Community discussions

MikroTik App
 
sandorr
just joined
Topic Author
Posts: 2
Joined: Mon Feb 27, 2023 3:00 pm

Combined VLAN switch and router+switch on RB951

Wed Mar 08, 2023 3:30 pm

After my telco provider (the same as my internet provider) decided to migrate the PSTN services (existing over copper) to the office over the same fiber optic media converter my RB951 (with static address) was already connected, the idea of the combo in the subject was born (as the Internet and VoIP have to be in separate VLANs on the same eth cable).
Lacking the knowledge and time, after a few futile tries, I implemented the service migration in a hurry using a small manageable switch (namely TP-Link SG105E). One of its ports, connected to FO media converter, programmed as trunk port carrying both VLANs, another one of its ports, connected to VoIP mgw, programmed as access port in VoIP VLAN (pvid=26), finally a third port, connected to WAN port of RB951, programmed as access port in Internet VLAN (pvid=31).
Now both services are up and running, but I didn't give up my original plan to combine the VLAN switch and the router+switch in the same device.
There are good examples at viewtopic.php?t=143620
It's clear to me that I have to combine the switch and router configs of the "Switch with a separate router (RoaS)" example, but how?
Please advise me.
Thanks,
 
tdw
Forum Guru
Forum Guru
Posts: 1843
Joined: Sat May 05, 2018 11:55 am

Re: Combined VLAN switch and router+switch on RB951

Thu Mar 09, 2023 12:57 am

Instead of having a WAN port separate from the bridge and bridge ports put all of the ports into a single bridge. In addition to whatever LAN setup you wish to have configure the uplink port with VLAN IDs 26 & 31 tagged, the VoIP interface port with VLAN ID 26 untagged, the bridge-to-CPU port with VLAN 31 tagged. Create an /interface vlan connected to the bridge, this is your 'Internet WAN' connection to which a DHCP client or PPPoE client can be attached (as required by your ISP).

You could use the switch chip instead of a VLAN-aware bridge, but given the bridged traffic volume for VoIP is minimal the additional complexity of that method probably outweighs the small performance increase.
 
sandorr
just joined
Topic Author
Posts: 2
Joined: Mon Feb 27, 2023 3:00 pm

Re: Combined VLAN switch and router+switch on RB951

Mon Mar 13, 2023 4:01 pm

Thanks @tdw.
If understood You properly, I have to:
Modify my single bridge (unfortunately named bridge) so that:
- the WAN port be part of it (You: Instead of having a WAN port separate from the bridge and bridge ports, all of the ports have to be in a single bridge.),
- the VoIP interface port be tagging ingress packets w/o tags with VLAN ID 26 (You: ...the VoIP interface port with VLAN ID 26 untagged..., I: but this is only ingress part of port setup!)
- all other ports except WAN port be tagging ingress packets w/o tags with VLAN ID 31 (You didn't mentioned it, but I suppose).
Configure the single bridge's VLAN settings so that:
- the WAN port be tagged with VLAN IDs 26 & 31 (You: ...configure the uplink port with VLAN IDs 26 & 31 tagged...),
- the bridge port be tagged with VLAN 31 (You: ...the bridge-to-CPU port with VLAN 31 tagged..., and I am aditionaly thankful for emphasizing bridge-to-CPU port of the bridge named bridge!!!).
- unmentioned ports in bridge's VLAN settings will be untagged ports on egress (Is this true?).
Create a vlan interface connected to the bridge. This will be my 'Internet WAN' connection holding static address AA.BB.CC.DD and will be the in-interface/out-interface in the ip firewall filters (You: ...This will be your 'Internet WAN' connection to which a DHCP client or PPPoE client can be attached...,).
/interface bridge port
# next line added
add bridge=bridge interface=ether1-WAN
#in next line added: pvid=26
add bridge=bridge interface=ether2-VoIP pvid=26
#in next four lines added: pvid=31
add bridge=bridge interface=ether3-Inet pvid=31
add bridge=bridge interface=ether4-Inet pvid=31
add bridge=bridge interface=ether5-Inet pvid=31
add bridge=bridge interface=wlan-Inet pvid=31
#next three lines added:
/interface bridge vlan
add bridge=bridge tagged=ether1-WAN vlan-ids=26,31
add bridge=bridge tagged=bridge vlan-ids=31
#next two lines added:
/interface vlan
add interface=bridge name=Internet_WAN vlan-id=31 # 
/ip address
#in next line modified: interface=ether1-WAN to interface=Internet_WAN
add address=AA.BB.CC.DD/30 interface=Internet_WAN network=AA.BB.CC.DD-2
/ip firewall filter
#in next line modified: in-interface=ether1-WAN to: in-interface=Internet_WAN
add action=drop chain=input comment="WAN drop all" in-interface=Internet_WAN
#in next line modified: in-interface=ether1-WAN to: in-interface=Internet_WAN
add action=accept chain=forward comment="Drop WAN !dstnated" connection-nat-state=!dstnat connection-state=new in-interface=Internet_WAN
#in next line modified: out-interface=ether1-WAN to: out-interface=Internet_WAN
add action=masquerade chain=srcnat dst-address-list=!LAN out-interface=Internet_WAN src-address=192.168.1.0/24
Is this OK?
Are the next settings necessary:
/interface bridge set bridge vlan-filtering=no
/interface bridge port
set bridge=bridge ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged ... (all access ports)
set bridge=bridge ingress-filtering=yes frame-types=admit-only-vlan-tagged ... (trunk port)
/interface bridge set bridge vlan-filtering=yes
Thanks,
 
tdw
Forum Guru
Forum Guru
Posts: 1843
Joined: Sat May 05, 2018 11:55 am

Re: Combined VLAN switch and router+switch on RB951

Mon Mar 20, 2023 2:08 pm

It is difficult to say from seeing only a small part of the configuration. I wouldn't expect the LAN port settings to have to be changed.

Who is online

Users browsing this forum: nescafe2002 and 73 guests