Each row of /interface bridge
actually aggregates parameters for three distinct types of objects linked together:
- the bridge itself, as in "virtual switch"
- the virtual member port of that bridge, to which a virtual port of a virtual router is connected
- the virtual port of a virtual router, connected to the virtual switch
Like any other member port of the bridge, the Type 2 object (bridge port) can receive tagless frames from "outside", i.e. from the Type 3 object (router port). And these ingress frames need to get tagged with a proper VLAN ID, which is specified using the pvid
parameter of that port, just like for any other member port of the bridge. And for egress direction, frames with this VLAN ID get untagged, unless you put the port on the tagged
list on the row of /interface bridge vlan
for the corresponding VLAN ID (as a port is automatically added to the untagged
list of that row depending on its pvid
parameter if nothing is configured manually).
So without the pvid
, the Type 2 object would have to always be a trunk port, with all VLANs passing tagged through it. So it would be impossible to attach the IP configuration directly to the Type 3 object linked to it, and you'd have to attach an /interface vlan
to it object for every VLAN ID used.