I know where are a lot of topics created but non of them gave me a positive result I might be overthinking something.
I work on RB1100AHx4 Dude Edition.
Ether1 = WAN connection
Ether2 to 5 are members of bridge1
I have VLAN10 and VLAN20 VLAN1 as default.
What I want is that VLAN10 and 20 will go tagged via port 2 and 3 so I can uplink managed switched and do the rest.
But on port 4 I want VLAN 10 Untagged / Access and port 5 for VLAN 20 Untagged / Access
Many thanks in advance.
Re: VLANS
/interface vlan
add name=bridge1.10 interface=bridge1 vlan-id=10
add name=bridge1.20 interface=bridge1 vlan-id=20
/interface bridge vlan
add bridge=bridge1 vlan-ids=10 tagged=bridge1,ether2,ether3
add bridge=bridge1 vlan-ids=20 tagged=bridge1,ether2,ether3
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4 pvid=10
add bridge=bridge1 interface=ether5 pvid=20
/interface bridge set bridge1 vlan-filtering=yes
add name=bridge1.10 interface=bridge1 vlan-id=10
add name=bridge1.20 interface=bridge1 vlan-id=20
/interface bridge vlan
add bridge=bridge1 vlan-ids=10 tagged=bridge1,ether2,ether3
add bridge=bridge1 vlan-ids=20 tagged=bridge1,ether2,ether3
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4 pvid=10
add bridge=bridge1 interface=ether5 pvid=20
/interface bridge set bridge1 vlan-filtering=yes
Re: VLANS
The only thing I would add is found below.......
...................
..................................
None of the changes are necessary but also do no harm.
In terms of the untagging on /interface bridge vlans, it is unnecessary because the router will dynamically untag the port due to the pvid entry on the bridge port.
However, I like to put it there manually for two reasons.
a. if you print your config.export, the untagging will not show up as its only applied when in use.
b. I like to cross check my bridge ports and bridge vlan settings and thus I can be sure that my config or any config I am reading is clear.
Often, it is easier to see an error or a misunderstanding of the OPs config when there is a mismatch. When the info is 'missing' one can start to go down the assumption path vice the evidence based path. Not my cup of tea if I can avoid it.
Another common mistake seen when not putting in the untagging is that users forget to put in a line altogether for the vlan.
Lets say one has vlan15, its only used on port 2 and the bridge port is thus.
/interface bridge ports
add bridge=bridge1 interface=ether2 pvid=15
Often the user will forget they need the following entry, even though the port will be untagged on the fly, because there are no other ports requiring tagging for that vlan!!
In your config, both ports are tagged elsewhere (other ports) so its not obvious.
add bridge=bridge1 tagged=bridge 1 vlan-ids=15.
Much clearer at least for me when its done the manual way and one always ensures the entry is there written as:
add bridge=bridge1 tagged=bridge1 untagged=ether2 vlan-ids=15.
...................
Code: Select all
/interface vlan
add name=bridge1.10 interface=bridge1 vlan-id=10
add name=bridge1.20 interface=bridge1 vlan-id=20
/interface bridge vlan
add bridge=bridge1 vlan-ids=10 tagged=bridge1,ether2,ether3 untagged=ether4
add bridge=bridge1 vlan-ids=20 tagged=bridge1,ether2,ether3 untagged=ether5
/interface bridge port
add bridge=bridge1 interface=ether2 ingress-filtering=yes frame-types=admit-only-vlan-tagged
add bridge=bridge1 interface=ether3 ingress-filtering=yes frame-types=admit-only-vlan-tagged
add bridge=bridge1 interface=ether4 pvid=10 ingress-filtering=yes frame-types=admit-priority-and-untagged
add bridge=bridge1 interface=ether5 pvid=20 ingress-filtering=yes frame-types=admit-priority-and-untagged
/interface bridge set bridge1 vlan-filtering=yesNone of the changes are necessary but also do no harm.
In terms of the untagging on /interface bridge vlans, it is unnecessary because the router will dynamically untag the port due to the pvid entry on the bridge port.
However, I like to put it there manually for two reasons.
a. if you print your config.export, the untagging will not show up as its only applied when in use.
b. I like to cross check my bridge ports and bridge vlan settings and thus I can be sure that my config or any config I am reading is clear.
Often, it is easier to see an error or a misunderstanding of the OPs config when there is a mismatch. When the info is 'missing' one can start to go down the assumption path vice the evidence based path. Not my cup of tea if I can avoid it.
Another common mistake seen when not putting in the untagging is that users forget to put in a line altogether for the vlan.
Lets say one has vlan15, its only used on port 2 and the bridge port is thus.
/interface bridge ports
add bridge=bridge1 interface=ether2 pvid=15
Often the user will forget they need the following entry, even though the port will be untagged on the fly, because there are no other ports requiring tagging for that vlan!!
In your config, both ports are tagged elsewhere (other ports) so its not obvious.
add bridge=bridge1 tagged=bridge 1 vlan-ids=15.
Much clearer at least for me when its done the manual way and one always ensures the entry is there written as:
add bridge=bridge1 tagged=bridge1 untagged=ether2 vlan-ids=15.
I see now where I did a mistake. Once again a mil thanks for support. I hope this post will help others as well!Re: VLANS
The only thing I would add is found below.......
...................
..................................Code: Select all/interface vlan add name=bridge1.10 interface=bridge1 vlan-id=10 add name=bridge1.20 interface=bridge1 vlan-id=20 /interface bridge vlan add bridge=bridge1 vlan-ids=10 tagged=bridge1,ether2,ether3 untagged=ether4 add bridge=bridge1 vlan-ids=20 tagged=bridge1,ether2,ether3 untagged=ether5 /interface bridge port add bridge=bridge1 interface=ether2 ingress-filtering=yes frame-types=admit-only-vlan-tagged add bridge=bridge1 interface=ether3 ingress-filtering=yes frame-types=admit-only-vlan-tagged add bridge=bridge1 interface=ether4 pvid=10 ingress-filtering=yes frame-types=admit-priority-and-untagged add bridge=bridge1 interface=ether5 pvid=20 ingress-filtering=yes frame-types=admit-priority-and-untagged /interface bridge set bridge1 vlan-filtering=yes
Just to mention I didnt use frame-types=admit-only-vlan-tagged on port 2 and 3 as this kills VLAN1 witch is by default untagged.
Re: VLANS
That is strange, it doesnt kill any of my trunk ports talking to switches or APs, so it sounds like you have something weird going on in the devices ether2 and ether3 are connected to? I use TPLINK, DLINK, NETGEAR and MT switches in this regard, none have any issues.
Re: VLANS
?? vlan1 is the standard default on most managed switches it just needs to be left alone for the most part.