No, this does not agree with the example configuration MikroTik posted on their wiki.
Yes, you are right. It's not exactly the example described in the manual. That's one reason why I posted my question/setup/example here.
In the meantime I tried to configure the switch (trying again to understand the configuration scheme) but I'm not done yet.
Obviously I'm still missing something...
One remark: I had to remove the ports from the default "bridge" first, Hence I couldn't find out how to do it in command line I used the WebGUI - sorry for that ;-)
Afterwards I did:
/interface bridge
add name=bridge1 vlan-filtering=yes
/interface bridge port
add bridge=bridge1 interface=ether13 hw=yes pvid=999
add bridge=bridge1 interface=ether14 hw=yes pvid=999
add bridge=bridge1 interface=ether15 hw=yes pvid=999
add bridge=bridge1 interface=ether16 hw=yes pvid=999
add bridge=bridge1 interface=ether17 hw=yes pvid=999
add bridge=bridge1 interface=ether18 hw=yes pvid=999
add bridge=bridge1 interface=ether19 hw=yes pvid=999
add bridge=bridge1 interface=ether20 hw=yes pvid=999
add bridge=bridge1 interface=ether21 hw=yes pvid=999
add bridge=bridge1 interface=ether22 hw=yes pvid=999
add bridge=bridge1 interface=ether23 hw=yes pvid=999
add bridge=bridge1 interface=ether24 hw=yes pvid=999
/interface bridge vlan
add bridge=bridge1 tagged=ether13 untagged=ether21,ether22,ether23,ether24 vlan-ids=104,105
/interface ethernet switch rule
add switch=switch1 ports=ether21 src-mac-address=B8:27:eb:11:11:11/FF:FF:FF:FF:FF:FF new-vlan-id=104
add switch=switch1 ports=ether22 src-mac-address=B8:27:eb:11:11:11/FF:FF:FF:FF:FF:FF new-vlan-id=104
add switch=switch1 ports=ether23 src-mac-address=B8:27:eb:11:11:11/FF:FF:FF:FF:FF:FF new-vlan-id=104
add switch=switch1 ports=ether24 src-mac-address=B8:27:eb:11:11:11/FF:FF:FF:FF:FF:FF new-vlan-id=104
add switch=switch1 ports=ether21 src-mac-address=18:60:24:11:11:11/FF:FF:FF:FF:FF:FF new-vlan-id=105
add switch=switch1 ports=ether22 src-mac-address=18:60:24:11:11:11/FF:FF:FF:FF:FF:FF new-vlan-id=105
add switch=switch1 ports=ether23 src-mac-address=18:60:24:11:11:11/FF:FF:FF:FF:FF:FF new-vlan-id=105
add switch=switch1 ports=ether24 src-mac-address=18:60:24:11:11:11/FF:FF:FF:FF:FF:FF new-vlan-id=105
VLAN id 999 is the default port VLAN (for fallback or "unknown" devices)
I used two VLAN 104 and 105 for my example.
I connected one device to port 23, the other to port 24.
I also tried to circumvent possible broadcast issues by configuring fixed IP-address according to the VLANs ip-range.
Than I tried to ping the VLAN gateway (what is the routers VLAN interface).
Port 13 is the trunk port that should forward tagged packets to the router.
You will guess it: I failed.
Means it doesn't work.
Sniffing on Ports 13 and 23/24 shows packets but none of it has a VLAN ID set.
I would expect at least VLAN IDs on port 13.
What did I miss or is it simply a totally wrong approach?
Thanks and best regards,
HF
EDIT: I recognized that the display of sniffed packets in Mikrotiks WebGUI doesn't show VLAN tag even if it is present.
I was trying to ping from router's VLAN IF to the client with the static IP and captured with wireshark on the host of OPNSense VM as well as on the switch itself but this time to a pcap file.
Both show the VLAN tag 105 .
The Packet view in WebGUI doesn't. Maybe it's a bug...
Anyway, I don't get it to work to just ping the fixed IPs of each device nor vice versa.