The sketch most likely may explain it better.
...
I cannot find that much documentation on this approach as Bridge-VLAN-Filtering is always recommended (for good reason).
In this configuration ROS switches frames according to the 802.1Q tag to the corresponding VLAN interface, doesn't it?
If an interface does not exist, the frame is dropped.
(Just) for curiosity, how would I handle untagged frames?
The sketch represents the config great.
You don't find any documentation about this way of configuring things because the bridge with vlan-filtering is here since years ago ...
thx for all the details explanation. I would like to continue the clarification as it could be useful in certain scenarios although challenging to manage if the amount of VLAN increases significantly.
.
.
The way vlan interface works is the following: one creates vlan interface with command /interface vlan add interface=<underlying-interface> name=<vlan-interface-name> vlan-id=<VID> and has two ends; the tagged end (the red part) and untagged one (the green part). When tagged end sees frame, tagged with correct VID, it takes frame, strips the VLAN header and ejects it on untagged end. It ignores frames with wrong VID. In the other direction, it takes frame on the untagged end, adds VLAN header with configured VID and spits it out on tagged end.
added to the sketch:
VLAN on phy. interface +L2HW, VLAN +&-.png
.
.
IIRC it was 6.40 that brought VLAN-aware bridge making shown config method disadvised (to put it mildly).
but the configuration discussed here would not cause problems as described in
Layer2 misconfiguration - RouterOS - MikroTik Documentation, wouldn't it?
The VLAN tagged/untagged is simple&controlled (only between VLAN interfaces) and is only point2point (interface2interface), like a VLAN-aware patch cable.
.
.
The underlying interface is (or can be) completely VLAN-unaware.
Is there an interface besides the VLAN interface what is VLAN-aware?
In the case of "vlan-filtering on bridge" it is the vlan-filtering what makes the interface VLAN-aware.
.
.
Hybrid interface can be used directly for L3 because L3 can only work with untagged frames (and ignores tagged ones)
by assigning an IP to a hardware Interface and than route it?
.
.
but I don't think you can bridge them without creating a bypass for tagged frames.
bypass is bridge-v100 bridge-200?
.
.
The problem with untagged frames
could be handled by creating a "PVID=1-VLAN-Interface" like in sketch below?
VLAN on phy. interface +L2HW, VLAN wiht PVID.png
.
.
Using vlan-filtering on bridge is much more elegant and simplifies configuration.
why can I not just create a second software bridge with active VLAN-filtering
VLAN on phy. interface +L2HW with extra Software bridge.png
You do not have the required permissions to view the files attached to this post.