Community discussions

MikroTik App
 
nfored
just joined
Topic Author
Posts: 22
Joined: Fri Sep 06, 2019 4:41 pm

VLAN access allowed when specifically denied.

Thu Nov 11, 2021 1:11 am

Today when cleaning up vlans I noticed I mistakenly enabled the wrong vlan on a port on the VLANS page, but assigned it the correct vlan on the VLAN page.

This is what I think is going on can the community confirm it form.

Because on the VLAN page I have that port set as strict "only untagged" and specified a vlan id of 103, and the device itself is unaware of of any vlan; that no vlan tag is ever recived on this port, and since no vlan tag is received on that port it doesn't matter if that port has vlan 103 enabled on the VLANS page. however if that device was sending a vlan tag and on the VLAN page I said strict tagged only, then the enforcement of the VLANS page would take effect.

Thank you for your time.
Capture.JPG
You do not have the required permissions to view the files attached to this post.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11383
Joined: Thu Mar 03, 2016 10:23 pm

Re: VLAN access allowed when specifically denied.

Thu Nov 11, 2021 11:12 am

In RouterOS, when port has PVID set (in /interface bridge port, I guess it's the same as default VID setting in SwOS shown in lower part of screenshot), it is automatically added to group of ports members of that VLAN (as untagged member of course). Only tagged membership has to be explicitly defined in config section (/interface bridge vlan) which seems to parallel the upper part of screenshot. Explicitly setting untagged membership is optional in ROS (and if set wrongly, it might lead to some odd misbehaviour).

Could be something similar happens in SwOS?

Who is online

Users browsing this forum: No registered users and 15 guests