MikroTik

Hi to everyone,
I would to know if there is a way to have 2 vlan as an access port (untagged) on a single interface in 6.42.9 (new swtich implementation)
Thanks for support!

No. No way to know which LAN a packet is part of if they are both I tagged.



Sent from a $&@#% iPhone using Tapatalk

What are you trying to accomplish, without discussing solution space or design space or switch functionality.

How would you know which untagged packet needs to be tagged to which VLAN? What some do, is use MAC based VLAN. Thus, for example, packets with a MAC range of 000B82, (GrandStream phones), get put into VLAN 20.

So pcunite, without knowing the ops scenario but using the dare to speculate (mkx tact), lets assume he has two PCs or two devices that are going to be connected to an etherport (acting like an access port). The only way that can happen is via an unmanaged switch.

If so, what does etherport see in terms of MAC traffic?
Can it see the mac addresses associated with the devices, or does it see the mac addresses of the switch ports where the devices are connected or does it see the mac address of the switch port that connects to ether4????

I dont see how on my mikrotik devices to differentiate by mac address.
A quick look at SwOS and I see hosts and static hosts which detail mac addresses which could apply??

Via an unmanaged switch, what does the ether port see in terms of MAC traffic? Would it see mac addresses associated with local devices, or would it see mac addresses of the switch ports of locally connected devices, or would it see the mac address of the its own switch port connected to ether4?

I don't see a way, on my MikroTik devices, to differentiate by mac address.

Great question and points. I think that until the OP states his goals, my statement can still be a valid option if the goal is to support the scenario of plugging and unplugging things into an Access port. The MAC is therefore changing and you can respond to that in a dynamic way. Whether or not this is a good idea is up for debate.

Regarding your point about where a device MAC address might appear across switches, broadcast packets do send out the MAC address to every switch in the VLAN. But I don't know if there is a way to respond at the physical port level when that happens.

What are you trying to accomplish, without discussing solution space or design space or switch functionality.

I need to reach two different subnet with different vlanID on same broadcast domain, I need to do that temporarily before to route the subnet. I've read on some cisco forum that someone has achived this solution.
Many thanks anyway

I need to reach two different subnet with different vlanID on same broadcast domain, I need to do that temporarily before to route the subnet. I've read on some cisco forum that someone has achived this solution.

I wouldn't call that a solution, I would call it a misconfiguration.

Isn't that what happens when someone makes a mistake and connects a cable between two access ports configured in different vlans on two different switches?

For example, if sw1 port 1 has vlan 10 untagged and sw2 port 5 has vlan 20 untagged, and someone connects a cable between sw1 port 1 and sw2 port 5. Then sw1 port 1 thinks untagged frames received from vlan 20 belong in vlan 10, and sw2 port 5 thinks untagged frames received from vlan 10 belong to vlan 20.

I don't recommend doing this, especially if there are any possible loops in your ethernet.

There are no untagged "vlans" on an interface, only THE untagged vlan (singular, only one, assimilated to vlan 1). For a packet to make use of vlans, it has to have vlan info in it, and that info is called a tag. A port could be virtually associated to a vlan by the router or switch, so that its traffic is handled internally as part of that vlan, but on the wire itself, it is still the untagged vlan, without vlan info in it.

Isn't that what happens when someone makes a mistake and connects a cable between two access ports configured in different vlans on two different switches?

Wouldn't this be the solution? Take two unused ports, configure their untagged vids to the two vids in question, and then bridge them with an ethernet cable? This would forward each vlan's traffic to the other one. It's a dirty hack, but the OP mentioned it being only temporary anyway.

EDIT: "Independent VLAN Lookup" might have to be enabled since the same MAC addresses would show up on different VLANs.

If I understand the OP correctly, the closest you will get to this is called hybrid vlan config. This is where you have a port configured for vlan trunking i.e. tagged vlan (vlan 10 as ex) and same port also configured as an access port for vlan 20 untagged

To OP initial question: it can be done and is being done, and is based on mac based vlan assignment
see viewtopic.php?t=143692