FW: v6.42.2 (stable)

im having simple problem with 2 MikroTik CloudSW - CA5125-24G
Hyper-v -> nic teaming -> MicroTik1 -> Port 1,2
Hyper-v -> tagged vlan 10 (WIFI) -> MicroTik1 -> Port 3 (eg. VLAN Tag 10)
Bound port 23,24 (boundMT1) to MikroTik2 -> Port 23,24(boundMT2)
All working fine with this configuration.

HOW?
MikroTik2->Port1 untagg VLAN 10 to connect wifi AP
Tried every possible configuration to do that but not working..
If i put Cisco and connect to MikroTik2 -> port 2 and untagg VLAN 10 to xy port is not able to UNTAGG vlan 10
Something strange is here, MikroTik is mixing vlan 1 and vlan 10

Thanks in advance

When making Port 2 of Mikrotik 2 a member of the bridge in "/interface bridge port", set "pvid=10" while the default is "pvid=1".

If that does not help, put the output of "/export hide-sensitive" here, and if there are any public addresses in the configuration which you don't want to disclose, replace every occurrence of each of them in the configuration by a distinctive string like a.b.c.d (Ctrl-H is your friend here).

Thanks for help but the provided solution not working.
Please i need more help, i still have problems with that vlan 10. Just not working how it should
Its like there but its mixed. its not normal when i put cisco that i see all mac addresses on vlan10 and on vlan1...

The response is the same like last time, except that I've moved it to my automatic signature in the meantime. If you need assistance, provide the export of your existing configuration or send a crystal ball by s-mail, whichever is easier.

The response is the same like last time, except that I've moved it to my automatic signature in the meantime. If you need assistance, provide the export of your existing configuration or send a crystal ball by s-mail, whichever is easier.

Its not working. Or im doing something wrong.

• Press the [Terminal] button in Winbox
• Write export hide-sensitive file=cfg-export
• Press the [File] button in Winbox
• Download the file cfg-export.rsc
• Open the file in a text editor, replace anything what might identify you (public IP addresses, user and/or service names) with harmless but descriptive names (my.public.ip.1, my.username@service), copy all and paste it here between [code] and [/code] tags

There is much more to do than set pvid=10 on a VLAN-enabled bridge. As you haven't found how to do that at the relevant manual page, I assume you need a detailed setting for your parcticular setup.

• Press the [Terminal] button in Winbox
• Write export hide-sensitive file=cfg-export
• Press the [File] button in Winbox
• Download the file cfg-export.rsc
• Open the file in a text editor, replace anything what might identify you (public IP addresses, user and/or service names) with harmless but descriptive names (my.public.ip.1, my.username@service), copy all and paste it here between [code] and [/code] tags

There is much more to do than set pvid=10 on a VLAN-enabled bridge. As you haven't found how to do that at the relevant manual page, I assume you need a detailed setting for your parcticular setup.

Sindy, thank you for your answer.

I know how to untagg vlan. Thats not the problem. I have other vlans configured with tagg/untagg but not trunked over bounding (port23,24) to other switch.
The main problem is in MT1 port3, and pass vlan over bounding.
Exporting configuration rly no need. just type it down how this scenario can be done.

That's a legitimate opinion, but in such case you'll get just a list of common mistakes to look for.

1. when you use bonding, all the VLAN, IP etc. configuration must be attached to the bond, not to the member ports of the bond.
2. when you want to use hybrid ports (some VLANs tagged and one untagged on the same port), you have to use a completely configured vlan-filtering on a single bridge common for all VLANs, or you have to use one bridge per VLAN. The difference between the approaches is shown here for your case:

one bridge per vlan code

                                          bridge-vlan-10 --- (IP configuration)
ether1 ---tagged--- if-vlan-eth1-10 ---tagless--- |
ether2 ---tagged--- if-vlan-eth2-10 ---tagless--- |
bond0  ----------------tagless------------------- |

                                          bridge-vlan-20 --- (IP configuration)
ether1 ---tagged--- if-vlan-eth1-20 ---tagless--- |
ether2 ---tagged--- if-vlan-eth2-20 ---tagless--- |
bond0  ---tagged--- if-vlan-bnd0-20 ---tagless--- |

                                          bridge-vlan-30 --- (IP configuration)
ether1 ---tagged--- if-vlan-eth1-30 ---tagless--- |
ether2 ---tagged--- if-vlan-eth2-30 ---tagless--- |
bond0  ---tagged--- if-vlan-bnd0-30 ---tagless--- |

common bridge for all vlans var. 1 code

                                        bridge-all-vlans pvid=1
ether1 ----------tagging unchanged------------ | ---tagged--- if-vlan-10 ---tagless--- (IP configuration)
ether2 ----------tagging unchanged------------ | ---tagged--- if-vlan-20 ---tagless--- (IP configuration)
bond0  ----tagging unchanged except vlan 10--- | ---tagged--- if-vlan-30 ---tagless--- (IP configuration)

common bridge for all vlans var. 2 code

                                        bridge-all-vlans pvid=10
ether1 ----------tagging unchanged------------ | ---------------tagless--------------- (IP configuration)
ether2 ----------tagging unchanged------------ | ---tagged--- if-vlan-20 ---tagless--- (IP configuration)
bond0  --tagging unchanged including vlan 10-- | ---tagged--- if-vlan-30 ---tagless--- (IP configuration)

Access mode handling of VLAN 10 on bond0 is expressed by setting pvid=10 in /interface bridge port bridge=bridge-all-vlans interface=bond0 and by placing bond0 to the untagged list in /interface bridge vlan vlan-ids=10. Handling of VLAN 10 on the bridge itself is expressed by setting the pvid value of the bridge itself and by placing bridge-all-vlans to the tagged or untagged list in /interface bridge vlan for the vlan-ids matching the bridge's pvid. If the pvid of a member port matches the pvid of the bridge itself, the frames stay untagged on ingress and egress through that port, otherwise the difference is compensated. This is different as compared to traditional switches where no tagless frames can exist inside the switch.

I solve my problem by knowing only this.

1. when you use bonding, all the VLAN, IP etc. configuration must be attached to the bond, not to the member ports of the bond.

Thank you so much.