Community discussions

 
User avatar
hgonzale
Member Candidate
Member Candidate
Topic Author
Posts: 267
Joined: Thu Nov 06, 2014 1:12 pm
Location: Fuengirola, Spain
Contact:

VLANS+2 Bridges + 2 DHCP

Thu Dec 27, 2018 2:37 pm

Hello my friend, me continuing with learning VLANs and saying THANK YOU too all my friends teaching me (you included)

What is my idea/config, and this post is for correcting me, because is working, I think with little troubles (duplicated packets and sometime the dhcp giving wrong ip address).

What is the config I want.

Main router/DHCP server: RB2011.
Two LANS. 192.168.10.x (my network) and 192.168.12.x (friends network).
This equipment has 192.168.10.1 and 192.168.12.1
The link (trunk I think so) is on eth9 between rb2011 and rb493 (next equipment)

On eth10 a RB493 connected to the 2011 using eth1.
In the 493 and need in eth2, 3, 4, 5, 6, 7, 8 and 9 must be on DHCP server 2 ( 192.168.12.x from the RB2011) (all my friend are connected by wire to this equipment) and the wlan must be part of 192.168.10.x (is my wireless device).

I did some configuration and I will explain here.

Please, any advice, correction is welcome...

RB2011 interested config.

/interface bridge


add admin-mac=00:0C:42:BC:80:2B auto-mac=no fast-forward=no igmp-snooping=yes name=bridge-local protocol-mode=none

/interface ethernet
set [ find default-name=ether1 ] comment="WAN Port FTTH" loop-protect=on name=ether1-gateway
set [ find default-name=ether2 ] comment=Homero name=ether2-master-local
set [ find default-name=ether3 ] comment="VoIP Habitacion Morado" name=ether3-slave-local
set [ find default-name=ether4 ] advertise=10M-half,10M-full,100M-half,100M-full comment="Backup computer" loop-protect=on name=ether4-slave-local
set [ find default-name=ether5 ] comment=Libre name=ether5-slave-local
set [ find default-name=ether6 ] comment="PLC / Sony Vaio" name=ether6-master-local
set [ find default-name=ether7 ] comment=Canal+ name=ether7-slave-local
set [ find default-name=ether8 ] comment="PS3 / Homero cuando esta en hab" name=ether8-slave-local
set [ find default-name=ether9 ] comment="Clientes Red 12. Switch" loop-protect=on name=ether9-slave-local
set [ find default-name=ether10 ] comment="Cableado al techo" name=ether10-slave-local poe-out=off
set [ find default-name=sfp1 ] disabled=yes

/interface vlan
add interface=ether9-slave-local name=vlan-300-eth9 use-service-tag=yes vlan-id=300

/interface ethernet switch port
set 7 default-vlan-id=100
set 8 default-vlan-id=100
set 9 default-vlan-id=100 vlan-header=add-if-missing
set 10 default-vlan-id=100

/interface bridge port
add bridge=bridge-local interface=ether6-master-local pvid=100
add bridge=bridge-local hw=no interface=sfp1 pvid=100
add bridge=bridge-airbnb interface=airbnb
add bridge=bridge-local interface=wlan1 pvid=100
add bridge=bridge-local interface=amer-sup
add bridge=bridge-local interface=ether2-master-local pvid=100
add bridge=bridge-local interface=ether3-slave-local pvid=100
add bridge=bridge-local interface=ether4-slave-local pvid=100
add bridge=bridge-local interface=ether5-slave-local pvid=100
add bridge=bridge-local interface=ether7-slave-local pvid=100
add bridge=bridge-local interface=ether8-slave-local pvid=100
add bridge=bridge-local hw=no interface=ether9-slave-local pvid=100
add bridge=bridge-local interface=ether10-slave-local pvid=100
add bridge=bridge-local disabled=yes interface=vlan-100-eth9

/interface bridge vlan
add bridge=bridge-local tagged=vlan-100-eth9 untagged="bridge-local,ether2-master-local,ether3-slave-local,ether4-slave-local,ether5-slave-local,et\
her6-master-local,ether7-slave-local,ether8-slave-local,ether10-slave-local,wlan1,ether9-slave-local" vlan-ids=100

/ip dhcp-server
add address-pool=Dhcp1 disabled=no interface=bridge-local lease-time=4h name=server-local
add address-pool=dhcp2 disabled=no interface=vlan-300-eth9 lease-time=8h name=server-clientes

-----------------------------------------

Now the RB493

/interface bridge
add admin-mac=D4:CA:6D:40:1A:68 auto-mac=no fast-forward=no name=bridge-clientes protocol-mode=none
add fast-forward=no name=bridge-local protocol-mode=none

/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n disabled=no distance=indoors frequency=2442 mode=ap-bridge name=wireless-01-24 \
ssid=amertrade vlan-id=100 wps-mode=disabled

/interface ethernet
set [ find default-name=ether1 ] comment="Link a MAIN Mikrotik"
set [ find default-name=ether2 ] comment="Elio A14" name=ether2-master
set [ find default-name=ether3 ] comment="Groove AP (ex-teletronics)" name=ether3-slave
set [ find default-name=ether4 ] comment="Artem + A33 + A32 + A26" name=ether4-slave
set [ find default-name=ether5 ] comment="Ubiquiti 2 AP" name=ether5-slave
set [ find default-name=ether6 ] comment=Danado name=ether6-slave
set [ find default-name=ether7 ] comment=Rebeca name=ether7-slave
set [ find default-name=ether8 ] comment=Suomi name=ether8-slave
set [ find default-name=ether9 ] name=ether9-slave

/interface vlan
add interface=ether1 name=vlan-100-eth1 use-service-tag=yes vlan-id=100
add interface=ether3-slave name=vlan-100-eth3 use-service-tag=yes vlan-id=100
add interface=ether1 name=vlan-300-eth1 use-service-tag=yes vlan-id=300
add disabled=yes interface=ether5-slave name=vlan-300-eth5 use-service-tag=yes vlan-id=300


/interface bridge port
add bridge=bridge-local interface=ether1
add bridge=bridge-clientes interface=ether2-master pvid=300
add bridge=bridge-local interface=wireless-01-24 pvid=100
add bridge=bridge-clientes interface=ether3-slave pvid=300
add bridge=bridge-clientes interface=ether4-slave pvid=300
add bridge=bridge-local interface=ether5-slave pvid=300
add bridge=bridge-clientes interface=ether6-slave pvid=300
add bridge=bridge-clientes interface=ether7-slave pvid=300
add bridge=bridge-clientes interface=ether8-slave pvid=300
add bridge=bridge-clientes interface=ether9-slave pvid=300
add bridge=bridge-clientes ingress-filtering=yes interface=vlan-300-eth1 pvid=300
add bridge=bridge-local interface=vlan-100-eth3 pvid=300
add bridge=bridge-local disabled=yes interface=vlan-100-eth1 pvid=100

/interface bridge vlan
add bridge=bridge-clientes tagged=vlan-300-eth1,ether1 untagged=\
bridge-clientes,ether2-master,ether4-slave,ether5-slave,ether7-slave,ether8-slave vlan-ids=300
add bridge=bridge-local tagged=vlan-100-eth1,vlan-100-eth3,ether1 untagged=bridge-local,wireless-01-24 vlan-ids=100


PD eth4 and eth5 are wireless equipment, other history, doesn't matter now.....

Please, look the config and any advice will be appreciated ...

Thank you
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 1154
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: VLANS+2 Bridges + 2 DHCP

Thu Dec 27, 2018 3:44 pm

Can you please use code tags for your post
Like this
(edit older post as well)
 
How to use Splunk to monitor your MikroTik Router

MikroTik->Splunk
 
 
Dude2048
Frequent Visitor
Frequent Visitor
Posts: 52
Joined: Thu Sep 01, 2016 4:04 pm

Re: VLANS+2 Bridges + 2 DHCP

Thu Dec 27, 2018 3:55 pm

You can use capsman for the wireless question
 
sindy
Forum Guru
Forum Guru
Posts: 3527
Joined: Mon Dec 04, 2017 9:19 pm

Re: VLANS+2 Bridges + 2 DHCP  [SOLVED]

Fri Dec 28, 2018 12:54 pm

@hgonzale, I'm afraid you need to work on your chaos calming capabilities.

You say you've quoted the relevant part from your configuration exports, but it's actually inconsistent so some parts must be missing:
  • your /interface bridge section defines a single bridge while the /interface bridge port section refers to two.
  • your /interface vlan section defines a single vlan interface vlan-300-eth9 while the /interface bridge vlan section refers to vlan-100-eth9 and there is no row with vlan-ids=300 at all

Besides, the rows in /interface bridge vlan section only work for bridges with vlan-filtering=yes, and so do the pvid items of the rows in /interface bridge port. So with your current settings, where bridge bridge-local has vlan-filtering set to the default value no, the frames coming in via ether1-ether8 are not tagged with VID=100 and make it to the bridge still tagless. Which is consistent with having the IP address and dhcp server attached to the bridge rather than a (non-existent) vlan interface with vlan-id=100 interface=bridge-local.

As I've already written elsewhere:
  • one basic approach is to have a bunch of bridges, one per each VID used, on which everything runs tagless, attach an /interface vlan to every physical interface through which that VLAN's frames shoud pass tagged, and make the physical interfaces and /interface vlans member ports of the VLANs' bridges as needed. This approach is sometimes called a "port-based VLAN" because if you don't use trunk or hybrid ports at all, it doesn't require any tagging
  • another basic approach is to have a single bridge on which frames belonging to all VLANs except one run tagged, and just a single /interface vlan per each VLAN which requires local L3 access.

In rare cases, e.g. when stacked VLAN tags (also known as QinQ) need to be used, these two basic approaches can be combined.

The examples below show both ways of implementing the same scenario - two VLANs, VID 100 and VID 200, each of which has a local L3 configuration attached to it and both of which use ether3 and ether4 as trunk ports; there is a single access port ether1 for VLAN 100 and a single access port ether2 for VLAN 200.

Symbols used:

-| path of tagless frames
=║ path of tagged frames
... IP configuration attachment to object
o interconnection (port membership in a bridge)
+ isolated crossing
gray default value important for the configuration

The one-bridge-per-VLAN approach looks like this:

ascii-art code

                         br-vlan100    br-vlan200

                              |             |
ether1 -----------------------o             |
                              |             |
ether2 -----------------------+-------------o
                              |             |
           ,if vlan e3-v100 --o             |
ether3 ==={                   |             |
           `if vlan e3-v200 --+-------------o
                              |             |
           ,if vlan e4-v100 --o             |
ether4 ==={                   |             |
           `if vlan e4-v200 --+-------------o
                              |             |
                              o................. ip address x.x.x.x/X
                              |             |
                              |             o... ip address y.y.y.y/Y
                              |             |


/interface bridge
add name=br-vlan100 vlan-filtering=no
add name=br-vlan200 vlan-filtering=no

/interface vlan
add name=e3-v100 interface=ether3 vlan-id=100
add name=e3-v200 interface=ether3 vlan-id=200
add name=e4-v100 interface=ether4 vlan-id=100
add name=e4-v200 interface=ether4 vlan-id=200

/interface bridge port
add bridge=br-vlan100 interface=ether1
add bridge=br-vlan100 interface=e3-v100
add bridge=br-vlan100 interface=e4-v100
add bridge=br-vlan200 interface=ether2
add bridge=br-vlan200 interface=e3-v200
add bridge=br-vlan200 interface=e4-v200

/ip address
add address=x.x.x.x/X interface=br-vlan100
add address=y.y.y.y/Y interface=br-vlan200



The common-bridge-for-all-VLANs approach looks like this:

ascii-art code

                                  br-all
                                     ║
ether1 --- pvid 100 =================o
                                     ║
ether2 --- pvid 200 =================o
                                     ║
ether3 ==============================o
                                     ║
ether4 ==============================o
                                     ║
                                     o===== if vlan v100 .... ip address x.x.x.x/X
                                     ║
                                     o===== if vlan v200 .... ip address y.y.y.y/Y
                                     ║

/interface bridge
add name=br-all vlan-filtering=yes

/interface vlan
add name=v100 interface=br-all vlan-id=100
add name=v200 interface=br-all vlan-id=200

/interface bridge port
add bridge=br-all interface=ether1 pvid=100
add bridge=br-all interface=ether2 pvid=200
add bridge=br-all interface=e3 pvid=1
add bridge=br-all interface=e4 pvid=1

/interface bridge vlan
add vlan-ids=100 bridge=br-all tagged=br-all,ether3,ether4 untagged=ether1
add vlan-ids=200 bridge=br-all tagged=br-all,ether3,ether4 untagged=ether2

/ip address
add address=x.x.x.x/X interface=v100
add address=y.y.y.y/Y interface=v200
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 1154
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: VLANS+2 Bridges + 2 DHCP

Fri Dec 28, 2018 3:01 pm

@Sindy
You do amaze me with your well formulated and detailed explaining post.
Your "Visio" diagram is excellent :)
 
How to use Splunk to monitor your MikroTik Router

MikroTik->Splunk
 
 
mkx
Forum Guru
Forum Guru
Posts: 2482
Joined: Thu Mar 03, 2016 10:23 pm

Re: VLANS+2 Bridges + 2 DHCP

Fri Dec 28, 2018 3:09 pm

Excelent, sindy.

The only thing missing from the last ASCII art is the implicit untagged if br-all ... people often get confused because the dual-personnality of bridge is well camouflaged.
BR,
Metod
 
sindy
Forum Guru
Forum Guru
Posts: 3527
Joined: Mon Dec 04, 2017 9:19 pm

Re: VLANS+2 Bridges + 2 DHCP

Fri Dec 28, 2018 7:29 pm

The only thing missing from the last ASCII art is the implicit untagged if br-all ... people often get confused because the dual-personnality of bridge is well camouflaged.
I've deliberately excluded that aspect from the post because the possible handling of one VLAN as tagless in the common-bridge-for-all-vlans approach adds unnecesary complexity until you grasp the basic concept. And it also ruins the graphical distinction between the approaches in the ascii-art, as in this case also tagless frames exist on the br-all.

I've explained that aspect in a post in some other topic but I was unable to find it now. So: ingress tagged frames whose VID matches bridge's own pvid value get untagged as coming in via trunk ports so they run tagless on the bridge, and get tagged on egress through trunk ports. Ingress tagless frames stay tagless if they come in via a port whose pvid matches the one of the bridge, and remain tagless on egress through another such port. So while on a "normal" managed switch no tagless frames exist internally, on Mikrotik one VLAN would have to be tagless internaly if all 4094 possible VIDs would be used (VID 0 and 4095 are reserved values which cannot be used to identify a particular VLAN).

Some more aspects are is missing here, especially the various flavours of STP and their relationship to VLANs and VLAN tags, but I think they are out of the focus of this topic.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
User avatar
pcunite
Forum Veteran
Forum Veteran
Posts: 945
Joined: Sat May 25, 2013 5:13 am
Location: USA

Re: VLANS+2 Bridges + 2 DHCP

Sat Dec 29, 2018 12:50 am

Sindy, take a look at my post here which asks essentially the same question. I think it is an extremely common configuration and one that should be really understood by the group here. I need to understand it better.

Thoughts?
 
User avatar
hgonzale
Member Candidate
Member Candidate
Topic Author
Posts: 267
Joined: Thu Nov 06, 2014 1:12 pm
Location: Fuengirola, Spain
Contact:

Re: VLANS+2 Bridges + 2 DHCP

Sun Dec 30, 2018 4:53 am

Thank you a lot to everyone. I will make changes and try to learn a little bit more in these "holidays".
I will keep you updated!
A big hug
 
User avatar
hgonzale
Member Candidate
Member Candidate
Topic Author
Posts: 267
Joined: Thu Nov 06, 2014 1:12 pm
Location: Fuengirola, Spain
Contact:

Re: VLANS+2 Bridges + 2 DHCP

Sun Dec 30, 2018 12:33 pm

Hello all my friends... First, I hope you are going to have a nice happy new year.
Second, yesterday I was until 4 am reading and understanding and I think in my house I did well (you will review it now). I learn about: Add service Tag.. I was thinking is ADD the TAg, and not, is ALLOW the VLAN inside VLAN. Really, I don't need.....

Here my new confing and everything is working now, not loopback... access to all equipment and my neighbors happy happy.

I am using just 1 VLAN for ID 300, and leaving my "traffic" without any VLAN. Maybe it could be better, you are the expert and I am just learning..

Config at RB2011

/interface bridge
add fast-forward=no name=bridge-airbnb
add disabled=yes fast-forward=no igmp-snooping=yes name=bridge-clientes priority=0x8001
add admin-mac=00:0C:42:BC:80:2B auto-mac=no fast-forward=no igmp-snooping=yes name=bridge-local

/interface ethernet
set [ find default-name=ether1 ] comment="WAN Port FTTH" loop-protect=on name=ether1-gateway
set [ find default-name=ether2 ] comment=Homero name=ether2-master-local
set [ find default-name=ether3 ] comment="VoIP Habitacion Morado" name=ether3-slave-local
set [ find default-name=ether4 ] comment="Backup computer" loop-protect=on name=ether4-slave-local
set [ find default-name=ether5 ] comment=Libre name=ether5-slave-local
set [ find default-name=ether6 ] comment="PLC / Sony Vaio" name=ether6-master-local
set [ find default-name=ether7 ] comment=Canal+ name=ether7-slave-local
set [ find default-name=ether8 ] comment="PS3 / Homero cuando esta en hab" name=ether8-slave-local
set [ find default-name=ether9 ] comment="Clientes Red 12. Switch, Troncal VLAN0 y VLAN300" loop-protect=on name=ether9-slave-local
set [ find default-name=ether10 ] comment="Cableado al techo" name=ether10-slave-local poe-out=off
set [ find default-name=sfp1 ] disabled=yes


/interface vlan
add interface=ether9-slave-local name=vlan-300-eth9 vlan-id=300

/interface bridge port
add bridge=bridge-local interface=ether6-master-local
add bridge=bridge-local hw=no interface=sfp1
add bridge=bridge-airbnb interface=airbnb
add bridge=bridge-local interface=wlan1
add bridge=bridge-local interface=amer-sup
add bridge=bridge-local interface=ether2-master-local
add bridge=bridge-local interface=ether3-slave-local
add bridge=bridge-local interface=ether4-slave-local
add bridge=bridge-local interface=ether5-slave-local
add bridge=bridge-local interface=ether7-slave-local
add bridge=bridge-local interface=ether8-slave-local
add bridge=bridge-local hw=no interface=ether9-slave-local
add bridge=bridge-local interface=ether10-slave-local


/interface bridge vlan
add bridge=bridge-clientes tagged=vlan-300-eth9 untagged=bridge-clientes vlan-ids=300


/ip address
add address=192.168.11.1/24 interface=bridge-airbnb network=192.168.11.0
add address=192.168.12.1/24 interface=vlan-300-eth9 network=192.168.12.0
add address=192.168.10.1/24 interface=bridge-local network=192.168.10.0
add address=192.168.100.3/24 interface=ether1-gateway network=192.168.100.0

And now config in my wireless/switch equipment. RB493

/interface bridge
add admin-mac=D4:CA:6D:40:1A:68 auto-mac=no fast-forward=no name=bridge-clientes
add fast-forward=no name=bridge-local

/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n disabled=no distance=indoors frequency=2442 mode=ap-bridge name=wireless-01-24 ssid=\
amertrade vlan-id=100 wps-mode=disabled

/interface ethernet
set [ find default-name=ether1 ] comment="Link a MAIN Mikrotik. Troncal VLAN0 y VLAN300"
set [ find default-name=ether2 ] comment="Elio A14" name=ether2-master
set [ find default-name=ether3 ] comment="Groove AP (ex-teletronics)" name=ether3-slave
set [ find default-name=ether4 ] comment="Artem + A33 + A32 + A26" name=ether4-slave
set [ find default-name=ether5 ] comment="Ubiquiti 2 AP" name=ether5-slave
set [ find default-name=ether6 ] comment=Broken name=ether6-slave
set [ find default-name=ether7 ] comment=Rebeca name=ether7-slave
set [ find default-name=ether8 ] comment=Suomi name=ether8-slave
set [ find default-name=ether9 ] name=ether9-slave

/interface vlan
add interface=ether1 name=vlan-300-eth1 vlan-id=300
add interface=ether3-slave name=vlan-300-eth3 vlan-id=300

/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys supplicant-identity=MikroTik wpa2-pre-shared-key=\
"****"
/interface bridge port
add bridge=bridge-local interface=ether1 pvid=100
add bridge=bridge-clientes interface=ether2-master pvid=300
add bridge=bridge-local interface=wireless-01-24 pvid=100
add bridge=bridge-local interface=ether3-slave pvid=300
add bridge=bridge-clientes interface=ether4-slave pvid=300
add bridge=bridge-clientes interface=ether5-slave pvid=300
add bridge=bridge-clientes interface=ether6-slave pvid=300
add bridge=bridge-clientes interface=ether7-slave pvid=300
add bridge=bridge-clientes interface=ether8-slave pvid=300
add bridge=bridge-clientes interface=ether9-slave pvid=300
add bridge=bridge-clientes interface=vlan-300-eth1 pvid=300
add bridge=bridge-clientes interface=vlan-300-eth3

/interface bridge vlan
add bridge=bridge-clientes tagged=vlan-300-eth1 untagged=\
bridge-clientes,ether2-master,ether4-slave,ether5-slave,ether7-slave,ether8-slave,ether3-slave,ether9-slave vlan-ids=300

/ip address
add address=192.168.12.2/24 interface=bridge-clientes network=192.168.12.0
add address=192.168.10.3/24 interface=bridge-local network=192.168.10.0
/ip dns
set servers=192.168.10.1
 
sindy
Forum Guru
Forum Guru
Posts: 3527
Joined: Mon Dec 04, 2017 9:19 pm

Re: VLANS+2 Bridges + 2 DHCP

Sun Dec 30, 2018 4:42 pm

Congratulations.

So you have sucessfuly configured it using the "one-bridge-per-vlan" method, which means you can remove all the pvid=xxx parameters from all rows in /interface bridge port sections and all rows from the /interface bridge vlan section because they are not actually used as none of your bridges has vlan-filtering=yes.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
User avatar
hgonzale
Member Candidate
Member Candidate
Topic Author
Posts: 267
Joined: Thu Nov 06, 2014 1:12 pm
Location: Fuengirola, Spain
Contact:

Re: VLANS+2 Bridges + 2 DHCP

Sun Dec 30, 2018 4:56 pm

Super my friend. YES.
In the main router I don't have 2 bridge, because the "friends networks" is directly in the VLAN interface. The DHCP server and the IP (192.168.12.x) is running directly in VLAN-300-eth9.
Of course, in the RB493 (I the wireless is for me, and the eth ports are for friends) I create 2 BRDIGE...

I will remove the other options!!!!!

Thank you... You teach me a LOT...
On monday I will go to my friend and continue with the other post and the Photne in VLAN21 from the ISP)

THANK YOUUUUUUUUUUUU
 
Biker111
newbie
Posts: 26
Joined: Thu Aug 11, 2016 1:21 am
Location: Denmark

Re: VLANS+2 Bridges + 2 DHCP

Thu Jan 03, 2019 1:36 pm

Hi Sindy

You really nailed this, thank's a lot.
Could I ask,- if each vlan should have a seperate DHCP server running, then i guess "one bridge per vlan" is the way to go?

Cheers
Biker
 
mkx
Forum Guru
Forum Guru
Posts: 2482
Joined: Thu Mar 03, 2016 10:23 pm

Re: VLANS+2 Bridges + 2 DHCP

Thu Jan 03, 2019 1:39 pm

If "one bridge for all vlans" concept is used, then every L3-configured VLAN would have separate vlan interface on the common bridge ... and DHCP server would run on top of those vlan interfaces.

Compare that to:

If "one bridge per vlan" concept is used, then every L3-configured VLAN would have configuration on separate bridge ... and DHCP server would run on top of those bridges (bridge interfaces actually).
BR,
Metod
 
sindy
Forum Guru
Forum Guru
Posts: 3527
Joined: Mon Dec 04, 2017 9:19 pm

Re: VLANS+2 Bridges + 2 DHCP

Thu Jan 03, 2019 2:16 pm

if each vlan should have a seperate DHCP server running, then i guess "one bridge per vlan" is the way to go?
The L3 configuration (the IP configuration including DHCP) doesn't imply anything about the way how VLANs should be configured. You just have to attach the IP configuration to the appropriate object:
  • for "one bridge per VLAN", you attach the IP configurations to the individual /interface bridges, because frames running on these bridges are typically tagless (if we leave QinQ aside),
  • for "common bridge for all VLANs" you attach it to individual /interface vlans, because frames running on the bridge are typically tagged so you have to use /interface vlan to convert them to tagless ones (and vice versa in the opposite direction). For the pvid of the common bridge, if used, the L3 configuration is also attached to that /interface bridge itself because this VLAN's frames are running tagless on the bridge.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.

Who is online

Users browsing this forum: No registered users and 44 guests