hi there

i'am currently stuck at a point of understanding the way how VLANs work in different ROS versions.
i know that VLAN config depends also on the hardware and if the device has a switch chip or not for HW offload.
to understand my question i will first explain the basement

if i understand it right there are basically two concepts of configuring VLANs on ROS:

1. a bridge for every vlan and vlan interfaces assigned to each ethernet interface, also called "legacy way" descriped here
2. one bridge with assigned ethernet interfaces and vlan interfaces descriped here

i know that these two ways are linked to the ROS version and the fact that HW offload is only available on the first bridge. but a device configured with the so called "legacy way" also works with ROS 6.42.7
my problem is now that i have two devices in my lab, one is configured with the so called "legacy way" on ROS 6.42.7 and one is configured with the "one bridge" way on ROS 6.42.7 and they doesn't work together - VLAN trunks doens't work and IP isn't seen on both connected devices.
when i configure both devices the same way - both with "legacy way" or both with "one bridge" - they see each other and the VLAN separation work and IP is working fine.

while i'am trying to figure it out myself i found a actual how-to (in german) which also introduces a way of adding VLAN interfaces to the bridge - which is not explained in the official miktrotik wiki - but the only way of adding separate networks to each VLAN. but using this concept also doesn't work together with a device configured the "legacy way".

hopefully somebody can explain me why two devices doesn't work together by using these to concepts?
when i torch on the trunk port i see packets with correct VLAN PIDs - but they do not "understand" each other.

// 32768

The "legacy" way you described was the way of doing it on devce without switch chip or if switch chip did not suport VLANs. The legacy way of doing it on devices with decent switch chips was to use /interface ethernet switch part of configuration and using single bridge ... the high-level config was the same as the "new", bridge vlan-filtering, way. Beware that even if your device does have switch chip, a few things might or might not work, such as hybrid ports (one or more tagged VLAN and one untagged that should be tagged in ingress and untagged on egress). Mixing tagged and untagged traffic on bridge can have some side effects as well.

This (switch-chip based VLAN setup) is still viable way of configuring it in ROS versions 6.42+.

There are a few topics on this forum with discussion about old and new ways, including this.

many thanx @mkx for the thread.
i will prepare a config example to better explain what i mean.

// 32768

Look at this thread:
viewtopic.php?f=2&t=138232#p681516

The top of the post shows the old way to do VLAN, and at the bottom, the new way.
It did take some time before I did get the grip of it.

@Jotne: many thanks for linking to that thread. some aspects from my question should be answered there. i'am still in the process of understanding the concepts.

my question comes more from the aspect that i wanted to use the vlan config the best way - also to use the hardware (switch chip) in its optimal way - if its there.
the first thing i struggled about was the fact that HW offload on some devices with switch chip is only possible on the first bridge. when mikrotik changed the vlan config in ROS to the "new way" my thought was that they wanted to give the user a possibility to achieve complex vlan configs by using only one bridge to benefit from the HW offload possibility.

when mikrotik changed the vlan config in ROS to the "new way" my thought was that they wanted to give the user a possibility to achieve complex vlan configs by using only one bridge to benefit from the HW offload possibility.

Everybody around here, including their dogs, have gut feeling that current implementation of VLANs on bridge is semi-finished job. Or so we hope. And that MT will go further with HW offload where possible (and with removing the /interface ethernet switch configuration section). Fact is that VLAN switching in the new way without HW acceleration works wire-speed only on devices with low number of ports (e.g. up to 5) and capable CPUs (e.g. ARM). And CRS3xx, it has HW support - if I'm not mistaken (I don't have one so I'm not trying to remember details about it).

So nowadays it is sensible to do it the old way with single bridge and VLAN config on switch chip. If switch chip features are enough for one's needs.