Found a couple older posts on this but none that solved it... Using an RB750. On the WAN port, it has untagged Internet connection (with static public IP) and a tagged vlan5 management VLAN. LAN side of the router has ether2-5 bridged together with a private DCHP server and NAT running. All works great. Created vlan5 and attached it to the WAN port (ether1). Assigned an IP to that vlan5 interface from the private management pool. Works and is assessable from the WAN side to monitor and manage the RB750.

What I am trying to accomplish is to pass vlan5 through the router to the LAN side as well so we can monitor the network switch attached to the RB750 on the management VLAN. The switch is set up with vlan5 and has an IP assigned to it. But, I can't get vlan5 to pass through the RB750. I want to avoid building a bridge due to CPU use and the fact we have DHCP servers on both sides of the router.

I thought I could do this with the switch in the RB750 and build a VLAN, assign it to the WAN and LAN side and call it good:
I also set the switch to "switch all ports". However, this is not passing vlan5 through tagged from the WAN to the LAN.

You can add second ip address to vlan5 on mikrotik and dstnat to lan switch through this ip


Yours respectfully!

Quite a bit wrong in your config .

First If you make a bridge and put interfaces in bridge than add IP on bridge not interface ether2. You wont be able to do what you want using Switch chip.. Well maybe you could (WAN-VLAN10, Mngt-VLAN5, LAN-Vlan1) but it would be more complicated.
If you are not using latest 6.41RC then you dont need to add ether2-5 in bridge but you must use master/slave interfaces ..
If you would like to use Bridge than make another bridge-Management and add another VLAN interface on top of bridge1 (VLAN5 - MGT-LAN).
Now put both interfaces (vlan5 -MGT and the new VLAN5 - MGT-LAN) on to it.
And that is all.

If going into swicth chip you must make one port master and all other slaves.
1. Assigns one VLAN to WAN and make it a access port (Always strip) and put VLAN interface on master port with this VLAN
2. Assign second VLAN to ports 2-5 and make them access ports (always strip) and put VLAN interface on master port with this VLAN to assign LAN network
3. Assign VLAN5 to port 1 (WAN) and the port you want to have tagged VLAN5 on LAN (2-5 .. just one or all..depends on your situation and needs). Make this port tagged (add if missing) or hybrid
4. Add VLAN interface on top of master port and assign IP for management

With this config everything is done in Switch chip..Routing between VLAN-s goes through CPU so you have to assign switch1-cpu to all VLANs.
Check this Wiki page for details:
https://wiki.mikrotik.com/wiki/Manual:S ... p_Features

Thanks for the help. I did start off as master/slave on the LAN side and then built a bridge. Forgot to move the LAN IPs to the bridge from the master port. My bad - thanks for catching. I'll try building a bridge for management. I'm not sure I am following you 100% on how to handle the mgt bridge and mgt vlans...

Build vlan5-WAN interface and assign to WAN physical port. Then build vlan5-LAN interface and assign it to LAN bridge. Then build a mgt bridge that includes vlan5-WAN and vlan5-LAN interfaces??

Yes exactly like that..