Community discussions

MikroTik App
 
User avatar
broderick
Member Candidate
Member Candidate
Topic Author
Posts: 242
Joined: Mon Nov 30, 2020 7:44 pm

Bridge or switch way to set vlans up on a hAP ac²

Wed Oct 05, 2022 8:00 pm

Hi,
I was thinking about buying a new vlan-capable switch/AP, another Mikrotik device possibly,
and pairing it with my hAP ac².
I drew a diagram about how I'd like to set up my Home network once I got my new Mk device.
I think that it is rather self explanatory.

Image

I already read the pcunite guide, other articles about VLANs, and watched a few videos as well.
Since it seems that there are several ways to setup VLANs on MK devices, it can be
a bit confusing especially for VLAN beginners and Mk beginners in general.

I thought to come here and ask for advice in order to give it a good start.
So I have a couple of questions.

1) I still don't know whether I should go for the Bridging or the Switch chip way.
Some say that you should get advantage of the chip and go for it,
on the other hand, others say that it is better to go for the "classic" way.

2) As far as I've understood @pcunite set only ONE bridge for every VLAN, but
this guy set 2 bridges, one for each VLAN, and called it the "traditional" way to do that (from min. 20:10). Why?
https://www.youtube.com/watch?v=4BOYqtV4MCY

3) What do you think about my diagram? It seems to be a merging among all the configurations by @pcunite
Should I put my smartTV on the main or theGuest VLAN. It is now on VLAN30.

Thanks
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19107
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Bridge or switch way to set vlans up on a hAP ac²

Wed Oct 05, 2022 9:08 pm

Suggest getting the hapaX3 if its going to do wifi and put the hapac2 as the AP/Switch.
One bridge, full stop.
 
User avatar
broderick
Member Candidate
Member Candidate
Topic Author
Posts: 242
Joined: Mon Nov 30, 2020 7:44 pm

Re: Bridge or switch way to set vlans up on a hAP ac²

Wed Oct 05, 2022 9:14 pm

Suggest getting the hapaX3 if its going to do wifi and put the hapac2 as the AP/Switch.
One bridge, full stop.
ok. However, I have to go for the cheaper and easier way at the moment.
I'll probably buy another hAP ac², but I'd like to know if even a tiny RouterBoard hAP Mini (as my switch/AP) can handle VLANs.
Thanks
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11442
Joined: Thu Mar 03, 2016 10:23 pm

Re: Bridge or switch way to set vlans up on a hAP ac²

Wed Oct 05, 2022 9:17 pm

My 5 cents:
  1. The bridge way (explained in tutorial by @pcunite) is the universal way which works in all MT devices running ROS 6.42 and higher.
    Switch chip way may not be available on all devices (those that don't come equipped with switch chips ) or may not work on all interfaces (some devices have ports that are handled directly by CPU). And is switch-chip specific, there are differences in syntax and/or amount of functionality.
    The only benefit of switch chip way is performance (all ports can do wirespeed without bothering CPU.
    My suggestion for newcomers is to go bridge way for these reasons. Performance on devices with decent CPU (hAP ac2 is one of them) can be near wire-speed even with CPU-bound config.
  2. As mentioned, ROS 6.42 came with VLAN-aware bridge. Before one had to either use switch chip way (if applicable) or multi-bridge setup (the rest of devices). Hence naming it "traditional" way, my name for it would be "obsolete" way.
    If doing it using one bridge, quite a few devices (numver is increasing) can actually offload it to switch chip (its specific interface is non-functional in this case), thus allowing bridging work at wire-speed without liad on CPU. Multiple bridges can not be offloaded.
  3. when deciding on separation of devices into different VLANs, you should consider that some functions doesn't work when two devices are in different networks (most often any kind of server auto-discovery), the rest of functions will hit hard on router's CPU (unless router happens to be one of devices that can L3HW offload routing).
    What I'm trying to say: when segmenting network, don't over-do it.
 
User avatar
broderick
Member Candidate
Member Candidate
Topic Author
Posts: 242
Joined: Mon Nov 30, 2020 7:44 pm

Re: Bridge or switch way to set vlans up on a hAP ac²

Wed Oct 05, 2022 9:47 pm

My 5 cents:
  1. The bridge way (explained in tutorial by @pcunite) is the universal way which works in all MT devices running ROS 6.42 and higher.
    Switch chip way may not be available on all devices (those that don't come equipped with switch chips ) or may not work on all interfaces (some devices have ports that are handled directly by CPU). And is switch-chip specific, there are differences in syntax and/or amount of functionality.
    The only benefit of switch chip way is performance (all ports can do wirespeed without bothering CPU.
    My suggestion for newcomers is to go bridge way for these reasons. Performance on devices with decent CPU (hAP ac2 is one of them) can be near wire-speed even with CPU-bound config.
It makes sense. Futhermore, I have never had performance issues with my hAP ac2. CPU usage always very low.
[*]As mentioned, ROS 6.42 came with VLAN-aware bridge. Before one had to either use switch chip way (if applicable) or multi-bridge setup (the rest of devices). Hence naming it "traditional" way, my name for it would be "obsolete" way.
If doing it using one bridge, quite a few devices (numver is increasing) can actually offload it to switch chip (its specific interface is non-functional in this case), thus allowing bridging work at wire-speed without liad on CPU. Multiple bridges can not be offloaded.
Got it now!

[*]when deciding on separation of devices into different VLANs, you should consider that some functions doesn't work when two devices are in different networks (most often any kind of server auto-discovery), the rest of functions will hit hard on router's CPU (unless router happens to be one of devices that can L3HW offload routing).
What I'm trying to say: when segmenting network, don't over-do it.
[/list]
Yes, I know. For the time being, my server and my smartTV run on different subnets ( the former on my main subnet, the latter on the guest one) since I separated a port from the bridge and set a different subnet on it for guests and my smart TV to use. I then had to create a few forwarding and firewall rules to enable my tv to reach my Ubuntu Server on which a Plex server [docker] service runs. It works flawlessly, but it's kind of a mess when I set load balance on my two WANs and make my subnets reach internet through them. I'll open another topic about that maybe.
Thank you very much
 
anserk
Frequent Visitor
Frequent Visitor
Posts: 51
Joined: Wed Mar 02, 2022 5:08 pm

Re: Bridge or switch way to set vlans up on a hAP ac²

Thu Oct 06, 2022 3:31 am

I have several hAP ac2 routers and I use the switch chip way. Initially it took some time to understand all the details, but once you get it, it's not difficult at all. Think of it as configuring a separate external switch, just doing it within RouterOS. It actually helps to really understand VLANs, so might be a good learning exercise.

I like to leverage hardware capabilities to their full extent. Like mkx said, the switch chip method gives you wire speed at the chip level.
 
User avatar
broderick
Member Candidate
Member Candidate
Topic Author
Posts: 242
Joined: Mon Nov 30, 2020 7:44 pm

Re: Bridge or switch way to set vlans up on a hAP ac²

Thu Oct 06, 2022 8:45 am

I have several hAP ac2 routers and I use the switch chip way. Initially it took some time to understand all the details, but once you get it, it's not difficult at all. Think of it as configuring a separate external switch, just doing it within RouterOS. It actually helps to really understand VLANs, so might be a good learning exercise.

I like to leverage hardware capabilities to their full extent. Like mkx said, the switch chip method gives you wire speed at the chip level.
Ok, I might give the switch-vlan way a try too.
Honestly, I really don't need VLANs now; I am happy with my present configuration. I just want to mess around with them to learn something new. I think that almost any Mk user finds himself to this point soon or later. Thanks
 
User avatar
broderick
Member Candidate
Member Candidate
Topic Author
Posts: 242
Joined: Mon Nov 30, 2020 7:44 pm

Re: Bridge or switch way to set vlans up on a hAP ac²

Fri Oct 07, 2022 8:47 am

Suggest getting the hapaX3 if its going to do wifi and put the hapac2 as the AP/Switch.
One bridge, full stop.
I forgot.
Ok, one bridge "to rule them all", but can I set two (or more) trunk ports on the same bridge? Any downside?
For example, what if I want to set a trunk port on ether4 in the first router (see image above) in order to add another vlan-capable switch/AP to it?
Thanks
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11442
Joined: Thu Mar 03, 2016 10:23 pm

Re: Bridge or switch way to set vlans up on a hAP ac²

Fri Oct 07, 2022 12:15 pm

Any bridge port can be either trunk, access or hybrid (i.e. access to one VLAN and trunk for one or more other VLANs), everything configurable per port. Each trunk port can have different set of allowed VLANs. No downsides about having multiple trunk ports.

BTW, if one uses device as hybrid switch/router, then one configures bridge (the switch-like entity) as a switch in exactly the same manner as you're trying to do, but configures bridge (the interface entity of bridge, which allows router CPU to interact with attached networks, either plain or VLANed) as (yet another) trunk port on same bridge ...
 
User avatar
broderick
Member Candidate
Member Candidate
Topic Author
Posts: 242
Joined: Mon Nov 30, 2020 7:44 pm

Re: Bridge or switch way to set vlans up on a hAP ac²

Fri Oct 07, 2022 5:15 pm

Any bridge port can be either trunk, access or hybrid (i.e. access to one VLAN and trunk for one or more other VLANs), everything configurable per port. Each trunk port can have different set of allowed VLANs. No downsides about having multiple trunk ports.
Very good, thanks
BTW, if one uses device as hybrid switch/router, then one configures bridge (the switch-like entity) as a switch in exactly the same manner as you're trying to do, but configures bridge (the interface entity of bridge, which allows router CPU to interact with attached networks, either plain or VLANed) as (yet another) trunk port on same bridge ...
:shock:
I don't think I got it.
Maybe it's still kind of an advanced Vlan topic for me now :oops:
It will probably become more understandable when I start tinkering with VLANs.
Thanks anyway
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11442
Joined: Thu Mar 03, 2016 10:23 pm

Re: Bridge or switch way to set vlans up on a hAP ac²

Fri Oct 07, 2022 9:49 pm

Actually I guess it's the multiple personalities of bridge that confuses you (it's confusing for most people). This post/topic explains it neatly.
 
User avatar
Buckeye
Forum Veteran
Forum Veteran
Posts: 890
Joined: Tue Sep 11, 2018 2:03 am
Location: Ohio, USA

Re: Bridge or switch way to set vlans up on a hAP ac²

Sat Oct 08, 2022 2:11 am

Maybe it's still kind of an advanced Vlan topic for me now :oops:
It will probably become more understandable when I start tinkering with VLANs.
First you need to have a good understanding of vlans. Without that they will be confusing on any vendor's equipment. Perhaps you already understand them well, if not this is a good resource with mostly vendor independent information, although it is written by someone that primarily uses cisco. index to the vlan pages on PracticalNetworking

After you understand how vlans work, then you have to wrap your head around the different ways that MikroTik implements them. The universal way may result in significantly less intra-vlan performance on routers with a switch ASIC that doesn't have software support for enabling HW offloading on the chip, but that is often a firmware limitation more than hardware. For example, the MediaTek MT7621A based hEX (RB750Gr3 and RB760iGS) router/switches were only recently "promoted" to HW vlan-filtering bridge support. Unfortunately, the hAP ac² has a switch ASIC that isn't currently on the "supported" list, although the switch ASIC does have vlan-aware capabilities, it is just that the bridge software to enable hardware assist isn't there (yet?). So if the highest intra-vlan performance is a requirement, you will need to "configure the vlan-aware switch" using /interface ethernet switch method, as mentioned by @anserk in post #6

Note however that this will only accelerate intra-vlan traffic (between ports within the same vlan); any inter-vlan traffic must still be routed by the CPU. So in your case traffic between 192.168.30.2 and 192.168.30.3 would be switched entirely at the switch ASIC without ever bothering the CPU in either hAP ac², as long as both hAP ac² were configured using the "switch method".
 
User avatar
broderick
Member Candidate
Member Candidate
Topic Author
Posts: 242
Joined: Mon Nov 30, 2020 7:44 pm

Re: Bridge or switch way to set vlans up on a hAP ac²

Sat Oct 08, 2022 9:50 am


First you need to have a good understanding of vlans. Without that they will be confusing on any vendor's equipment. Perhaps you already understand them well, if not this is a good resource with mostly vendor independent information, although it is written by someone that primarily uses cisco. index to the vlan pages on PracticalNetworking

Yes, I'd like to have a better understanding of Vlans even though I am not totally new to them since I once set them up on my pfSense machine. It was kind of a straight process though. On MK devices it seems a bit more complicated to make them work as expected, mostly because, as you said, they need you to have a deeper understanding of VLANs. That is the main reason why I turned to mikrotik: to dive deeper into the computer networking stuff even though I'm not a professional; it is just a hobby to me.
I already knew Ed Harmoush's tutorials. He is very good at making them. However, I haven't yet read the article you linked me above. I'm going to read it through carefully. Thanks

After you understand how vlans work, then you have to wrap your head around the different ways that MikroTik implements them. The universal way may result in significantly less intra-vlan performance on routers with a switch ASIC that doesn't have software support for enabling HW offloading on the chip, but that is often a firmware limitation more than hardware. For example, the MediaTek MT7621A based hEX (RB750Gr3 and RB760iGS) router/switches were only recently "promoted" to HW vlan-filtering bridge support. Unfortunately, the hAP ac² has a switch ASIC that isn't currently on the "supported" list, although the switch ASIC does have vlan-aware capabilities, it is just that the bridge software to enable hardware assist isn't there (yet?). So if the highest intra-vlan performance is a requirement, you will need to "configure the vlan-aware switch" using /interface ethernet switch method, as mentioned by @anserk in post #6

Note however that this will only accelerate intra-vlan traffic (between ports within the same vlan); any inter-vlan traffic must still be routed by the CPU. So in your case traffic between 192.168.30.2 and 192.168.30.3 would be switched entirely at the switch ASIC without ever bothering the CPU in either hAP ac², as long as both hAP ac² were configured using the "switch method".

Interesting. Thanks again
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19107
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Bridge or switch way to set vlans up on a hAP ac²

Sat Oct 08, 2022 8:17 pm

 
User avatar
Buckeye
Forum Veteran
Forum Veteran
Posts: 890
Joined: Tue Sep 11, 2018 2:03 am
Location: Ohio, USA

Re: Bridge or switch way to set vlans up on a hAP ac²

Sun Oct 09, 2022 1:01 am

@anav I know you have a hAP ac². Did your posting the link to how to setup using the bridge imply that the documentation is incorrect, and that the switch chip in the hAP ac² actually does support HW vlan-filtering in the bridge setup? If that's true, it is great news, and the documentation should be updated.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11442
Joined: Thu Mar 03, 2016 10:23 pm

Re: Bridge or switch way to set vlans up on a hAP ac²

Sun Oct 09, 2022 12:14 pm

Did your posting ... imply that the documentation is incorrect, and that the switch chip in the hAP ac² actually does support HW vlan-filtering in the bridge setup?

No.
 
User avatar
broderick
Member Candidate
Member Candidate
Topic Author
Posts: 242
Joined: Mon Nov 30, 2020 7:44 pm

Re: Bridge or switch way to set vlans up on a hAP ac²

Sun Oct 09, 2022 4:54 pm

I've read it already, better to say that I tried it. It was quite clear until a certain point, then I lost myself, especially when it started talking about "ingress-filtering and frame-type" and management.

Thanks
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19107
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Bridge or switch way to set vlans up on a hAP ac²

Sun Oct 09, 2022 6:36 pm

hi buckeye I dont have the hapac3, i stopped at the capac when it didnt perform as well as other products that were of the same vintage (wifi5 done right).
However I hope to pickup a hapax3 soon, so I may have to learn capsman but bpwl seems to think capsman has limited utility and DUDE is a better control resource.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19107
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Bridge or switch way to set vlans up on a hAP ac²

Sun Oct 09, 2022 6:37 pm

@broderick post your latest config
/export ( minus serial number and any public IP info )
 
User avatar
broderick
Member Candidate
Member Candidate
Topic Author
Posts: 242
Joined: Mon Nov 30, 2020 7:44 pm

Re: Bridge or switch way to set vlans up on a hAP ac²

Mon Oct 10, 2022 10:43 am

@broderick post your latest config
/export ( minus serial number and any public IP info )
I haven't yet bought the second switch/AP. I am still at the plannig stage.
I was even thinking about setting everything up on a virtual environment like GNS3 first. However, one of the downsides would be that the virtual MK has no WiFi feature.
Thanks
 
User avatar
broderick
Member Candidate
Member Candidate
Topic Author
Posts: 242
Joined: Mon Nov 30, 2020 7:44 pm

Re: Bridge or switch way to set vlans up on a hAP ac²

Tue Oct 11, 2022 8:43 pm

@broderick post your latest config
/export ( minus serial number and any public IP info )
by the way,
I'm focusing on this setup first:

viewtopic.php?p=953305&hilit=Using+Rout ... rk#p706998

What shoud I do to add a truck port on that setup?
I mean, in the RouterSwitchAP.rsc I downloaded to turn, say, the first "BLU" ethernet port in a trunk, so that I can plug the second switch/AP to it as I plan for my network?
Thanks
 
User avatar
Buckeye
Forum Veteran
Forum Veteran
Posts: 890
Joined: Tue Sep 11, 2018 2:03 am
Location: Ohio, USA

Re: Bridge or switch way to set vlans up on a hAP ac²

Wed Oct 12, 2022 1:08 am

What shoud I do to add a truck port on that setup?
You need to put in some effort to understand the recipes instead of blindly copying/pasting them.

From the article you referenced:
---------------
Trunk Ports:
There are no Purple Trunk ports, instead we opt for a Green VLAN. If whatever is plugged into the single Green ethernet port is VLAN aware, it does not really matter. Once it hits our router/switch, its Green to us. It might be tempting to simply setup a separate bridge for your Guest network. For tiny all-in-one networks like this that is certainly a valid option.

But you wanted to learn VLAN so let's give you a better reason. Let's say that you do care about more than one VLAN aware device(s) on Green because there is a switch plugged in. If so, change the Green port into a Purple Trunk port managing a Red VLAN. Now, you have the option of at least three networks you could manage: your Blue home, Green guests, and Red for IoT devices and such. When they all come into the router, you can QoS and segment them differently because you have three VLAN interfaces to work with.
--------------

Look at another "recipe" that has a purple port and look to see how it is configured. For example the one immediately below the one you referenced (the one for the access point).

@anav has a "link farm" with links to useful configuration resources. New User Pathway To Config Success See sections C (bridge) and P (switch).

Unfortunately learning requires some effort. There isn't the equivalent of "Total Recall" networking courses yet.

Read the documentation that MikroTik wrote. It has example configurations. See the Bridging and Switching section.
Last edited by Buckeye on Wed Oct 12, 2022 10:42 am, edited 1 time in total.
 
User avatar
broderick
Member Candidate
Member Candidate
Topic Author
Posts: 242
Joined: Mon Nov 30, 2020 7:44 pm

Re: Bridge or switch way to set vlans up on a hAP ac²

Wed Oct 12, 2022 10:25 am

You need to put in some effort to understand the recipes instead of blindly copying/pasting them.
....
I know that there is no point to "paste-copy" setups, and it wasn't my purpose at all. Futhermore, it would turn to be a mess on my Mk device, which would make me get more confused, since the @pcunite's setups don't perfectly match my target setup, but it would help me understand it better since I'm focusing and studying that configuration.
Thanks

Who is online

Users browsing this forum: VinceKalloe and 78 guests