Community discussions

MikroTik App
  4. RouterOS
  5. General

Switch and bridged VLANs

Post Reply
 
SwissWISP
Member Candidate
Member Candidate
Topic Author
Posts: 186
Joined: Fri Sep 23, 2011 12:16 pm

Switch and bridged VLANs

Mon May 02, 2016 12:18 pm

Hi all,

I've got a Router which has a "native" VLAN and a tagged VLAN (id=2) on ether1. The tagged vlan is bridged with ether3 so it's untagged on ether3. Ether2 should work the same way as ether1 so I set ether1 as "master-port". It works, but my question is, is this the way it's meant to work? My feeling is that the proper way to do this, is to configure the VLANs on ether2 too and bridge them like ether1. But the performance would be lower that way for the "native VLAN". What do you think?

Config:


/interface ethernet
set [ find default-name=ether1 ] name=ether1
set [ find default-name=ether2 ] name=ether2 master-port=ether1
set [ find default-name=ether2 ] name=ether3

/interface vlan
add interface=ether1 name=ether1_vlan2 vlan-id=2

/interface bridge port
add bridge=bridge-local interface=ether1_vlan2
add bridge=bridge-local interface=ether3


- Mat
Top
 
efaden
Forum Guru
Forum Guru
Posts: 1708
Joined: Sat Mar 30, 2013 1:55 am
Location: New York, USA

Re: Switch and bridged VLANs

Mon May 02, 2016 7:08 pm

What model is this on? Realistically you want to do as much as you can in the switch chip if your router has one. You're correct in thinking that the "master-port" method for ether2 will be faster than a bridge. This is because it is done in the switch chip instead of the main processor. The downside with the way it is setup right now is that theoretically ether2 is also going to get all of the tagged vlan packets for ether3 (or at least "could" get them).

Depending on the switch chip you have you may actually be able to tag/untag everything in the switch and not use bridges at all. As soon as you use a bridge your going to loose some speed since it utilizes the CPU. The switch chip on the other hand is wire speed. That's actually a major upside to the CRS series since you can do a lot of VLAN manipulation/ACLs/etc in the switch chip itself at wire speed.
Top
 
efaden
Forum Guru
Forum Guru
Posts: 1708
Joined: Sat Mar 30, 2013 1:55 am
Location: New York, USA

Re: Switch and bridged VLANs

Mon May 02, 2016 7:09 pm

See: http://wiki.mikrotik.com/wiki/Manual:Sw ... p_Features
Top
 
SwissWISP
Member Candidate
Member Candidate
Topic Author
Posts: 186
Joined: Fri Sep 23, 2011 12:16 pm

Re: Switch and bridged VLANs

Tue May 03, 2016 10:17 am

The model in question is the RB951G. The problem is that I need to apply firewall rules between ether1 (Uplink) and ether2/ether3 so I have to use the bridge.
Ok, so it looks like it's the right way to do what I want... :)

- Mat
Top
 
efaden
Forum Guru
Forum Guru
Posts: 1708
Joined: Sat Mar 30, 2013 1:55 am
Location: New York, USA

Tue May 03, 2016 10:34 am

Yeah. If you need firewall rules beyond the rules offered in the switch chip then yes you need to use bridge. Otherwise if you use the switch chip the packets will just go through the switch chip and the main processor won't ever see them.

Sent from my XT1575 using Tapatalk
Top
Post Reply

Who is online

Users browsing this forum: Fi011, iDaemon and 215 guests
  4. RouterOS
  5. General