Community discussions

 
User avatar
sjafka
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 60
Joined: Wed Jan 03, 2018 5:45 pm

untagged vlan

Thu Jul 04, 2019 12:06 pm

Hello Community,


i'd like to confirm, im doing this right, i wanted to achieve untagged-vlan!

What i did: instead of putting the VLAN interface on the port itself (i need only one phisycal port for each subnet), i've put the port in a bridge and added the vlan to the bridge, after that the bridge got an private ip address and ive set up a dhcp server on the bridge, but i gave the ip address the port itself (and not the bridge).

Am i doing this right?

I did the same to an other port (the for was 192.168.4.1/24 the second 192.168.5.1/24) and did the firewall rules, so its seperated on layer 3 too.
Before theese settings i checked, i could ping from one client the other and vica versa. After theese settings i couldn't and i checked the ARP table on the windows machines and didnt saw any other subnets i should have seen, in case i misconfigured something.

Thank you in advance!
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1586
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: untagged vlan

Thu Jul 04, 2019 12:24 pm

Hey

Do you want these vlans to be tagged on other ports? Or do you want one vlan / port and only on that port?
 
User avatar
sjafka
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 60
Joined: Wed Jan 03, 2018 5:45 pm

Re: untagged vlan

Thu Jul 04, 2019 12:52 pm

Hey

Do you want these vlans to be tagged on other ports? Or do you want one vlan / port and only on that port?
hey sebastia,

thank you for your answer, i see you are really active on theese forums :)

Now i don't want to tag, cuz the person who needs it, has two "not-smart" switches, usually i like to use tagged vlan with smart-switches :)

Now, in this case, i only need one (untagged) vlan / port, but in an other case, where i'd need to have more, i would just put more ports into the bridge (the "vlaned"bridge).
Is this correct?

Thank you in advance!
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1586
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: untagged vlan

Thu Jul 04, 2019 1:00 pm

It could work like that: extend vlans with another smart switch.

But what also possible: extend the access port (=untagged port) with "dumb" switch.

To keep things simple I would just advise to setup independent ports, when when the need arrives you can re-evaluate your setup.
 
User avatar
sjafka
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 60
Joined: Wed Jan 03, 2018 5:45 pm

Re: untagged vlan

Thu Jul 04, 2019 1:32 pm

It could work like that: extend vlans with another smart switch.

But what also possible: extend the access port (=untagged port) with "dumb" switch.

To keep things simple I would just advise to setup independent ports, when when the need arrives you can re-evaluate your setup.
thank you for your time and answer sebastia!

it seems to work perfectly, but everywhere i search in google, i see 10+ sites long descriptions, how u should do vlans and a lot are outdated and not deleted (i think mikrotik tutorials are really outdated or wrongly done, but thats just my opinion), but i think "vlaning" in mikrotik is easy, cuz i tried how it was logical for me and it worked like a charm, i just wanted a pro say, yeah mate, you are doing it the right way! :)
 
mkx
Forum Guru
Forum Guru
Posts: 2468
Joined: Thu Mar 03, 2016 10:23 pm

Re: untagged vlan

Thu Jul 04, 2019 1:47 pm

... i just wanted a pro say, yeah mate, you are doing it the right way!

The way you did VLANs are the way they can be done on routers ... where any ingress packet needs to be routed to another L3 subnet.

If you want to do it the way they are done on switches ... where ingress packets get forwarded to other interfaces within same VLAN with the least amount of processing ... then your way is not the way to do it.

VLANs on Mikrotik are not easy and yes, official documentation has room for improvement. That's why @pcunite wrote a nice tutorial on how to do it in a way which is portable between all RouterBoard devices running ROS >=6.42.
There are many other ways how to configure VLANs, many give better performance but depend on particular features, provided by hardware switch chips, and are thus not portable between different RB models.
BR,
Metod
 
anav
Forum Guru
Forum Guru
Posts: 2835
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: untagged vlan

Thu Jul 04, 2019 2:30 pm

The link mkx provided is your best resource period.
Another good one is useful if you want to tackle a hybrid port (diagram 4 I believe).
https://wiki.mikrotik.com/wiki/Manual:Bridge_VLAN_Table
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
User avatar
sjafka
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 60
Joined: Wed Jan 03, 2018 5:45 pm

Re: untagged vlan

Thu Jul 11, 2019 3:05 pm

Thank you guys, for your answers!

One more question: if i do not bridge ports, i only use ONE, than i dont have any layer 2 connection between two ports right? So this way i can just give thoose two ports two seperate seubnets and do a layer 3 firewall filter (like forward from 192.168.0.0/24 to 192.168.1.0/24 drop) and i achieve the same? Could please someone verify for me, that two (not bridged, simple "standalone") ports do not have any L2 connection?

Thank you again :) Have a nice day!
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1586
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: untagged vlan  [SOLVED]

Thu Jul 11, 2019 3:11 pm

this is what I've suggested in post above

Edit for clarify: "To keep things simple I would just advise to setup independent ports, then when the need arrives you can re-evaluate your setup."
Last edited by sebastia on Thu Jul 11, 2019 4:00 pm, edited 2 times in total.
 
User avatar
sjafka
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 60
Joined: Wed Jan 03, 2018 5:45 pm

Re: untagged vlan

Thu Jul 11, 2019 3:55 pm

this is what I've suggested in post above
hi sebastia

if you mean this: "But what also possible: extend the access port (=untagged port) with "dumb" switch", than sorry, i misunderstood it, i thought you said i should do untagged vlans (not untagged ports :D) with dumb switches... :)

But if there is basically no L2 connection, than there is really no need for a "bridged-vlanned" port, makes it just more complicated without gaining anything from it!

My english is not the best, so if you wanted to tell me this, than sorry m8 and thank you again! :)

Who is online

Users browsing this forum: Google [Bot] and 41 guests