Hi,
It seems the Bridge itself must be always untagged to obtain connectivity.
I think thats because I see no way to configure a VLAN-ID (egress) for the bridge itself?!
We can define a PVID (ingress), but no egress VLAN-ID, like for a normal VLAN-Interfaces.
Or do I miss something?
Re: Bridge itself = always untagged
A bridge has two roles - its is both like a switch connecting various ethernet ports together, and also like an ethernet port to pass traffic to services on the Mikrotik itself. Somewhat confusingly the settings for both of these roles are made under /interface bridge - the frame-types, ingress-filtering and pvid for the bridge port role are made here, whereas for all other ports attached to the bridge these are set under /interface bridge port
So, by default the bridge-to-CPU connection will be an access port, adding the bridge to the tagged= port list in the statements under /interface bridge portvlan makes it a hybrid port, if you wish it to be a trunk (tagged only) port include frame-types=admit-only-vlan-tagged ingress-filtering=yes in the bridge statement under /interface bridge
Edit: Fixed typo in configuration section name
So, by default the bridge-to-CPU connection will be an access port, adding the bridge to the tagged= port list in the statements under /interface bridge portvlan makes it a hybrid port, if you wish it to be a trunk (tagged only) port include frame-types=admit-only-vlan-tagged ingress-filtering=yes in the bridge statement under /interface bridge
Edit: Fixed typo in configuration section name
Last edited by tdw on Mon Mar 08, 2021 7:00 pm, edited 1 time in total.
Re: Bridge itself = always untagged
Hi tdw,
thanks for your explanation!
I am unable to add the Bridge itself under /interface bridge port:
If I set the Bridge as tagged VID100 under /interface bridge vlans no DHCP-IP will be assigned:
Setting the Bridge tagged and "admit only VLAN tagged" + "Ingress Filtering", same result. No connectivity:
If I set the Bridge as untagged, the IP will be assigned via DHCP:
I find no way to make the Bridge itself work if I put the Bridge under tagged (nevertheless VLAN100 will the transmitted tagged).
thanks for your explanation!
So, by default the bridge-to-CPU connection will be an access port, adding the bridge to the tagged= port list in the statements under /interface bridge port makes it a hybrid port, if you wish it to be a trunk (tagged only) port include frame-types=admit-only-vlan-tagged ingress-filtering=yes in the bridge statement under /interface bridge
I am unable to add the Bridge itself under /interface bridge port:
If I set the Bridge as tagged VID100 under /interface bridge vlans no DHCP-IP will be assigned:
Setting the Bridge tagged and "admit only VLAN tagged" + "Ingress Filtering", same result. No connectivity:
If I set the Bridge as untagged, the IP will be assigned via DHCP:
I find no way to make the Bridge itself work if I put the Bridge under tagged (nevertheless VLAN100 will the transmitted tagged).
You do not have the required permissions to view the files attached to this post.
Re: Bridge itself = always untagged
A typo in my post, I should have said "adding the bridge to the tagged= port list in the statements under /interface bridge vlan" not .../interface bridge portI am unable to add the Bridge itself under /interface bridge port
If you configure the CPU-to-bridge port/interface to be tagged then you need to something to encapsulate/decapsulate the VLAN, e.g.If I set the Bridge as tagged VID100 under /interface bridge vlans no DHCP-IP will be assigned:
/interface vlan
add interface=bridge1 name=bridge-vlan-100 vlan-id=100
and attach the IP address, DHCP server, firewall rules, etc. to this - anything attached directly to the CPU-to-bridge port/interface will only handle the untagged traffic