MikroTik

Hi.

I have a rb750 and a Zyxel ES2024 24p managed switch.

ether1 = uplink to isp
ether2 = patch to switch

is it possible to add VLAN's to ether2 to "mirror" the switch ports ?
Like, vlan2 = port2, vlan3= port3, etc..
I understand that this is simple, my question is that is it possible to put all this VLAN's in a bridge and have one subnet attached to that bridge ?

hi brosky
you could do this,
Add 23 Vlan's to the Tik and on the switch make port 2 an access port for vlan 2, port 3 an access port for vlan3 etc etc
then trunk all the vlans to the tik.
then add all the vlans to a bridge device/interface on the tik however this comes with a price being the CPU
as all traffic will be hitting the cpu of the tik between ports of the switch also the traffic will be tromboning on the interface between the switch and tik. meaning traffic between ports 3 and 4 on the switch will be flowing both in and out of port 2 on the tik.
Hope this helps

i see no point in adding VLANs and then bridging them all together to make one huge LAN. That is useless because when you use VLANs you want the separation and then all of this comes well in place. like 24 port switch with 2 gbit uplinks connected to MT Gbit capable board with VLAN divided on 2 ports. as result you have quite decent speed and VLAN separated clients.

the purpose of this setup is to filter unwanted traffic between switch ports (135-139,445)
On a non-managed switch i can't filter these packets between the switch ports, and on a managed switch, i can do with vlans,
one major drawback is having to assign for each port/vlan a different subnet.
I was hoping that there is a solution beside having to renumber each client/CPE ip's.

So , i understand that i can put each port in a different vlan , thus having port 2 as trunk port, and each other port as acces ports for different vlans.
any ideeas how to filter that traffic with one mikrotik port and a managed switch ?

Zyxel ES-2024 support something which is called "port based vlan mode" different from 802.1Q. In port based vlan mode a vlan has meaning only on switch unit.
You can select what kind of vlan to use in Basic Settings->Switch Setup->Vlan type set it to Port Based.
Then you can go to "Port Based VLAN Setup" and choose the predefined profile "Port isolation". There is also a matrix where you can select which
port can connect to which, Be sure to allow Mikrotik port to communicate to all of other ports and also be sure to leave "CPU port" to communicate to every port.
This way you don't need to use 802.1Q Vlan tagging.

I guess you also should read the Zyxel ES2024 user guide. It's very descriptive, look at pages 99-104.