Dear all,

lets assume i have a Bridge with some interfaces set as port to it. Iam wondering what is the sense of PVID and ingress filter for the cpu port (Bridge).

For my understanding it is always the case that only tagged traffic reaches the bridge port. If i have set ether1 as trunk port with ingress filter to allow only tagged traffic traffic to the cpu port will always be tagged. If i set ether1 to access port with pvid = 1 the bridge port will also get only tagged traffic(1). What is the sense to specify pvid and ingress filter for the bridge because in this example it will never get untagged frames ?

Please read this post first. If it doesn't help, come back here. Whereas I also don't understand the purpose of the ingress-filtering parameter of the bridge port, the pvid is meaningful there.

Unfortunately, I still don't understand why the PVID parameter for the bridge port makes sense:(

Each row of /interface bridge actually aggregates parameters for three distinct types of objects linked together:

1. the bridge itself, as in "virtual switch"
2. the virtual member port of that bridge, to which a virtual port of a virtual router is connected
3. the virtual port of a virtual router, connected to the virtual switch

Like any other member port of the bridge, the Type 2 object (bridge port) can receive tagless frames from "outside", i.e. from the Type 3 object (router port). And these ingress frames need to get tagged with a proper VLAN ID, which is specified using the pvid parameter of that port, just like for any other member port of the bridge. And for egress direction, frames with this VLAN ID get untagged, unless you put the port on the tagged list on the row of /interface bridge vlan for the corresponding VLAN ID (as a port is automatically added to the untagged list of that row depending on its pvid parameter if nothing is configured manually).

So without the pvid, the Type 2 object would have to always be a trunk port, with all VLANs passing tagged through it. So it would be impossible to attach the IP configuration directly to the Type 3 object linked to it, and you'd have to attach an /interface vlan to it object for every VLAN ID used.