RB750 Port Based VLAN

fxwireless · Mon Dec 28, 2009 7:53 pm

Hi,

Is it possible to use the RB750 like a port based vlan switch where for eg, port-1 is the uplink port and all other ports (2-5) only communicate with port 1 and don't see each other.

Thanks,

Best Regards,

Satyam Bachani.

Chupaka · Mon Dec 28, 2009 10:46 pm

sure. in general: create 4 bridges, create 4 VLAN interfaces on ether1, add the following ports to interfaces:

bridge1: vlan1 and ether2
bridge2: vlan2 and ether3
bridge3: vlan3 and ether4
bridge4: vlan4 and ether5

maybe problem can be solved by using RB's switching chip capabilities, but I work with x86, not RB

fxwireless · Tue Dec 29, 2009 8:42 am

EDIT:

There seems to be an issue it doesn't pass pppoe traffic.

Could there be something else I could try?

Regards,

Satyam.

Chupaka · Tue Dec 29, 2009 3:36 pm

should pass all kind of traffic, as far as I know... maybe some blocking firewall rules?..

migo · Wed Dec 30, 2009 3:31 pm

Hello,

Im trying to setup port based vlan on RB750

Its my config: (doesnt work)
I dont have any filter rules.

[admin@MikroTik] /interface ethernet> print
Flags: X - disabled, R - running, S - slave
 #    NAME                                           MTU   MAC-ADDRESS       ARP        MASTER-PORT                                           SWITCH
 0 R  ether1-gateway                                 1500  00:0C:42:56:E4:6D enabled
 1    ether2-local-master                            1500  00:0C:42:56:E4:6E enabled    none                                                  0
 2    ether3-local-slave                             1500  00:0C:42:56:E4:6F enabled    none                                                  0
 3    ether4-local-slave                             1500  00:0C:42:56:E4:70 enabled    none                                                  0
 4    ether5-local-slave                             1500  00:0C:42:56:E4:71 enabled    none

[admin@MikroTik] /interface bridge port> print brief
Flags: X - disabled, I - inactive, D - dynamic
 #    INTERFACE                                                   BRIDGE                                                  PRIORITY PATH-COST  HORIZON
 0    vlan1                                                       lan1                                                    0x80     10         none
 1    vlan2                                                       lan2                                                    0x80     10         none
 2    vlan3                                                       lan3                                                    0x80     10         none
 3    vlan4                                                       lan4                                                    0x80     10         none
 4 I  ether2-local-master                                         lan1                                                    0x80     10         none
 5 I  ether3-local-slave                                          lan2                                                    0x80     10         none
 6 I  ether4-local-slave                                          lan3                                                    0x80     10         none
 7 I  ether5-local-slave                                          lan4                                                    0x80     10         none

[admin@MikroTik] /interface bridge> print
Flags: X - disabled, R - running
 0  R name="lan1" mtu=1500 l2mtu=1522 arp=enabled mac-address=00:0C:42:56:E4:6D protocol-mode=none priority=0x8000 auto-mac=yes
      admin-mac=00:00:00:00:00:00 max-message-age=20s forward-delay=15s transmit-hold-count=6 ageing-time=5m

 1  R name="lan2" mtu=1500 l2mtu=1522 arp=enabled mac-address=00:0C:42:56:E4:6D protocol-mode=none priority=0x8000 auto-mac=yes
      admin-mac=00:00:00:00:00:00 max-message-age=20s forward-delay=15s transmit-hold-count=6 ageing-time=5m

 2  R name="lan3" mtu=1500 l2mtu=1522 arp=enabled mac-address=00:0C:42:56:E4:6D protocol-mode=none priority=0x8000 auto-mac=yes
      admin-mac=00:00:00:00:00:00 max-message-age=20s forward-delay=15s transmit-hold-count=6 ageing-time=5m

 3  R name="lan4" mtu=1500 l2mtu=1522 arp=enabled mac-address=00:0C:42:56:E4:6D protocol-mode=none priority=0x8000 auto-mac=yes
      admin-mac=00:00:00:00:00:00 max-message-age=20s forward-delay=15s transmit-hold-count=6 ageing-time=5m

Chupaka · Wed Dec 30, 2009 4:13 pm

hmmm... all your ether* in bridges are inactive... why?..

migo · Wed Dec 30, 2009 4:36 pm

because at that moment I used only ether1 (ether2,3,4,5 was unplugged)

migo · Mon Jan 04, 2010 4:27 pm

Any suggestions how to set up port based vlan on mikrotik 3.x on rb750?
switch mode is disabled.

Chupaka · Mon Jan 04, 2010 8:59 pm

port based vlan

see above?..

migo · Mon Jan 04, 2010 9:44 pm

see above?..

Could you export sample config? That isn't work on my RB750.

Pada · Wed Jan 06, 2010 12:06 am

migo, you have to remove/clear the SLAVE (Master Port) options from the Ether3-5 interfaces. I had a similar problem where my VLANs didn't work due to Ether3-5 being the slave of Ether2.

Here's my thread where I wanted to have 2 VLAN's on 1 interface: 1 VLAN bridged with the WAN Ethernet interface & 1 bridged with the other LAN interfaces.
http://forum.mikrotik.com/viewtopic.php ... 08&start=0

migo · Wed Jan 06, 2010 2:18 pm

migo, you have to remove/clear the SLAVE (Master Port) options from the Ether3-5 interfaces.

Pada, look for my first post in this topic.

[admin@MikroTik] /interface ethernet> print
Flags: X - disabled, R - running, S - slave
 #    NAME                                           MTU   MAC-ADDRESS       ARP        MASTER-PORT                                           SWITCH
0 R  ether1-gateway                                 1500  00:0C:42:56:E4:6D enabled
 1    ether2-local-master                            1500  00:0C:42:56:E4:6E enabled    none                                                  0
 2    ether3-local-slave                             1500  00:0C:42:56:E4:6F enabled    none                                                  0
 3    ether4-local-slave                             1500  00:0C:42:56:E4:70 enabled    none                                                  0
 4    ether5-local-slave                             1500  00:0C:42:56:E4:71 enabled    none

Pada · Wed Jan 06, 2010 3:38 pm

my apologies migo, I skipped the master-port column since your interface names stated master/slave.

Why don't you simply upgrade your firmware to ROS 4.4?

Setup description:

Ethernet interfaces: 1x wan port & 4x local ports
VLAN interfaces: 4 vlan's with unique id's assigned to the wan port
Bridge interfaces: 4 bridges : bridging each vlan with a local port
Switching rules: add vlan id's to each local port

My sample config looks like:
* UPDATED:

/interface ethernet
set 0 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
    "" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:56:E4:6D \
    master-port=none mtu=1500 name=ether1-wan speed=100Mbps
set 1 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
    "" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:56:E4:6E \
    master-port=none mtu=1500 name=ether2-local speed=100Mbps
set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
    "" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:56:E4:6F \
    master-port=none mtu=1500 name=ether3-local speed=100Mbps
set 3 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
    "" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:56:E4:70 \
    master-port=none mtu=1500 name=ether4-local speed=100Mbps
set 4 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
    "" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:56:E4:71 \
    master-port=none mtu=1500 name=ether5-local speed=100Mbps

/interface vlan
add arp=enabled comment="" disabled=no interface=ether1-wan l2mtu=1520 \
    mtu=1500 name=vlan1 use-service-tag=no vlan-id=1
add arp=enabled comment="" disabled=no interface=ether1-wan l2mtu=1520 \
    mtu=1500 name=vlan2 use-service-tag=no vlan-id=2
add arp=enabled comment="" disabled=no interface=ether1-wan l2mtu=1520 \
    mtu=1500 name=vlan3 use-service-tag=no vlan-id=3
add arp=enabled comment="" disabled=no interface=ether1-wan l2mtu=1520 \
    mtu=1500 name=vlan4 use-service-tag=no vlan-id=4

/interface bridge
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
    comment="" disabled=no forward-delay=15s l2mtu=1520 max-message-age=20s \
    mtu=1500 name=bridge-vlan1 priority=0x8000 protocol-mode=none \
    transmit-hold-count=6
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
    comment="" disabled=no forward-delay=15s l2mtu=1520 max-message-age=20s \
    mtu=1500 name=bridge-vlan2 priority=0x8000 protocol-mode=none \
    transmit-hold-count=6
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
    comment="" disabled=no forward-delay=15s l2mtu=1520 max-message-age=20s \
    mtu=1500 name=bridge-vlan3 priority=0x8000 protocol-mode=none \
    transmit-hold-count=6
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
    comment="" disabled=no forward-delay=15s l2mtu=1520 max-message-age=20s \
    mtu=1500 name=bridge-vlan4 priority=0x8000 protocol-mode=none \
    transmit-hold-count=6

/interface bridge port
add bridge=bridge-vlan1 comment="" disabled=no edge=auto external-fdb=auto \
    horizon=none interface=vlan1 path-cost=10 point-to-point=auto \
    priority=0x80
add bridge=bridge-vlan2 comment="" disabled=no edge=auto external-fdb=auto \
    horizon=none interface=vlan2 path-cost=10 point-to-point=auto \
    priority=0x80
add bridge=bridge-vlan3 comment="" disabled=no edge=auto external-fdb=auto \
    horizon=none interface=vlan3 path-cost=10 point-to-point=auto \
    priority=0x80
add bridge=bridge-vlan4 comment="" disabled=no edge=auto external-fdb=auto \
    horizon=none interface=vlan4 path-cost=10 point-to-point=auto \
    priority=0x80
add bridge=bridge-vlan1 comment="" disabled=no edge=auto external-fdb=auto \
    horizon=none interface=ether2-local path-cost=10 point-to-point=auto \
    priority=0x80
add bridge=bridge-vlan2 comment="" disabled=no edge=auto external-fdb=auto \
    horizon=none interface=ether3-local path-cost=10 point-to-point=auto \
    priority=0x80
add bridge=bridge-vlan3 comment="" disabled=no edge=auto external-fdb=auto \
    horizon=none interface=ether4-local path-cost=10 point-to-point=auto \
    priority=0x80
add bridge=bridge-vlan4 comment="" disabled=no edge=auto external-fdb=auto \
    horizon=none interface=ether5-local path-cost=10 point-to-point=auto \
    priority=0x80

/interface ethernet switch port
set (unknown) vlan-mode=fallback
set (unknown) vlan-mode=fallback
set (unknown) vlan-mode=fallback
set (unknown) vlan-mode=fallback
set (unknown) vlan-mode=fallback

/interface ethernet switch rule
add switch=0 ports=ether2-local new-vlan-id=1
add switch=0 ports=ether3-local new-vlan-id=2
add switch=0 ports=ether4-local new-vlan-id=3
add switch=0 ports=ether5-local new-vlan-id=4

Note: I haven't tested that config and I don't have that much experience with VLAN's yet.

victoryharmony · Fri Feb 05, 2010 8:37 pm

Hi everybody,

did anyone just test the last post's solution?

there is nothing like the following in my RB750

:

/interface ethernet switch

what is the problem?

Thanks,

tofs · Wed Feb 10, 2010 7:12 pm

Hi everybody,

did anyone just test the last post's solution?

there is nothing like the following in my RB750 :
Code: Select all
/interface ethernet switch 
what is the problem?

Thanks,

Do you have version 4 or above of the software? Default on my RB750 was 3.31 iirc.

victoryharmony · Thu Feb 11, 2010 12:47 pm

no, I have v3.29 running on mine

mh1 · Fri Mar 12, 2010 11:04 am

I have tested this conf on RB750g (v.4.6) and looks like not working.
But why to use port based vlan on mikrotik?

Jeanluck · Fri Oct 25, 2013 11:10 pm

/interface bridge filter
add action=drop chain=input in-interface=!ether1 mac-protocol=ip
add chain=forward in-interface=ether1
add chain=forward in-interface=!ether1 out-interface=ether1
add action=drop chain=forward in-interface=!ether1
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5

Can it be equivalent a port based-vlan?
Port 1 is the main, and 2,3,4 and 5 clients
(admin 'input' only for port 1)

isaacu · Thu Mar 06, 2014 2:06 am

I hate to drag up an old thread, but I want to do exactly this..
The server can see everybody on port 1 (lets say) and the other hosts on ports 2,3,4,etc. can see the server, but not each other.
It seems to be the config described here isn't quite right. Traffic leaving port 1 will be tagged and untagged traffic will be ignored when it comes in on port 1...
Am I missing somthing??
I have tried to do this on a RB450 with no success is switch mode and as described here..

Jeanluck · Thu Mar 06, 2014 10:01 am

Honestly I did not use it finally, but this works fine in my tests...

RB750 Port Based VLAN

RB750 Port Based VLAN

Re: RB750 Port Based VLAN

Re: RB750 Port Based VLAN

Re: RB750 Port Based VLAN

Re: RB750 Port Based VLAN

Re: RB750 Port Based VLAN

Re: RB750 Port Based VLAN

Re: RB750 Port Based VLAN

Re: RB750 Port Based VLAN

Re: RB750 Port Based VLAN

Re: RB750 Port Based VLAN

Re: RB750 Port Based VLAN

Re: RB750 Port Based VLAN

Re: RB750 Port Based VLAN

Re: RB750 Port Based VLAN

Re: RB750 Port Based VLAN

Re: RB750 Port Based VLAN

Re: RB750 Port Based VLAN

Re: RB750 Port Based VLAN

Re: RB750 Port Based VLAN

Who is online