I am currently working on a project which requires a slightly unusual VLAN configuration for routing between multiple sites. I've worked with Mikrotik and various other network vendors for several years, but I've not had to deal with this particular configuration before so was looking for advice on configuring this on a Mikrotik CCR2004.
The CCR2004 will be hosted in a co-location facility. The initial setup, which will be built out later, is a single 10G-LR fibre to the WAN provider switch, connected to sfp-sfpplus1. Each site circuit leads aggregates at the WAN provider switch and is then trunked across the single 10G link to the CCR with a unique VLAN. There is also a dedicated internet breakout on the WAN provider switch which is the default VLAN and untagged. From each site circuit I have management traffic on a tagged VLAN unique to that site. The WAN provider uses 0x8100 ethertype tags as outer tags, which will stack onto the 0x8100 tags which I use for management addresses at each site.
What I'm trying to configure is the following:
sfp-sfpplus1 - Untagged traffic only - IP address A.A.A.A/29 - WAN provider provided public IP address routing to WAN provider default GW
bridge1 - WAN provider tagged traffic, no inner tag - IP address B.B.B.B/24 - Bridge all untagged traffic from sites, tagged by WAN provider, public IP as gateway for sites
bridge1.vlan10x - Tagged management traffic from sites, interface per site - IP address 10.100.10x.1/24 - Site management IP address, inner tag from site after outer stripped.
I've included a diagram of the site connections. I'm really looking for some clarity on the configuration of the bridge and VLAN filtering to ensure that only the relevant traffic actually hits each interface.
Many thanks,
Richard