Hi,

I got 2 Mikrotik devices. One is act as a router and one is act as a layer 3 switch and the model is CRS328.
Currently, the switch have 3 bridges and each bridge have it own subnet. All the routing between subnet and internet are fine.
There is no trunk configuration connect to the router. The routing between the router, switch and bridge's subnets are though BGP.
Now I am trying to turn those bridge to vlans. I tried many online tutorial, however none of them is working.
The vlans I want to create is only contain untagged port.

It's not clear to me how duties are shared between both MT devices and where BGP enters the game. You did not mention the other device's model, but CRS328 is not a router, it's a switch. Sure it can route but performance is next to none (compared to switching performance).

Anyway, have a look at this excellent tutorial about VLANs on Mikrotik. Read it slowly and try to understand it properly, you won't need other resources.
If done properly, CRS328 will do switching entirely in hardware. Hopefully your other device is a router, not a switch, and can do inter-VLAN routing with decent speed.

BTW you're mentioning only untagged ports. I suggest you to run trunk (tagged only) connections on links between LAN infrastructure devices (routers, switches and APs). If you want to use multiple links between a pair of devices, configure those as bond and run tagged-only trafic over the bond. Having access ports (connecting end devices) untagged is very reasonable indeed.

Currently, the switch have 3 bridges and each bridge have it own subnet.

That sounds like you are doing a lot of switching in software on the slow cpu instead of using the device's powerful switch chip. You should have a look at the crs3xx switching manual, what you really want is a single bridge with vlan filtering enabled.

It's not clear to me how duties are shared between both MT devices and where BGP enters the game. You did not mention the other device's model, but CRS328 is not a router, it's a switch. Sure it can route but performance is next to none (compared to switching performance).

Anyway, have a look at this excellent tutorial about VLANs on Mikrotik. Read it slowly and try to understand it properly, you won't need other resources.
If done properly, CRS328 will do switching entirely in hardware. Hopefully your other device is a router, not a switch, and can do inter-VLAN routing with decent speed.

BTW you're mentioning only untagged ports. I suggest you to run trunk (tagged only) connections on links between LAN infrastructure devices (routers, switches and APs). If you want to use multiple links between a pair of devices, configure those as bond and run tagged-only trafic over the bond. Having access ports (connecting end devices) untagged is very reasonable indeed.

Hi MKX,

Thanks for the advices and information.
I am not a network engineer. So, I might not able to use the correct terms sometime.

Actually, I am trying to build a network at home similar to the Layer 3 enterprise network design in Casino I saw with Mikrotik.
I knows the switch I have its performance is slow but I really interesting to do it this way.

Once the exercise is done, I will re-config everything. I will create trunk port between the router and switch. And Vlans Gateway on Router

Hi MKX,

Thanks a lot!

After reading the article you suggested, I am able to create the VLAN.
I found the missing step I didn't do before was set the bridge as a tagged member.

Example command as below.
set bridge=BR1 tagged=BR1 [find vlan-ids=10]

Now the vlan is functionable, but when I export and check the configuration file. I can't see the above command in it.

Below is the configuration of my switch.

# feb/15/2021 19:26:09 by RouterOS 6.48.1
# software id = 801C-59LB
#
# model = CRS328-24P-4S+
# serial number = D7620CF6AE89
/interface bridge
add name=bridge1 protocol-mode=none vlan-filtering=yes
/interface vlan
add interface=bridge1 name=VLAN10 vlan-id=10
add interface=bridge1 name=VLAN30 vlan-id=30
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/routing bgp instance
set default as=102 router-id=2.2.2.2
/interface bridge port
add bridge=bridge1 interface=ether1 pvid=10
add bridge=bridge1 interface=ether2 pvid=10
add bridge=bridge1 interface=ether19 pvid=30
add bridge=bridge1 interface=ether20 pvid=30
add bridge=bridge1 interface=ether21 pvid=30
add bridge=bridge1 interface=ether22 pvid=30
add bridge=bridge1 interface=ether23 pvid=30
add bridge=bridge1 interface=ether24 pvid=30
add bridge=bridge1 interface=ether3 pvid=10
add bridge=bridge1 interface=ether4 pvid=10
/interface bridge vlan
add bridge=bridge1 tagged=bridge1 untagged=ether1,ether2,ether3 vlan-ids=10
add bridge=bridge1 tagged=bridge1 untagged=\
ether19,ether20,ether21,ether22,ether23,ether24 vlan-ids=30
/ip address
add address=192.168.0.2/30 interface=sfp-sfpplus1 network=192.168.0.0
add address=192.168.1.254/24 interface=VLAN10 network=192.168.1.0
add address=192.168.3.254/24 interface=VLAN30 network=192.168.3.0
/ip dhcp-relay
add dhcp-server=192.168.0.1 disabled=no interface=VLAN30 local-address=\
192.168.3.254 name=relay1
add dhcp-server=192.168.0.1 disabled=no interface=VLAN10 local-address=\
192.168.1.254 name=relay2
/routing bgp network
add network=192.168.1.0/24
add network=192.168.2.0/24
add network=192.168.3.0/24
/routing bgp peer
add name="peer to Router" remote-address=192.168.0.1 remote-as=101
/system clock
set time-zone-name=Asia/Macau
/system identity
set name="Core Switch"
/system ntp client
set enabled=yes primary-ntp=192.168.0.1 secondary-ntp=192.168.0.1
/system routerboard settings
set boot-os=router-os
/system swos
set address-acquisition-mode=static allow-from-ports="p1,p2,p3,p4,p5,p6,p7,p8,\
p9,p10,p11,p12,p13,p14,p15,p16,p17,p18,p19,p20,p21,p22,p23,p24,p25,p26,p27\
,p28" identity=Switch static-ip-address=192.168.1.251

Example command as below.
set bridge=BR1 tagged=BR1 [find vlan-ids=10]

Now the vlan is functionable, but when I export and check the configuration file. I can't see the above command in it.

The command is essentially included in the command below:

/interface bridge vlan
add bridge=bridge1 tagged=bridge1 untagged=ether1,ether2,ether3 vlan-ids=10

But be careful with set command: it sets value of a property, doesn't add new one to existing. E.g. if you had bridge=BR1 tagged=etherX vlan-ids=10 and you executed "your" command, then interface etherX would be removed from list of tagged members of that VLAN. If you wanted to keep etherX as tagged member of said VLAN, you'd have to execute set bridge=BR1 tagged=BR1,etherX [ find vlan-ids=10 ]

But be careful with set command: it sets value of a property, doesn't add new one to existing. E.g. if you had bridge=BR1 tagged=etherX vlan-ids=10 and you executed "your" command, then interface etherX would be removed from list of tagged members of that VLAN. If you wanted to keep etherX as tagged member of said VLAN, you'd have to execute set bridge=BR1 tagged=BR1,etherX [ find vlan-ids=10 ]

Hi Mkx,

Thanks for the instruction! Will aware.