Community discussions

MikroTik App
 
edsme
just joined
Topic Author
Posts: 3
Joined: Fri Aug 26, 2022 11:42 pm

Forwad packets wit any tagged vlan id without having to confgure each vlan id?

Sat Aug 27, 2022 12:28 am

Hello,

my question is, how to forward vlan tagged packets of any vlan id without having to configure each vlan and assign it to the ports, where it should be accessible.

My usecase requires to have 3 vlans on some ports with port-based vlans (PVID). These have to be configured of course, that's what I'm aware of. Some dozen tagegd vlans are only for transit between a HCI cluster and a meraki core switch, where two CRS317 switches should be placed in between. The vlans setup as port-baed vlans with PVID are for management, 'cluster interface' and 'storage network'. On the interfaces that have the PVID set for the 'cluster interface' and the uplink port to the next switch would like have any tagged vlans being forwarded, without having to create and assign them in SwOS or RouterOS to ports. This would be much more practical for my colleagues who are not mikrotik aware, because they then only have to manage the vlans in the HCI and meraki environment, when the CRS317 could pass all through.

I'm not really sure, if this is possible and you can understand, what I'm trying to ask. The easy way, using all meraki equipment would cost about 14x the cost of two CRS317-1G-16S+RM, which I is pretty heavy for an environment, where most things are test lab setups.

Thanks for your ideas,
Markus, forum newbie
 
User avatar
k6ccc
Forum Guru
Forum Guru
Posts: 1490
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)
Contact:

Re: Forwad packets with any tagged vlan id without having to confgure each vlan id?

Sat Aug 27, 2022 7:52 pm

Are you using RouterOS or SwitchOS? And what version?
Both can be used with that device and the answers are massively different between the two operating systems.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11383
Joined: Thu Mar 03, 2016 10:23 pm

Re: Forwad packets wit any tagged vlan id without having to confgure each vlan id?  [SOLVED]

Sun Aug 28, 2022 9:59 am

In ROS it should be as easy as this:
/interface bridge vlan
add bridge=bridge tagged=trunk1,trunk2,trunk3 vlan-ids=500-4090

SwOS with its http GUI might make it more difficult to configure things (I've no idea it thus is actually the case, I've never used SwOS).
 
edsme
just joined
Topic Author
Posts: 3
Joined: Fri Aug 26, 2022 11:42 pm

Re: Forwad packets wit any tagged vlan id without having to confgure each vlan id?

Mon Aug 29, 2022 1:30 am

I guess for the sake of flexibility I'll choose RouterOS 7 latest stable. So the answer is to add all possible vlans ahead to the needed ports? Meanwhile I've found in the documentation sth. which may also work. Can you give me a recommendation or your opinion what you would prefer and why?

Unknown/Invalid VLAN filtering
https://help.mikrotik.com/docs/pages/vi ... Nfiltering
/interface ethernet switch
set forward-unknown-vlan=yes
/interface ethernet switch
set drop-if-invalid-or-src-port-not-member-of-vlan-on-ports=ether2,ether6
If I got it right, this would forward unknown vlans on all ports, except the ports where invalid/unknown vlan filtering is enabled in the last line? I have to test, if PVID settings than still works, but I guess they should.

Thanks a lot,
Markus
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11383
Joined: Thu Mar 03, 2016 10:23 pm

Re: Forwad packets wit any tagged vlan id without having to confgure each vlan id?

Mon Aug 29, 2022 8:51 pm

The config you posted is quite specific to certain type(s) of devices, "my" config is generic and will work on all devices with bridge vlan-filtering enabled. Your config does offer some security though.
 
edsme
just joined
Topic Author
Posts: 3
Joined: Fri Aug 26, 2022 11:42 pm

Re: Forwad packets wit any tagged vlan id without having to confgure each vlan id?

Thu Sep 01, 2022 3:24 pm

Thank you for your solution. As you've said, my intention was device specific for CRS2xx switches. The command does not exist in CRS3xx switches, what I did not noticed.

Who is online

Users browsing this forum: No registered users and 12 guests