Community discussions

MikroTik App
 
CoolTom
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 84
Joined: Fri Feb 08, 2019 12:15 pm

VLAN Bridge/inretface/switch

Thu Feb 09, 2023 12:25 am

Hi, trying to make work this setup and bit confised about VLAN, looks like each mikrotik have diffeent chip and it depends on what switchip you have. Can you help me / check if i got it correct?

My setup i am trying to build

INTERNET
|
GW Router A / 3011UiAS / Bridge MAIN/subnet, Bridge/subnet A, Bridge/subnet B, Bridge/subnet C, Bridge/subnet D (Trunk port 10 (VLANA, VLANB, VLANC, VLAND) IN)
|
|
SWITCH Router B / RBD52G-5HacD2HnD / Bridge MAIN/subnet (Trunk port 1 (VLANA, VLANB, VLANC, VLAND) IN and Trunk port 2 (VLANA, VLANB, VLANC, VLAND) OUT)
|
|
SWITCH Router C / RBD52G-5HacD2HnD / Bridge MAIN/subnet (Trunk port 1 (VLANA, VLANB, VLANC, VLAND) IN and Trunk port 2 (VLANA, VLANB, VLANC, VLAND) OUT)
|
|
WIFI Box tagging traffic from 4 different SSID subnets A, B, C, D (VLANA, VLANB, VLANC, VLAND) and manage network is in not tagged traffic MAIN/subnet

I would like to sent VLAN A-D traffic thro Router C and B into router A where already are Bridges/Subnets A, Bridge B, Bridge C and Bridge D.
Router B and C will do nothing just reset tagged traffic from one port to another (Trunk), BUT also route not tagged traffic like there are no VLANS over MAIN/subnet
----------------------------
from https://help.mikrotik.com/docs/display/ ... +switching I understand, that some Mikrotik have switch chip and it can be used to HW offload VLAN tagging.

1. There are 3 places where to set VLAN - Bridge, Interface, SWITCH CHIP

do I understand correctly?, that
Bridge VLAN alwys do it over CPU - can run into performance problem - good for devices with strong CPU
Interface VLAN - only if you want use the VLAN traffic on the specific router/switch (get it out of VLAN "tunnel" in mikrotik like setup DHCP or router two vlans between each other) if not no need to setup
Switch VLAN - can save CPU if switch chip support VLAN and setup VLAN here and not in Bride VLAN

2. If I want setup RBD52G-5HacD2HnD to use as trunk port in, trunk port out, but also allow not tagged traffic to all ports (like switch all ports in one Bridge) I do it only on SWITCH VLAN (as it have Atheros 8327) and thats all?
What means add CPU to the port?

https://help.mikrotik.com/docs/display/ ... +switching
add ports=ether1,switch1-cpu switch=switch1 vlan-id=99

3. How to setup Router A / 3011UiAS? has 2x QCA 8337 switch chip. One port as trunk in with all vlans (VLANA, VLANB, VLANC, VLAND and then connect each VLAN with right Bridge (Bridges A, Bridge B, Bridge C and Bridge D)
setup vlan on switch, than in interface VLAN VLANA on interface Bridge A, VLANB on interface Bridge B ... etc
and than Add This Interface VLANA into Bridge A, VLANA into Bridge B ..etc ?

Thnkx for hints
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19107
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: VLAN Bridge/inretface/switch

Thu Feb 09, 2023 2:01 am

Better off with a networking diagram to communicate your concept of the setup.
Post all three configs as well.
/export file=anynameyouwish (minus Device Serial Number and any public WANIP information )
 
gigabyte091
Forum Guru
Forum Guru
Posts: 1171
Joined: Fri Dec 31, 2021 11:44 am
Location: Croatia

Re: VLAN Bridge/inretface/switch

Thu Feb 09, 2023 6:48 am

One small hint, you don't need multiple bridges, one bridge on each device (default one if you accepted default config at first startup) is all you need.

I think that InterVLAN stuff is handeled by switch chip and doesn't affect CPU. If you want VLANs to be accessible to each other than CPU comes into a play because router needs to route traffic from one VLAN to the other.

But at the end just listen to anav and everything will work.
 
sysenterprise
just joined
Posts: 1
Joined: Wed Feb 08, 2023 10:16 am
Location: 8808 Stoney Point Rd, Charlestown, IN 47111, United States
Contact:

Re: VLAN Bridge/inretface/switch

Thu Feb 09, 2023 7:32 am

Hiut at the end just listen to anav and everything will work.
 
CoolTom
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 84
Joined: Fri Feb 08, 2019 12:15 pm

Re: VLAN Bridge/inretface/switch

Fri Feb 10, 2023 10:48 pm

Mean if I was trunk in trunk out = just pass vlans thro router then no cpu in switch chip?
One small hint, you don't need multiple bridges, one bridge on each device (default one if you accepted default config at first startup) is all you need.

I think that InterVLAN stuff is handeled by switch chip and doesn't affect CPU. If you want VLANs to be accessible to each other than CPU comes into a play because router needs to route traffic from one VLAN to the other.

But at the end just listen to anav and everything will work.
 
CoolTom
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 84
Joined: Fri Feb 08, 2019 12:15 pm

Re: VLAN Bridge/inretface/switch

Fri Feb 10, 2023 10:49 pm

Sorry didnt get it
Hiut at the end just listen to anav and everything will work.
 
CoolTom
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 84
Joined: Fri Feb 08, 2019 12:15 pm

Re: VLAN Bridge/inretface/switch

Fri Feb 10, 2023 10:56 pm

Thank you for reply. SWITCH Router B and C / RBD52G-5HacD2HnD are both in default - no extra settings - just one bridge and all ports in this bridge, IP on bridge and 0.0.0.0 route and DNS thats all - just wondering how to setup to get VLANs (tagget already from WIFI box) on one port and spit it out on another port. They are just "switches" on way from WIFI box to GW Router A.

GW Router A / 3011UiAS - have Bridges A-D, DHCP A-D and CAPSMAN with SSID A-D connected each into one Bridge A-D - I want drop capsman and get WIFI box VLANs into GW Router A thro Router B and C
Better off with a networking diagram to communicate your concept of the setup.
Post all three configs as well.
/export file=anynameyouwish (minus Device Serial Number and any public WANIP information )
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19107
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: VLAN Bridge/inretface/switch

Fri Feb 10, 2023 11:24 pm

tap tap tap;...................... waiting.......
 
CoolTom
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 84
Joined: Fri Feb 08, 2019 12:15 pm

Re: VLAN Bridge/inretface/switch

Sat Feb 11, 2023 7:33 pm

You really want me send dump of default confing? :)
tap tap tap;...................... waiting.......
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19107
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: VLAN Bridge/inretface/switch

Sat Feb 11, 2023 7:37 pm

and a network diagram focussing on ports and vlans.....
 
CoolTom
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 84
Joined: Fri Feb 08, 2019 12:15 pm

Re: VLAN Bridge/inretface/switch

Sat Feb 11, 2023 8:36 pm

You are right. Picture is more clear. I did quick diagram and add other option to see how to also create "Access port".
and a network diagram focussing on ports and vlans.....
You do not have the required permissions to view the files attached to this post.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19107
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: VLAN Bridge/inretface/switch

Sat Feb 11, 2023 8:46 pm

What the heck is no VLAN LOL.
Forget nonsense of trying to attach a subnet to bridge. keep all subnet as vlans. Its easy and doable!!
Do you have a trusted vlan?
It is the vlan where all your smart devices will get an IP address from.

Typically its the one the Admin normally uses, or a separate management vlan, up to you.
If you have other users in the same subnet that may have questionable www practices, best to put a separate VLAN.
My spouse for example I put on a separate VLAN LOL.............
 
CoolTom
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 84
Joined: Fri Feb 08, 2019 12:15 pm

Re: VLAN Bridge/inretface/switch

Sat Feb 11, 2023 10:50 pm

Now I have no VLANs. Only bridge and CAPs using CAPsMAN forwarding. Now I would like to change it all to VLANs.
so lets say No VLAN is default VLAN1 or iit can be VLAN10 and all no VLAN ports access ports.

How to setup vlans on routers D and C? On Bridge or Switch? Do i need setup it on interfaces too?

What the heck is no VLAN LOL.
Forget nonsense of trying to attach a subnet to bridge. keep all subnet as vlans. Its easy and doable!!
Do you have a trusted vlan?
It is the vlan where all your smart devices will get an IP address from.

Typically its the one the Admin normally uses, or a separate management vlan, up to you.
If you have other users in the same subnet that may have questionable www practices, best to put a separate VLAN.
My spouse for example I put on a separate VLAN LOL.............
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19107
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: VLAN Bridge/inretface/switch

Sun Feb 12, 2023 3:52 am

Got it, no vlan represents your current subnet. we will replace it with vlan10
Step1 upgrade the firmware on all devices to version 7.7
Assuming all vlans and no capsman.
Step2. the first thing you do is ensure ether7 is off the bridge, give it a name Offbridge7
Give it an IP address 192.168.55.1/24 interface=Offbridge7 network=192.168.55.0
Then plug your laptop or desktop into ether7, give yourself an ipv4 address like 192.168.55.5 and then enter the router and config it from there.........

Router A.
/interface bridge
add name=bridge vlan-filtering=no { Will enable this at the very end of the config process }
/interface vlan
add interface=bridge name=vlan10-main vlan-id=10 { this will be your trusted vlan }
add interface=bridge name=vlan20-smart vlan-id=20
add interface=bridge name=vlan30-guest vlan-id=30
add interface=bridge name=vlan40-party vlan-id=40
/interface ethernet
set [ find default-name=ether1 ] speed=100Mbps
set [ find default-name=ether2 ] speed=100Mbps
set [ find default-name=ether3 ] speed=100Mbps
set [ find default-name=ether4 ] speed=100Mbps
set [ find default-name=ether5 ] speed=100Mbps
set [ find default-name=ether6 ] speed=10Mbps
set [ find default-name=ether7 ] speed=100Mbps name=Offbridge7
set [ find default-name=ether8 ] speed=100Mbps
set [ find default-name=ether9 ] speed=100Mbps
set [ find default-name=ether10 ] speed=100Mbps
set [ find default-name=sfp1 ] comment="WAN Internet"
/interface list
add name=WAN
add name=LAN
add name=MANAGE
/ip pool
add name=pool-main ranges=192.168.1.2-192.168.1.254
add name=pool-smart ranges=192.168.20.2-192.168.20.254
add name=pool-guest ranges=192.168.30.2-192.168.30.254
add name=pool-party ranges=192.168.40.2-192.168.40.254
/ip dhcp-server
add address-pool=pool-main interface=vlan10-main lease=1d name=home-server
add address-pool=pool-smart interface=vlan20-smart lease=1d name=smart-server
dd address-pool=pool-guest interface=vlan30-main lease=1d name=guest-server
add address-pool=pool-party interface=vlan40-smart lease=1d name=party-server
/interface bridge port
add bridge=bridge interface=ether1 ingress-filtering=yes frame-types=admit-untagged-and-priority pvid=10
add bridge=bridge interface=ether2 ingress-filtering=yes frame-types=admit-untagged-and-priority pvid=30
add bridge=bridge interface=ether3 ingress-filtering=yes frame-types=admit-only-tagged-vlans
add bridge=bridge interface=ether8 ingress-filtering=yes frame-typess=admit-untagged-and-priority pvid=10
add bridge=bridge interface=ether9 ingress-filtering=yes frame-types=admit-untagged-and-priority pvid=10
add bridge=bridge interface=ether10 ingress-filtering=yes frame-types=admit-untagged-and-priority pvid=10
/interface bridge vlan
add bridge=bridge tagged=bridge,ether3 untagged=ether1,ether8,ether9,ether10 vlan-ids=10
add bridge=bridge tagged=bridge,ether3 untagged=ether2 vlan-ids=30
add bridge=bridge tagged=bridge,ether3 vlan-ids=20,40
/ip neighbor discovery-settings
set discover-interface-list=MANAGE
/interface list member
add interface=sfp1 list=WAN
add interface=vlan10-main list=LAN
add interface=vlan20-smart list=LAN
add interface=vlan30-guest list=LAN
add interface=vlan40-party list=LAN
add interface=vlan10-main list=MANAGE
add interface=Offbridge7 list=MANAGE
/ip address
add address=192.168.1.1/24 interface=vlan10-main network=192.168.1.0
add address=192.168.20.1/24 interface=vlan10-main network=192.168.20.0
add address=192.168.30.1/24 interface=vlan10-main network=192.168.30.0
add address=192.168.40.1/24 interface=vlan10-main network=192.168.40.0
add address=192.168.55.1//24 interface=Offbridge7 network=192.168.55.0
/ip firewall address-list
add address=IP_Admin_Desktop list=AdminAccess
add address=IP_Admin_LAPTOP-wifi list=AdminAccess
add address=IP_Admin iphone/idpad list=AdminAccess
add address=Future Wireguard- remote IP list=AdminAccess
/ip firewall filter
{Input Chain}
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input in-interface-list=MANAGE src-address=AdminAccess { only allow admin to config router }
add action=accept chain=input in-interface-list=LAN dst-port=53,123 protocol=tcp { allow user access to services needed }
add action=accept chain=input in-interface-list=LAN dst-port=53 protocol=udp { allow user access to services needed }
add action=drop chain=input comment="drop all else" { do this last, after enabling vlan-filtering }
{forward chain}
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=forward comment="allow internet traffic" in-interface-list=LAN out-interface-list=WAN
add action=accept chain=forward comment="allow port forwarding" connection-nat-state=dstnat
add action=drop chain=forward comment="drop all else"
/ip firewall nat
add action=masquerade chain=srcnat comment=NAT out-interface-list=WAN
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=MANAGE
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19107
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: VLAN Bridge/inretface/switch

Sun Feb 12, 2023 4:07 am

Router B....... Trunk port is ether1,ether5 Similar to router........... I am using ether4 this time, for emergency access ( or to config ) to the device in case the bridge gets hosed........

/interface bridge
add fast-forward=no name="LAN Bridge" vlan-filtering=no { ENABLE THIS AT THE END }
/interface vlan
add interface="LAN Bridge" name=vlan-main vlan-id=10
/interface ethernet
set [ find default-name=ether1 ] speed=100Mbps
set [ find default-name=ether2 ] speed=100Mbps
set [ find default-name=ether3 ] speed=100Mbps name=Offbridge3
set [ find default-name=ether4 ] speed=100Mbps
set [ find default-name=ether5 ] speed=100Mbps
/interface list
add name=TRUSTED
/interface bridge port
add bridge="LAN Bridge" ingress-filtering=yes frame-types=admit-only-vlan-tagged interface=ether1
add bridge="LAN Bridge" ingress-filtering=yes frame-types=admit-priority-and-untagged interface=ether2 pvid=10
add bridge="LAN Bridge" ingress-filtering=yes frame-types=admit-priority-and-untagged interface=ether4 pvid=10
add bridge="LAN Bridge" ingress-filtering=yes frame-types=admit-only-vlan-tagged interface=ether5
/interface bridge vlan
add bridge="LAN Bridge" tagged=bridge,ether1,ether5 untagged=ether2,ether4 vlan-ids=10
add bridge="LAN Bridge" tagged="LAN Bridge",ether1,ether5 vlan-ids=20,30,40
/ip neighbor discovery-settings
set discover-interface-list=TRUSTED
/interface list members
add interface=vlan-main list=TRUSTED
add interface=Offbridge3 list=TRUSTED
/ip address
add address=192.168.1.3/24 interface=vlan-main network=192.168.1.0
add address=192.168.55.1/24 interface=Offbridge3 network=192.168.55.0
/ip dns
set allow-remote-requests=yes servers=192.168.1.1
/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=192.168.1.1
/system ntp client
set enabled=yes
/system ntp client servers
add address=192.168.1.1
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=TRUSTED
Last edited by anav on Sun Feb 12, 2023 4:14 am, edited 1 time in total.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19107
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: VLAN Bridge/inretface/switch

Sun Feb 12, 2023 4:11 am

Router C is almost the same as Router B....... except you use ports 2,3 to PCs, and thus I am using ether4 for emergency access to the device in case the bridge gets hosed........

/interface bridge
add fast-forward=no name="LAN Bridge" vlan-filtering=no { ENABLE THIS AT THE END }
/interface vlan
add interface="LAN Bridge" name=vlan-main vlan-id=10
/interface ethernet
set [ find default-name=ether1 ] speed=100Mbps
set [ find default-name=ether2 ] speed=100Mbps
set [ find default-name=ether3 ] speed=100Mbps
set [ find default-name=ether4 ] speed=100Mbps name=Offbridge4
set [ find default-name=ether5 ] speed=100Mbps
/interface list
add name=TRUSTED
/interface bridge port
add bridge="LAN Bridge" ingress-filtering=yes frame-types=admit-only-vlan-tagged interface=ether1
add bridge="LAN Bridge" ingress-filtering=yes frame-types=admit-priority-and-untagged interface=ether2 pvid=10
add bridge="LAN Bridge" ingress-filtering=yes frame-types=admit-priority-and-untagged interface=ether3 pvid=10
add bridge="LAN Bridge" ingress-filtering=yes frame-types=admit-only-vlan-tagged interface=ether5
/interface bridge vlan
add bridge="LAN Bridge" tagged="LAN Bridge",ether1,ether5 untagged=ether2,ether3 vlan-ids=10
add bridge="LAN Bridge" tagged="LAN Bridge",ether1,ether5 vlan-ids=20,30,40
/ip neighbor discovery-settings
set discover-interface-list=TRUSTED
/interface list members
add interface=vlan-main list=TRUSTED
add interface=Offbridge4 list=TRUSTED
/ip address
add address=192.168.1.3/24 interface=vlan-main network=192.168.1.0
add address=192.168.55.1/24 interface=Offbridge4 network=192.168.55.0
/ip dns
set allow-remote-requests=yes servers=192.168.1.1
/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=192.168.1.1
/system ntp client
set enabled=yes
/system ntp client servers
add address=192.168.1.1
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=TRUSTED
 
CoolTom
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 84
Joined: Fri Feb 08, 2019 12:15 pm

Re: VLAN Bridge/inretface/switch

Wed Feb 22, 2023 10:00 pm

Thank you a lot.

Question - why you include Brigde interface in tagged
/interface bridge vlan
add bridge="LAN Bridge" tagged="LAN Bridge",ether1,ether5 untagged=ether2,ether3 vlan-ids=10

Question - If I want HW offload, I need to also setup on switch chip?

Or I setup VLAN only on one place? Bridge VLAN OR Switch chip?

Atheros 8327
/interface ethernet switch port
vlan-mode=secure for all ports

and

vlan-header=leave-as-is - always?

base on
https://help.mikrotik.com/docs/display/ ... upExamples
On QCA8337 and Atheros8327 switch chips, a default vlan-header=leave-as-is property should be used. The switch chip will determine which ports are access ports by using the default-vlan-id property. The default-vlan-id should only be used on access/hybrid ports to specify which VLAN the untagged ingress traffic is assigned to.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19107
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: VLAN Bridge/inretface/switch

Wed Feb 22, 2023 10:40 pm

Thank you a lot.

Question - why you include Brigde interface in tagged
/interface bridge vlan
add bridge="LAN Bridge" tagged="LAN Bridge",ether1,ether5 untagged=ether2,ether3 vlan-ids=10

GOOD QUESTION will have to review...................
Its too easy to get tag happy.

In general on an MT configured as a Switch/AP its only necessary to tag the bridge for the management vlan.......if I recollect properly.
Hence, Router B should look like!!
/interface bridge vlan
add bridge="LAN Bridge" tagged="LAN Bridge",ether1,ether5 untagged=ether2,ether3 vlan-ids=10
add bridge="LAN Bridge" tagged,ether1,ether5 vlan-ids=20,30,40



Router C should look like!!
/interface bridge vlan
add bridge="LAN Bridge" tagged="Lan Bridge",ether1,ether5 untagged=ether2,ether4 vlan-ids=10
add bridge="LAN Bridge" tagged=ether1,ether5 vlan-ids=20,30,40
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19107
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: VLAN Bridge/inretface/switch

Wed Feb 22, 2023 10:46 pm

As for your other questions, that gets into territory not comfortable with. The config provided works, if you can make it even faster that is up to you to explore.
 
CoolTom
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 84
Joined: Fri Feb 08, 2019 12:15 pm

Re: VLAN Bridge/inretface/switch

Wed Feb 22, 2023 11:37 pm

I am just checking if I understand it correctly. Is it one or another config? Not both together, right. Setup VLAN on Bridge OR (not AND) setup VLAN on switchip?

Bridge = using CPU
SWITCH Chip = HW VLAN processing offload if chip support (in my case Atheros 8327 - yes)

is this correct VLAN config (Router D) if i count VLAN10 as management/main subnet?

Just bridge all ports
/interface bridge
add name=LAN Bridge
/interface bridge port
add bridge=LAN Bridge interface=ether1 hw=yes
add bridge=LAN Bridge interface=ether2 hw=yes
add bridge=LAN Bridge interface=ether3 hw=yes
add bridge=LAN Bridge interface=ether4 hw=yes
add bridge=LAN Bridge interface=ether5 hw=yes

VLAN10 as main=manage on all ports + switch1-cpu to access mikrotik router management
other VLAN only on trunk 20,30,40
/interface ethernet switch vlan
add comment=SubnetA-VLAN10 independent-learning=no ports=ether1,ether2,ether3,ether4,ether5,switch1-cpu switch=switch1 vlan-id=10
add comment=SubnetB-VLAN20 independent-learning=no ports=ether1,ether5 switch=switch1 vlan-id=20
add comment=SubnetC-VLAN30 independent-learning=no ports=ether1,ether5 switch=switch1 vlan-id=30
add comment=SubnetD-VLAN40 independent-learning=no ports=ether1,ether5 switch=switch1 vlan-id=40

Than turn VLAN on = set vlan-mode=secure
/interface ethernet switch port
set ether1 vlan-mode=secure vlan-header=leave-as-is
set ether2 vlan-mode=secure vlan-header=leave-as-is default-vlan-id=10
set ether3 vlan-mode=secure vlan-header=leave-as-is default-vlan-id=10
set ether4 vlan-mode=secure vlan-header=leave-as-is default-vlan-id=10
set ether5 vlan-mode=secure vlan-header=leave-as-is

Leave-as-is, base on info from manual:
On Atheros8327 switch chips, a default vlan-header=leave-as-is property should be used. The switch chip will determine which ports are access ports by using the default-vlan-id property. The default-vlan-id should only be used on access/hybrid ports to specify which VLAN the untagged ingress traffic is assigned to.

to connect VLAN10 into local mikrotik and manage it from VLAN10
/interface vlan
add name=SubnetA-VLAN10 vlan-id=10 interface=LAN Bridge
/ip address
add address=192.168.99.1/24 interface=SubnetA-VLAN10

Not turning on VLAN filterin on LAN Bridge, correct?

Who is online

Users browsing this forum: Amazon [Bot], benshirazi, rextended and 42 guests