Community discussions

MikroTik App
 
simonefil
newbie
Topic Author
Posts: 42
Joined: Tue Apr 13, 2021 9:22 pm
Location: Bergamo - Italy
Contact:

manage vlan and untagged on the same port

Mon Apr 26, 2021 10:31 pm

Goodmorning everyone.
Currently I have a routerboard with a 192.168.3.0/24 subnet and a vlan100 with 192.168.1.0/24 subnet.
Many devices are connected to the ether1 port associated with the 3.0/24 subnet, including some unifi AP, they generate an ssid tagged on the vlan100.
I would like to assign the subnet 192.168.1.0/24 (vlan100) to ether2, so that all devices that connect to that port are managed by the vlan100 DHCP server, and so far no problem.
However, I would also like to connect to that port a unifi AP that transmits an SSID with the subnet 192.168.3.0 (vlan untagged). Practically the opposite of what has been achieved now.
The subnet 192.168.3.0 is not a vlan, but it is a classic subnet, in the unifi AP configuration I will have to put vlan tag = 0? it's correct?
I hope I have explained myself sufficiently. It is difficult to put into words.
Many thanks to all
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19107
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: manage vlan and untagged on the same port

Mon Apr 26, 2021 10:58 pm

No your explanation is rather poor LOL.

Draw a network diagram.
Trunk port, as many tagged vlans to another smart device.
Access port, ONE untagged vlan to a dumb device.

HYBRID PORT assumes the following
-as many tagged vlans
-ONLY ONE untagged VLAN
-the device at the other END KNOWS how to deal with both the untagged vlan and the many tagged vlans.

Examples.
VOIP PHONE with two RJ45 jacks typically, one to the switch or router, and one jack to a PC.
In this case the VOIP smart device can read the tagged vlan(s) for the VOIP phone and it passes the untagged vlan traffic to the PC.

Unifi Access Point, is a weird beast in that I believe it accepts or expects an untagged VLAN coming to it for the management VLAN along with tagged vlans for the WLANS. It can also use the incoming untagged management vlan for a wlan as well.

So for the hybrid port on the MT....
(lets say management vlan (or home vlan trusted) is 11, so we have wlans for vlans 11, 20 guests, 30 iot devices ON THe UNIFI, other wired only vlans 40 is printers, vlan 50 is a gamer)
(plus another generic wifi access point beyond the switch with wlans for guests and iot devices)

/interface bridge ports
add bridge=bridge interface=eth2 ingress-filtering=yes frame-types=only allowed tagged frames {trunk port going to a managed switch (lets say vlans 20, 30, 40,50 - another access point attached to switch}
add bridge=bridge interface=eth3 ingress-filtering=yes frame-types=only allowed priority and untagged frames PVID=11 {access port} going to admins PC.
add bridge=bridge interface=eth4 PVID=11 {hybrid port going to unif access point, includes vlans for 20,30)

/interface bridge vlans
add bridge=bridge tagged=eth2 vlan-ids=40,50
add bridge=bridge tagged=eth2,ether4 vlan-ids=20,30
add bridge=bridged tagged=eth2 untagged=eth3,eth4 vlan-ids=11

note: eth2 is tagged for vlan 11 as at a minimum the switch on eth2 is getting its LANIP on the trusted/managed vlan 11. More than likely there may be trusted vlans 11 PCs on the switch and perhaps on the fictitious access point beyond the switch as well.

The linked article is also the BEST reference but dont think it gets into hybrid ports......
viewtopic.php?f=23&t=143620

Who is online

Users browsing this forum: AshuGite, Bing [Bot], CJWW and 59 guests