Community discussions

MikroTik App
 
xxdreamxx
just joined
Topic Author
Posts: 7
Joined: Tue May 22, 2018 12:47 pm

VLAN correct config

Sun Oct 17, 2021 3:48 pm

As I've understood NO, but is there a technical difference between the following BRIDGE VLAN configurations?
(if relevant: bridge1 vlan-filtering = yes, wlan1 added under BRIDGE PORTS with ID 100, wlan2 with ID 200, bridged trunk ports are ether1 and sfp1)

Version 1:
/interface bridge vlan
add bridge=bridge1 tagged=ether1,sfp1 vlan-ids=100
add bridge=bridge1 tagged=ether1,sfp1 vlan-ids=200

Version 2:
/interface bridge vlan
add bridge=bridge1 tagged=ether1,sfp1 vlan-ids=100,200
 
tdw
Forum Guru
Forum Guru
Posts: 1843
Joined: Sat May 05, 2018 11:55 am

Re: VLAN correct config

Sun Oct 17, 2021 4:17 pm

The second form should only be used if there are no untagged memberships of the VLANs. As you say wlan1 added under BRIDGE PORTS with ID 100 this will be untagged, so the first form must be used. See the comment below the table here https://help.mikrotik.com/docs/display/ ... eVLANtable
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19104
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: VLAN correct config

Sun Oct 17, 2021 4:42 pm

Without knowing the full config I would hedge my bets but in general you can combine vlan-ids IF and only IF the ports are identical for all vlans.
Since these are trunk ports, this is a very real possibility.

both config are wrong anyway

Version 1:
/interface bridge vlan
add bridge=bridge1 tagged=bridge1,ether1,sfp1 vlan-ids=100
add bridge=bridge1 tagged=bridge1,ether1,sfp1 vlan-ids=200

Version 2:
/interface bridge vlan
add bridge=bridge1 tagged=bridge1,ether1,sfp1 vlan-ids=100,200

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Lets say ether1 also carried vlan 30

/interface bridge vlan
add bridge=bridge1 tagged=bridge1,ether1,sfp1 vlan-ids=100,200
add bridge=bridge1 tagged=bridge1,ether1 vlan-ids=30

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Now lets add in the bridge ports to the discussion
add bridge=bridge1 interface=ether1 ingress-filtering=yes frame-types=admit-only-vlan-tagged {trunk port}
add bridge=bridge1 interface=sfp1 ingress-filtering=yes frame-types=admit-only-vlan-tagged {trunk port}
add bridge=bridge1 interface=wlan1 pvid=100 ingress-filtering=yes frame-types=admit-only-priority-and-untagged
add bridge=bridge1 interface=wlan2 pvid=200 ingress-filtering=yes frame-types=admit-only-priority-and-untagged

Now its clear that the ports for the two VLANS differ vlan100 doenst just go through ether1 and sfp1 but also through wlan1
and similarly vlan200 goes through ether1,sfp1 and also through wlan2. Thus clearly method 2 will NOT work here.
Thus this is how I normally write my rules:

/interface bridge vlan
add bridge=bridge1 tagged=bridge1ether1,sfp1 untagged=wlan1 vlan-ids=100
add bridge=bridge1 tagged=bridge1,ether1,sfp1 untagged=wlan2 vlan-ids=200

However, since the router dynamically creates the untagged part of that rules due to the bridge port construction the rule can look like so
/interface bridge vlan
add bridge=bridge1 tagged=bridge1ether1,sfp1 vlan-ids=100
add bridge=bridge1 tagged=bridge1,ether1,sfp1 vlan-ids=200

I personally dont write it like this as I like to write it out manually and that way its clearer to me when I cross check against my bridge ports and reading other peoples configs.
In this case you are asking the question probably because you were not aware of these facts............
So now you know, you can combine vlan ids for trunk ports but as soon as a vlanid also hits an access port, then you have to separate out the bridge vlan config.
 
xxdreamxx
just joined
Topic Author
Posts: 7
Joined: Tue May 22, 2018 12:47 pm

Re: VLAN correct config

Sun Oct 17, 2021 10:32 pm

Thanks for your two detailed explanations. In fact, and as suggested, I also included the bridge1 as tagged, but its meaning is not entirely clear to me until now.
After many hours of reading, I still have further research to do here.

But as I understood it: To be accessible in the internal network (id 100) via IP address (allow handling of tagged VLAN traffic at routing level), I also have to assign a vlan100 interface under bridge1.

/interface vlan
add interface=bridge1 name=vlan100 vlan-id=100

/ip address
add address=192.168.1.26/24 interface=vlan100 network=192.168.1.0
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11439
Joined: Thu Mar 03, 2016 10:23 pm

Re: VLAN correct config

Sun Oct 17, 2021 10:36 pm

You should read this article to better understand different bridge personalities.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19104
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: VLAN correct config

Mon Oct 18, 2021 12:07 am

..... and this article for the setup of vlans.......
viewtopic.php?t=143620

Who is online

Users browsing this forum: EmuAGR, synchro and 64 guests