I've a working setup with one CCR2004 as core router and several RB4011.
Both are linked on sfpplus interfaces, and are running RouterOS 6.49.2.
I also have several vlans I want to propagate on every RB4011
Currently, my setup uses the old way of building vlans, meaning for trunk:
Code: Select all
sfpplus1 -> vlanXX -> bridgeXX
-> vlanXX -> bridgeXX
-> vlanXX -> bridgeXX
Finally, all traffic goes to CCR2004 which handles inter-VLANs traffic. In my case I want vlan10 to have full access everywhere.
This setup do works, but it requires creating a lot of vlan interfaces (one for each trunk interfaces) without forgetting to add them into relevant bridge.
I wanted to explore the "new" VLAN filtering way.
On the RB4011 I tried:
Code: Select all
/interface bridge add name=bridge1 vlan-filtering=no
/ip address add address=172.16.0.2/28 interface=bridge1
/interface bridge port
add bridge=bridge1 interface=sfp-sfpplus1 comment="Trunk port - Uplink to core"
add bridge=bridge1 interface=ether1 pvid=10 comment="Access port - My own Laptop"
/interface bridge vlan
add bridge=bridge1 tagged=sfp-sfpplus1 untagged=ether1 vlan-ids=10 comment="My own vlan"
add bridge=bridge1 tagged=sfp-sfpplus1 vlan-ids=6666 comment="Router management vlan"
/interface bridge set bridge1 vlan-filtering=yes
- ping any IP on the Internet
- ping my CCR2004 (which still uses the old way to create vlans, but I'm not sure this is of any importance here)
- ping everything on my network, BUT the RB4011 own IP address.
I've had a look at https://wiki.mikrotik.com/wiki/Manual:I ... figuration, but this makes me think I can't have both vlan10 & vlan666 on ether1, can I ?
Any advice appreciated,
Best,
JB