Community discussions

MikroTik App
 
Yoncu
just joined
Topic Author
Posts: 11
Joined: Sat Mar 06, 2021 2:59 pm

Bridge vlan solution without adding interface vlan

Fri Jul 30, 2021 7:55 pm

Is it possible to bridge all incoming vlans from a port without creating a vlan interface?
DHCP and ip block 10.0.0.1/16 should be assigned for this bridge on Mikrotik.

The vlan range of 1201-1248 comes over the Ether2 connected switch.
/interface bridge
add name=bridge2 vlan-filtering=yes
/interface bridge port
add bridge=bridge2 interface=ether2
/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-pppoe=yes use-ip-firewall-for-vlan=yes
/interface bridge vlan
add bridge=bridge2 tagged=ether2 vlan-ids=1201-1248
/ip address
add address=10.0.0.1/16 interface=bridge2 network=10.0.0.0
In short, I want a solution on the bridge without adding interface vlans for each vlan. Is it possible?
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11433
Joined: Thu Mar 03, 2016 10:23 pm

Re: Bridge vlan solution without adding interface vlan

Fri Jul 30, 2021 8:57 pm

No.

IP layer (L3) in mikrotik can only work with untagged frames. If frames are tagged, then you absolutely need VLAN interface to do the tagging/untagging, one for each VLAN ID.

If you use bridge only to pass frames between member ports, then VLAN interfaces aren't needed.

BTW, if router is supposed to interact with those VLANs, you'll have to add bridge interface as tagged member of all those VLANs (just the same way as ether2).
Last edited by mkx on Fri Jul 30, 2021 9:00 pm, edited 1 time in total.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19100
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Bridge vlan solution without adding interface vlan

Fri Jul 30, 2021 8:58 pm

Dont think so.
YOu have to add each vlan interface to the bridge as in a basic definition requirement
If the router is not involved with DHCP for the vlan subnets then there are some savings there because normally each vlan
would also need an IP pool, DHCP server, DHCP server network and IP address.

Also typically each VLAN would have a separate interface bridge vlan setting entry
but in this case you could enter multiple vlan #s, dont think a range is allowed.
add bridge=bridge tagged=bridge,ether2 vlan=ids=a,b,c,d,e,f,g,h.i,j,k,l,m,n etc..............
 
nagylzs
Member
Member
Posts: 353
Joined: Sun May 26, 2019 2:08 pm

Re: Bridge vlan solution without adding interface vlan

Mon Aug 02, 2021 1:18 pm

Yoncu, are you trying to bridge together different vlans?
 
Yoncu
just joined
Topic Author
Posts: 11
Joined: Sat Mar 06, 2021 2:59 pm

Re: Bridge vlan solution without adding interface vlan

Mon Aug 02, 2021 5:40 pm

Yoncu, are you trying to bridge together different vlans?
Yes. I want to merge all vLan and assign IP.
Creating interfaces reduces performance because there are hundreds of vLans. I'm looking for a solution on Bridge without creating Interfaces.
 
Yoncu
just joined
Topic Author
Posts: 11
Joined: Sat Mar 06, 2021 2:59 pm

Re: Bridge vlan solution without adding interface vlan

Mon Aug 02, 2021 5:44 pm

Dont think so.
YOu have to add each vlan interface to the bridge as in a basic definition requirement
If the router is not involved with DHCP for the vlan subnets then there are some savings there because normally each vlan
would also need an IP pool, DHCP server, DHCP server network and IP address.

Also typically each VLAN would have a separate interface bridge vlan setting entry
but in this case you could enter multiple vlan #s, dont think a range is allowed.
add bridge=bridge tagged=bridge,ether2 vlan=ids=a,b,c,d,e,f,g,h.i,j,k,l,m,n etc..............
add bridge=bridge2 tagged=ether2,bridge2 vlan-ids=1201-2048
The solution is unsuccessful. No IP assignment.
"/ip address add address=10.0.0.1/16 interface=bridge2 network=10.0.0.0" not working.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: Bridge vlan solution without adding interface vlan

Mon Aug 02, 2021 5:56 pm

Yoncu, are you trying to bridge together different vlans?
Yes. I want to merge all vLan and assign IP.
Creating interfaces reduces performance because there are hundreds of vLans. I'm looking for a solution on Bridge without creating Interfaces.
So you want to bridge a network of many VLANs and give your router an IP on all of these VLANs?
That can only be done by putting a VLAN interface for each tag and setting an IP on each of these interfaces.

For merely bridging the VLANs from one port to another this is not required.
 
Yoncu
just joined
Topic Author
Posts: 11
Joined: Sat Mar 06, 2021 2:59 pm

Re: Bridge vlan solution without adding interface vlan

Mon Aug 02, 2021 6:01 pm



Yes. I want to merge all vLan and assign IP.
Creating interfaces reduces performance because there are hundreds of vLans. I'm looking for a solution on Bridge without creating Interfaces.
So you want to bridge a network of many VLANs and give your router an IP on all of these VLANs?
That can only be done by putting a VLAN interface for each tag and setting an IP on each of these interfaces.

For merely bridging the VLANs from one port to another this is not required.
I need to give 10.0.0.0/16 ip from common pool for all vLans. how can I do that.
Could you please consider solving it without creating interfaces. Too many interfaces create high cpu problem.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19100
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Bridge vlan solution without adding interface vlan

Mon Aug 02, 2021 6:20 pm

yoncu, you are asking to put a square peg into a round hole. In other words you need to step back and provide the requirements of how you got yourself into this corner.
What are the requirements of the network that created a whole bunch of vlans. A design is best evolved when you know the back story or the history.......
 
biomesh
Long time Member
Long time Member
Posts: 561
Joined: Fri Feb 10, 2012 8:25 pm

Re: Bridge vlan solution without adding interface vlan

Mon Aug 02, 2021 7:02 pm

What Mikrotik hardware are you using in that 48 VLANs is putting extra load on the device?

The reasoning behind not using VLANs and routing seems odd.
 
Yoncu
just joined
Topic Author
Posts: 11
Joined: Sat Mar 06, 2021 2:59 pm

Re: Bridge vlan solution without adding interface vlan

Mon Aug 02, 2021 7:15 pm

What Mikrotik hardware are you using in that 48 VLANs is putting extra load on the device?

The reasoning behind not using VLANs and routing seems odd.
There are more than 1500 vlans available, even the CCR1072 has a CPU problem. If I can't find a solution, I won't be able to use Mikrotik.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19100
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Bridge vlan solution without adding interface vlan

Mon Aug 02, 2021 7:28 pm

As I stated, without an appreciation of the situation, how did you end up with 1000s of vlans etc........ What does the total network(s) look like, too much information you are leaving out.
 
biomesh
Long time Member
Long time Member
Posts: 561
Joined: Fri Feb 10, 2012 8:25 pm

Re: Bridge vlan solution without adding interface vlan

Mon Aug 02, 2021 7:48 pm

Do you think simply bridging your network would work anyway? 1500 networks into one collision domain?
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: Bridge vlan solution without adding interface vlan

Mon Aug 02, 2021 8:38 pm

I need to give 10.0.0.0/16 ip from common pool for all vLans. how can I do that.
Could you please consider solving it without creating interfaces. Too many interfaces create high cpu problem.
You cannot solve that. Not with MikroTik routers, at least.
Maybe with a high-end L3 routing switch it is possible, but even there you could hit some limitation.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: Bridge vlan solution without adding interface vlan

Mon Aug 02, 2021 8:38 pm

Do you think simply bridging your network would work anyway? 1500 networks into one collision domain?
This remark is of course nonsense, a bridge or switch does not create a collision domain.
 
biomesh
Long time Member
Long time Member
Posts: 561
Joined: Fri Feb 10, 2012 8:25 pm

Re: Bridge vlan solution without adding interface vlan

Mon Aug 02, 2021 8:58 pm

I was referring from the OP where he wanted to create a 10.0.0.0/16 network with these vlans- onto one bridge - thus creating a huge collision domain.
 
anschluss
just joined
Posts: 14
Joined: Fri Mar 30, 2018 3:46 pm

Re: Bridge vlan solution without adding interface vlan

Mon Aug 02, 2021 9:36 pm

I was referring from the OP where he wanted to create a 10.0.0.0/16 network with these vlans- onto one bridge - thus creating a huge collision domain.
No, that would "only" create a huge broadcast domain, not a collision domain.
My question is more like: Why bother with so many VLANs if the whole network construct is going in one huge broadcast domain anyway?

The desire to implement a huge number of VLANs only to bridge them together could point to
  • a specialized application
  • a possible indicator for a misunderstanding of commonly accepted networking concepts
I think the OP should not be surprised that - for lack of more background information - most readers tend to spot a misunderstanding.
Last edited by anschluss on Mon Aug 02, 2021 10:21 pm, edited 1 time in total.
 
biomesh
Long time Member
Long time Member
Posts: 561
Joined: Fri Feb 10, 2012 8:25 pm

Re: Bridge vlan solution without adding interface vlan

Mon Aug 02, 2021 9:46 pm

No, that would "only" create a huge broadcast domain, not a collision domain.
I think I was having a flashback to the days of coax, BNC and terminators. :D
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19100
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Bridge vlan solution without adding interface vlan

Tue Aug 03, 2021 6:08 pm

Until the op reveals some truths about the infrastructure involved you are wasting your time....................
Either that or it was a homework assignment he was trying to get others to solve LOL
 
Yoncu
just joined
Topic Author
Posts: 11
Joined: Sat Mar 06, 2021 2:59 pm

Re: Bridge vlan solution without adding interface vlan

Tue Aug 03, 2021 6:17 pm

Consider a datacenter.
It has 10 Gbit/s Fiber Uplink.
36 cabinets available.
48 port switches are available for each cabinet.
All ports and server systems should use ip address from common pool.
Active bridge traffic averages 1 Gbit/s.
My goal is to monitor and control each switch port via Mikrotik. (For security purposes)
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19100
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Bridge vlan solution without adding interface vlan

Tue Aug 03, 2021 6:26 pm

Consider a datacenter.
It has 10 Gbit/s Fiber Uplink.
36 cabinets available.
48 port switches are available for each cabinet.
All ports and server systems should use ip address from common pool.
Active bridge traffic averages 1 Gbit/s.
My goal is to monitor and control each switch port via Mikrotik. (For security purposes)
That should help understand the scenario.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: Bridge vlan solution without adding interface vlan

Tue Aug 03, 2021 6:39 pm

My goal is to monitor and control each switch port via Mikrotik. (For security purposes)
I cannot believe you run into CPU performance issues by just monitor and control for this setup, unless you have invested your money in a hAP mini...
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11433
Joined: Thu Mar 03, 2016 10:23 pm

Re: Bridge vlan solution without adding interface vlan

Tue Aug 03, 2021 6:48 pm

My goal is to monitor and control each switch port via Mikrotik. (For security purposes)

Every decent managed switch has per-port statistics. And most (if not all) offer port mirroring (if you really want monitoring of traffic). So I fail to see necessity for VLANs in this case.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19100
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Bridge vlan solution without adding interface vlan

Tue Aug 03, 2021 6:56 pm

Real network manager or university course questions?????
 
Yoncu
just joined
Topic Author
Posts: 11
Joined: Sat Mar 06, 2021 2:59 pm

Re: Bridge vlan solution without adding interface vlan

Tue Aug 03, 2021 7:09 pm

My goal is to monitor and control each switch port via Mikrotik. (For security purposes)
I cannot believe you run into CPU performance issues by just monitor and control for this setup, unless you have invested your money in a hAP mini...
I am currently using the CCR1072. 150+ vlans are a problem. I can't think of 1500 at all, I think if I add 1500 vlans, the device will not open at all. (under traffic)
I don't think there is any higher hardware.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: Bridge vlan solution without adding interface vlan

Tue Aug 03, 2021 8:26 pm

I think you are not telling us the whole story!
 
Yoncu
just joined
Topic Author
Posts: 11
Joined: Sat Mar 06, 2021 2:59 pm

Re: Bridge vlan solution without adding interface vlan

Tue Aug 03, 2021 8:45 pm

I think you are not telling us the whole story!
Other uses are:
15+ BGP Connections,
8+ IP tunnels
15000+ IPv4
5x /29 IPv6
100+ firewall raw
200+ firewall filter
50+ Nat ex.
 
toxicfusion
Member Candidate
Member Candidate
Posts: 267
Joined: Mon Jan 14, 2013 6:02 pm

Re: Bridge vlan solution without adding interface vlan

Tue Aug 03, 2021 9:01 pm

Seriously 1500 vlans on the router?.. .WHY!

Are you doing router-on-stick configuration?

Why not just use L3 routing on switches to router?

You need to CREATE VLAN INTERFACES and then assign IP address to each vlan on the router

IE:
/interface vlan=1001 name=vlan1001-data

/ip address 10.10.0.1/24 interface=vlan1001

If you're using the all-in-one vlan bridge method.

You have your single bridge interface. VLAN filtering=on. Specifiy all the ports to be on that vlan-bridge and the ports PVID.

Then configure that bridge port vlan settings. [see screenshot example]
You do not have the required permissions to view the files attached to this post.
 
Yoncu
just joined
Topic Author
Posts: 11
Joined: Sat Mar 06, 2021 2:59 pm

Re: Bridge vlan solution without adding interface vlan

Tue Aug 03, 2021 9:48 pm

Seriously 1500 vlans on the router?.. .WHY!

Are you doing router-on-stick configuration?

Why not just use L3 routing on switches to router?

You need to CREATE VLAN INTERFACES and then assign IP address to each vlan on the router

IE:
/interface vlan=1001 name=vlan1001-data

/ip address 10.10.0.1/24 interface=vlan1001

If you're using the all-in-one vlan bridge method.

You have your single bridge interface. VLAN filtering=on. Specifiy all the ports to be on that vlan-bridge and the ports PVID.

Then configure that bridge port vlan settings. [see screenshot example]
I explained the reason for needing vLan above. (36 cabinets * 48 Ports = 1728 vLan)

You said that it is necessary to add interfaces, if there is a solution without interfaces, I am looking for this solution. Adding an interface is plain logic, the simplest method. I'm looking for solutions for performance, not plain logic.

You also mentioned adding an IP address to each vlan. I will add IP addresses to bridge, all vlan will use public ip addresses from pool. There will be no different ip addresses for each vlan.
I tried tag-sticking but it didn't work.

VLAN filtering=on is available. There is no solution.

Your explanation is adding on the interface, but I don't understand what is in the picture. Is there a description in the picture without the interface? Is there a solution without adding vLan Interface?
 
toxicfusion
Member Candidate
Member Candidate
Posts: 267
Joined: Mon Jan 14, 2013 6:02 pm

Re: Bridge vlan solution without adding interface vlan

Tue Aug 03, 2021 10:19 pm

Only other way I can think of is using a device that has proper hardware switch-chip, Example would be QCA8337 chip.

Then you create all your vlans and configure it within the "Switch" part of RouterOS..

You would still need /interface vlan=XXX with IP assigned to do routing.

Or.. why not Layer3....

Each cabinet has their own Top Of Rack switches [dual]. These are then connected to Aggregation switches at a core rack. Agg switches connect into dual routers via Layer3 routing.
 
nagylzs
Member
Member
Posts: 353
Joined: Sun May 26, 2019 2:08 pm

Re: Bridge vlan solution without adding interface vlan

Wed Aug 04, 2021 6:22 pm

> I explained the reason for needing vLan above. (36 cabinets * 48 Ports = 1728 vLan)

I still don't get the point. VLANs are not created for "ports" but for specific network domains (for example, company departments, for classes of network traffic etc.) You just explained that you have 1728 ports, but that does not explain why would you need 1728 vlans?

* If the only thing you need is to monitor some switches, then your should create a separate management vlan and access your switches on that SINGLE vlan.
* Usually you want to create multiple vlans when you want to create create ISOLATED layer 2 networks. If you don't need isolation, then you probably don't need vlans.
* Creating a layer2 bridge to bridge together different vlans, and running a common dhcp server with a common IP pool on them basically defeats the purpose of vlans. It connects them into a single layer 2 broadcast network. A special one that is bridged through a single switch (instead of multiple switches). It makes bridging very inefficient (huge performance loss), and it has no benefits at all (or at least I don't see it).

You described what you want to do, but you did not tell why you want this. You did not explain the goals or the benefits. What you want is very inefficient. It will be inefficient on any switch, on any brand. Not just MikroTik.

Who is online

Users browsing this forum: adrianmartin16, gigabyte091, Google [Bot], koer, lurker888, Michiganbroadband, thomassocz, tjr and 82 guests