Community discussions

MikroTik App
 
User avatar
Techsystem
Member
Member
Topic Author
Posts: 337
Joined: Tue Dec 21, 2021 5:12 am

Question about VLAN in Ros

Tue Sep 06, 2022 6:38 am

Hello for all..!
so i have Ros951ui, and i want to isolate two ethernet port from each other -(eth4 & eth5)-
i go to interface and create two Vlan with different ID
VLAN-4 & VLAN-5 and i just put eth-4 in VLAN-4 and eth-5 in VLAN-5. does that mean i isolate the two interface from each other...?
or i have to do some additional thing..?
 
holvoetn
Forum Guru
Forum Guru
Posts: 5405
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Question about VLAN in Ros

Tue Sep 06, 2022 7:15 am

VLAN handling is done on bridge nowadays, not on interface.
If your device supports it, HW offloading between VLANs will be handled by ROS.

You may want to spend some time first reading this excellent post and to digest very carefully the provided examples:
viewtopic.php?t=143620

Then apply for your situation.

Personal view: I was never able to use these examples as copy-paste solutions in ROS7 (the initial post and examples were made using ROS 6) but they helped me IMMENSELY to understand how it should work.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Question about VLAN in Ros  [SOLVED]

Tue Sep 06, 2022 2:07 pm

If you need only two independent ports and they are not bridged, adding VLANs to them won't make them any more independent than they already are. In both cases, if you want to block communication (routing) between them, it's done using IP firewall. Because otherwise router tries to route everything it can, it's the purpose of router.
 
Guscht
Member Candidate
Member Candidate
Posts: 236
Joined: Thu Jul 01, 2010 5:32 pm

Re: Question about VLAN in Ros

Tue Sep 06, 2022 3:35 pm

If the ports are not bridged together, the ports are isolated by itself.
If you do NOT have the requiremnt to tag the frames with an IEEE802.1Q-tag (or if ingressing to understand tagged-frames), there is no need to create a VLAN-Interface.

All you need is to block the inter-network communication by a Firewall > Filter rule.
 
User avatar
Techsystem
Member
Member
Topic Author
Posts: 337
Joined: Tue Dec 21, 2021 5:12 am

Re: Question about VLAN in Ros

Tue Sep 06, 2022 3:56 pm

hello my friends ..! very very thanksful for all this replies and advises ..!
really appreciate every single replay here..

Who is online

Users browsing this forum: Amazon [Bot], VinceKalloe and 94 guests