modified for question at forum. When i do modificatio i make mistake and wrote vlan-id=1 at production i don't use vlan-id=1 for neither of my vlans, even native vlan is not on vlan1.

Finally, what do you recommend to me as solution?
 
mladenciric
just joined
Topic Author
Posts: 18
Joined: Thu Nov 14, 2013 2:26 pm

Re: Advanced VLANs on Switch chip and Brige

Fri Apr 23, 2021 3:33 pm

!!! Update !!!
I decide to make some lab test. For that purpose i use RB450G as R1 and as Rsw1-1.
ether4 on R1 is connected to ether1 Rsw1-1
Config Rsw1-1:
/interface bridge
add name=bridge1
/interface ethernet
set [ find default-name=ether1 ] name=ether1-trunk
set [ find default-name=ether2 ] name=ether2-v10
set [ find default-name=ether3 ] name=ether3-v10
set [ find default-name=ether4 ] name=ether4-trunk
set [ find default-name=ether5 ] name=ether5-trunk
/interface vlan
add interface=bridge1 name=vlan55 vlan-id=55
add interface=bridge1 name=vlan99 vlan-id=99
/interface ethernet switch port
set 0 vlan-header=add-if-missing vlan-mode=secure
set 1 default-vlan-id=10 vlan-header=always-strip vlan-mode=secure
set 2 default-vlan-id=10 vlan-header=always-strip vlan-mode=secure
set 3 vlan-header=add-if-missing vlan-mode=secure
set 4 vlan-header=add-if-missing vlan-mode=secure
/interface bridge port
add bridge=bridge1 interface=ether1-trunk
add bridge=bridge1 interface=ether2-v10
add bridge=bridge1 interface=ether3-v10
add bridge=bridge1 interface=ether4-trunk
add bridge=bridge1 interface=ether5-trunk
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface ethernet switch vlan
add ports=ether1-trunk,switch1-cpu switch=switch1 vlan-id=99
add ports=ether1-trunk,ether4-trunk,ether5-trunk switch=switch1 vlan-id=10
add ports=ether1-trunk,ether2-v10,ether3-v10 switch=switch1 vlan-id=10
add ports=ether1-trunk,ether4-trunk,ether5-trunk switch=switch1 vlan-id=30
add ports=ether1-trunk,ether4-trunk,ether5-trunk switch=switch1 vlan-id=60
add ports=ether1-trunk,switch1-cpu switch=switch1 vlan-id=55
add ports=ether1-trunk,ether4-trunk,ether5-trunk switch=switch1 vlan-id=50
/ip address
add address=10.129.33.22/29 interface=vlan55 network=10.129.33.16
config R1:
/interface bridge
add name=bridge-vlans
/interface ethernet
set [ find default-name=ether1 ] name=ether1-t2HO
set [ find default-name=ether2 ] name=ether2-t2Sw
set [ find default-name=ether3 ] name=ether3-NAS
set [ find default-name=ether4 ] name=ether4-t2Sw-Hyp
/interface vlan
add interface=bridge-vlans name=vlan55 vlan-id=55
add interface=bridge-vlans name=vlan179 vlan-id=179
add interface=bridge-vlans name=vlan10 vlan-id=100
add interface=bridge-vlans name=vlan1111 vlan-id=1111
/interface ethernet switch port
set 0 vlan-header=add-if-missing vlan-mode=secure
set 1 vlan-header=add-if-missing vlan-mode=secure
set 2 vlan-mode=disabled
set 3 vlan-header=add-if-missing vlan-mode=secure
set 4 vlan-mode=disabled
/interface bridge port
add bridge=bridge-vlans interface=ether1-t2HO
add bridge=bridge-vlans interface=ether2-t2Sw
add bridge=bridge-vlans interface=ether4-t2Sw-Hyp
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface ethernet switch vlan
add ports=ether1-t2HO,ether2-t2Sw,ether4-t2Sw-Hyp switch=switch1 vlan-id=30
add ports=ether2-t2Sw,ether4-t2Sw-Hyp,switch1-cpu switch=switch1 vlan-id=55
add ports=ether1-t2PTel,ether4-t2Sw-Hyp switch=switch1 vlan-id=60
add ports=ether2-t2Sw switch=switch1 vlan-id=179
add ports=ether1-t2PTel,ether2-t2Sw switch=switch1 vlan-id=10
add ports=ether1-t2PTel,ether4-t2Sw-Hyp switch=switch1 vlan-id=15
add ports=ether1-t2PTel,ether4-t2Sw-Hyp switch=switch1 vlan-id=50
add ports=ether1-t2PTel,switch1-cpu switch=switch1 vlan-id=1111
/ip address
add address=10.129.33.17/29 interface=vlan55 network=10.129.33.16
add address=192.168.179.1/24 interface=vlan179 network=192.168.179.0
add address=192.168.10.1/24 interface=vlan10 network=192.168.10.0
add address=10.129.33.26/30 interface=vlan1111 network=10.129.33.24
add address=10.129.33.29/30 interface=ether3-NAS network=10.129.33.28
When i use only Rsw1-1 (ether1 is connected to the switch port trunk) i can have access to this device by vlan55 i decide to be management vlan. But when i connect R1 and Rsw1-1 with cable between trunk ports i can ping IP of vlan but i cannot access by this ip to the router neither from R1 itself.
Switching VLANs works but i have trouble to set access to the devices
 
tdw
Forum Guru
Forum Guru
Posts: 1843
Joined: Sat May 05, 2018 11:55 am

Re: Advanced VLANs on Switch chip and Brige

Fri Apr 23, 2021 7:55 pm

Rsw1-1 has no default route, so can only communicate with addresses in the 10.129.33.16/29 subnet. You could add
/ip route
add distance=1 gateway=10.129.33.17
 
mladenciric
just joined
Topic Author
Posts: 18
Joined: Thu Nov 14, 2013 2:26 pm

Re: Advanced VLANs on Switch chip and Brige

Sat Apr 24, 2021 9:49 am

Rsw1-1 has no default route, so can only communicate with addresses in the 10.129.33.16/29 subnet. You could add
/ip route
add distance=1 gateway=10.129.33.17
Ok. I see that. This line is missing.
But even i edit default route i cannot access to the device Rsw1-1 when i am behind R1 or at R1. It is very strange.
 
mladenciric
just joined
Topic Author
Posts: 18
Joined: Thu Nov 14, 2013 2:26 pm

Re: Advanced VLANs on Switch chip and Brige

Tue Apr 27, 2021 3:05 pm

UPDATE !!!
Here is configs when I use VLANs aware bridges at all routers.
When i make this configs everything work well, i have access to all my routers but i don't have hw offload function thus switch chips are not active and i have software switching.
R0 config:
/interface bridge
add frame-types=admit-only-vlan-tagged name=bridge-vlan pvid=9 \
    vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] speed=100Mbps
set [ find default-name=ether2 ] speed=100Mbps
set [ find default-name=ether3 ] speed=100Mbps
set [ find default-name=ether4 ] speed=100Mbps
set [ find default-name=ether5 ] speed=100Mbps
/interface vlan
add interface=bridge-vlan name=vlan30 vlan-id=30
add interface=bridge-vlan name=vlan60 vlan-id=60
add interface=bridge-vlan name=vlan111 vlan-id=111
add interface=bridge-vlan name=vlan999 vlan-id=999
add interface=bridge-vlan name=vlan1111 vlan-id=111

/ip pool
add name=dhcp_pool2 ranges=192.168.30.1-192.168.30.253
add name=dhcp_pool3 ranges=192.168.60.1-192.168.60.253
/ip dhcp-server
add address-pool=dhcp_pool1 authoritative=after-2sec-delay disabled=no \
    interface=ether2 name=dhcp1
add address-pool=dhcp_pool2 disabled=no interface=vlan3 name=dhcp2
add address-pool=dhcp_pool3 disabled=no interface=vlan6 name=dhcp3

/interface bridge port
add bridge=bridge-vlan ingress-filtering=yes interface=ether1 pvid=1111
add bridge=bridge-vlan frame-types=admit-only-vlan-tagged ingress-filtering=\
    yes interface=ether3 pvid=9
add bridge=bridge-vlan interface=ether4 pvid=30
/interface bridge vlan
add bridge=bridge-vlan tagged=bridge-vlan untagged=ether1 vlan-ids=1111
add bridge=bridge-vlan tagged=bridge-vlan,ether3 vlan-ids=999
add bridge=bridge-vlan tagged=bridge-vlan,ether3,ether1 untagged=ether4 \
    vlan-ids=30
add bridge=bridge-vlan tagged=bridge-vlan,ether3,ether1 vlan-ids=6
add bridge=bridge-vlan tagged=bridge-vlan,ether3 vlan-ids=111
/ip address
add address=10.10.30.25/30 interface=vlan1010 network=10.10.30.24
add address=192.168.30.254/24 interface=vlan3 network=192.168.30.0
add address=192.168.60.254/24 interface=vlan6 network=192.168.60.0
add address=10.10.30.1/28 interface=vlan111 network=10.10.30.0
/ip dhcp-server network
add address=192.168.30.0/24 dns-server=0.0.0.0 gateway=192.168.30.254
add address=192.168.60.0/24 dns-server=0.0.0.0 gateway=192.168.60.254
/routing ospf interface
add interface=vlan1111 network-type=point-to-point
add interface=vlan60 network-type=broadcast passive=yes
add interface=vlan30 network-type=broadcast passive=yes
/routing ospf network
add area=backbone network=10.10.30.0/28
add area=backbone network=10.10.30.24/30
add area=backbone network=192.168.30.0/24
add area=backbone network=192.168.60.0/24
/system identity
set name=R0

R1 config:
/interface bridge
add ingress-filtering=yes name=bridge-vlans pvid=9 vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] name=ether1-t2P
set [ find default-name=ether2 ] name=ether2-t2Sw
set [ find default-name=ether3 ] name=ether3-NAS
set [ find default-name=ether4 ] name=ether4-t2Sw-Hyp
/interface vlan
add interface=bridge-vlans name=vlan050 vlan-id=50
add interface=bridge-vlans name=vlan179 vlan-id=179
add interface=bridge-vlans name=vlan188 vlan-id=188
add interface=bridge-vlans name=vlan1111 vlan-id=1111

/interface bridge port
add bridge=bridge-vlans ingress-filtering=yes interface=ether1-t2P pvid=\
    1111
add bridge=bridge-vlans frame-types=admit-only-vlan-tagged ingress-filtering=\
    yes interface=ether2-t2Sw pvid=9
add bridge=bridge-vlans frame-types=admit-only-vlan-tagged ingress-filtering=\
    yes interface=ether4-t2Sw-Hyp pvid=9

/interface bridge vlan
add bridge=bridge-vlans tagged=bridge-vlans untagged=ether1-t2P vlan-ids=\
    1111
add bridge=bridge-vlans tagged=ether1-t2PTel,ether4-t2Sw-Hyp vlan-ids=\
    60,185,500
add bridge=bridge-vlans tagged=bridge-vlans,ether2-t2Sw vlan-ids=179
add bridge=bridge-vlans tagged=bridge-vlans,ether2-t2Sw,ether4-t2Sw-Hyp \
    vlan-ids=50
add bridge=bridge-vlans tagged=\
    bridge-vlans,ether1-t2P,ether2-t2Sw,ether4-t2Sw-Hyp vlan-ids=3
/interface ethernet switch vlan
add disabled=yes ports=ether1-t2P,ether2-t2Sw,ether4-t2Sw-Hyp switch=\
    switch1 vlan-id=30
add disabled=yes ports=ether2-t2Sw,ether4-t2Sw-Hyp,switch1-cpu switch=switch1 \
    vlan-id=50
add disabled=yes ports=ether1-t2P,ether4-t2Sw-Hyp switch=switch1 vlan-id=60
add disabled=yes ports=ether2-t2Sw switch=switch1 vlan-id=179
add disabled=yes ports=ether1-t2P,ether2-t2Sw switch=switch1 vlan-id=188
add disabled=yes ports=ether1-t2P,ether4-t2Sw-Hyp switch=switch1 vlan-id=\
    185
add disabled=yes ports=ether1-t2PTel,ether4-t2Sw-Hyp switch=switch1 vlan-id=\
    500
add disabled=yes ports=ether1-t2PTel,switch1-cpu switch=switch1 vlan-id=1111
/ip address
add address=10.10.30.17/29 interface=vlan05 network=10.10.30.16
add address=192.168.179.1/24 interface=vlan179 network=192.168.179.0
add address=192.168.188.1/24 interface=vlan188 network=192.168.188.0
add address=10.10.30.26/30 interface=vlan1010 network=10.10.30.24
add address=10.10.30.29/30 interface=ether3-NAS network=10.10.30.28

/routing ospf interface
add interface=vlan1111 network-type=point-to-point
add interface=vlan188 network-type=broadcast passive=yes
add interface=vlan179 network-type=broadcast passive=yes
/routing ospf network
add area=backbone network=10.10.30.24/30
add area=backbone network=10.10.30.16/29
add area=backbone network=192.168.188.0/24
add area=backbone network=192.168.179.0/24
/system identity
set name=R1
config Rsw1-1:
/interface bridge
add ingress-filtering=yes name=bridge1 pvid=9 vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] name=ether1-trunk
set [ find default-name=ether2 ] name=ether2-v185
set [ find default-name=ether3 ] name=ether3-v185
set [ find default-name=ether4 ] name=ether4-trunk
set [ find default-name=ether5 ] name=ether5-trunk
/interface vlan
add interface=bridge1 name=vlan05 vlan-id=50
/interface bridge port
add bridge=bridge1 interface=ether1-trunk
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
    ingress-filtering=yes interface=ether2-v185 pvid=185
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
    ingress-filtering=yes interface=ether3-v185 pvid=185
add bridge=bridge1 interface=ether4-trunk
add bridge=bridge1 interface=ether5-trunk
/interface bridge vlan
add bridge=bridge1 tagged=bridge1,ether1-trunk vlan-ids=50
add bridge=bridge1 tagged=ether1-trunk untagged=ether2-v185,ether3-v185 \
    vlan-ids=185
add bridge=bridge1 tagged=ether1-trunk,ether4-trunk,ether5-trunk vlan-ids=\
    30,60,500
/ip address
add address=10.10.30.22/29 interface=vlan050 network=10.10.30.16
/ip route
add distance=1 gateway=10.10.30.17
/system identity
set name=SW-Hyp-NOC
 
tdw
Forum Guru
Forum Guru
Posts: 1843
Joined: Sat May 05, 2018 11:55 am

Re: Advanced VLANs on Switch chip and Brige

Wed Apr 28, 2021 2:33 pm

If the performance of the vlan-aware bridges is sufficient the leave things as they are, otherwise you could look at converting some to use hardware switching.

As mentioned previously hardware switching with hybrid ports is supported only by some gigabit switch chips (QCA8337, Atheros8327), it is not possible with the other gigabit switch chips (Atheros8316, MT7621, RTL8367) or any of the fast (10/100) switch chips.

Who is online

Users browsing this forum: cdblue, madstupid and 46 guests