Community discussions

MikroTik App
  4. RouterOS
  5. General

Mikrotik VLAN Configuration / switch ports

Post Reply
 
DL7JP
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 85
Joined: Sat Oct 19, 2013 4:14 pm

Mikrotik VLAN Configuration / switch ports

Fri May 21, 2021 11:38 pm

Dear all,

I am still a bit confused with the Mikrotik VLAN implementation, maybe some kind soul could give me a hint here: My main router is a RB1100AHx4, port eth1 is connected to my ISP delivering VoIP over VLAN 40. For whatever reason I can only get one IP address from their dhcp Server in the VLAN, so I cannot route my VoiP-Client into the VLAN. Thus, I decided to map this VLAN to eth2, where my VoIP is connected to.

This does the job:
Code: Select all
/interface vlan add interface=eth1 name=VLAN-VoIP vlan-id=40
/interface bridge add  name=bridge-VLAN-Voip
/interface bridge port
add bridge=bridge-VLAN-Voip interface=eth2
add bridge=bridge-VLAN-Voip interface=VLAN-VoIP
I am wondering if this is the preferred solution.
I guess I could also assign the VLAN under /interface ethernet switch to eth2, then I would not need to set up a bridge, correct?

Thanks,
Joachim.
Top
 
sindy
Forum Guru
Forum Guru
Posts: 10206
Joined: Mon Dec 04, 2017 9:19 pm

Re: Mikrotik VLAN Configuration / switch ports

Sat May 22, 2021 10:03 am

The configuration with a dedicated bridge for VLAN 40 is perfectly "legal". Whether it is also preferred depends more on your personal preference.

However, the switch chip used in the RB1100AHx4 (RTL8367) doesn't support VLAN handling, at least under control of RouterOS, so you cannot set it up for tagging and untagging VLAN 40 as it passes between ether1 and ether2.

You can also make the two Ethernet interfaces member ports of a common bridge with vlan-filtering set to yes and use /interface bridge vlan and /interface bridge port configuration subtrees to set up which VLAN will be tagged at which port as follows:

/interface bridge add name=br-wan vlan-filtering=yes protocol-mode=none
/interface bridge port
add bridge=br-wan interface=ether1
add bridge=br-wan interface=ether2 pvid=40
/interface bridge vlan
add bridge=br-wan vlan-ids=40 tagged=ether1

With the setup above, you have to move any IP configuration from ether1 to br-wan, and also substitute ether1 by br-wan in all IP firewall rules and on all /interface list member rows used by IP firewall rules.

So as you can see, for just two ports in a bridge and just two VLANs on ether1, your method with a dedicated bridge for VLAN 40 is simpler; with more VLANs and more ports on the bridge, the other one becomes simpler.

Both ways are implemented completely in software, so there is no significant difference in CPU load between them.
Top
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 12001
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:
Contact rextended

Re: Mikrotik VLAN Configuration / switch ports

Sat May 22, 2021 10:58 am

The configuration with a dedicated bridge for VLAN 40 is perfectly "legal". Whether it is also preferred depends more on your personal preference.

However, the switch chip used in the RB1100AHx4 (RTL8367) doesn't support VLAN handling, at least under control of RouterOS, so you cannot set it up for tagging and untagging VLAN 40 as it passes between ether1 and ether2.

You can also make the two Ethernet interfaces member ports of a common bridge with vlan-filtering set to yes and use /interface bridge vlan and /interface bridge port configuration subtrees to set up which VLAN will be tagged at which port as follows:

/interface bridge add name=br-wan vlan-filtering=yes protocol-mode=none
/interface bridge port
add bridge=br-wan interface=ether1
add bridge=br-wan interface=ether2 pvid=40
/interface bridge vlan
add bridge=br-wan vlan-ids=40 tagged=ether1

With the setup above, you have to move any IP configuration from ether1 to br-wan, and also substitute ether1 by br-wan in all IP firewall rules and on all /interface list member rows used by IP firewall rules.

So as you can see, for just two ports in a bridge and just two VLANs on ether1, your method with a dedicated bridge for VLAN 40 is simpler; with more VLANs and more ports on the bridge, the other one becomes simpler.

Both ways are implemented completely in software, so there is no significant difference in CPU load between them.
+1
Top
 
DL7JP
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 85
Joined: Sat Oct 19, 2013 4:14 pm

Re: Mikrotik VLAN Configuration / switch ports

Sat May 22, 2021 12:29 pm

Thanks a bunch, very useful explanation!
However, the switch chip used in the RB1100AHx4 (RTL8367) doesn't support VLAN handling
Ups, I was implicitly assuming it is supported since the winbox UI under switch shows this option... not exactly an intuitve UI :-)
Top
Post Reply

Who is online

Users browsing this forum: anav, Guntis, HokieCat, Maggiore81, SpOuK3 and 113 guests
  4. RouterOS
  5. General