Community discussions

MikroTik App
  4. RouterOS
  5. General

Solved - assign ethernet port to VLAN

Post Reply
 
davidreaton
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 88
Joined: Thu Oct 02, 2014 12:21 am

Solved - assign ethernet port to VLAN

Thu Mar 07, 2024 12:04 am

Here’s what I learned and what worked for me. MANY THANKS to folks on the Mikrotik forum and the r/mikrotik subreddit for their help.

I set this up successfully on 3 routers, hAP ac, RB 951, CRS 125: These have a switch chips which are VLAN aware. You can assign a switch port to a VLAN and get wire speeds. No setting PVIDs or bridge VLAN filtering needed. I did this at the Terminal command line, but you may be able to do this from Winbox.

I followed guides at

https://help.mikrotik.com/docs/display/ ... +switching

and

https://help.mikrotik.com/docs/pages/vi ... =103841836


For the hAP ac, here's my setup:

1) My Home Automation (HA) device I want to join VLAN30

2) hAP ac: HA device connected to ether 5. Ether 1 trunks all traffic to Router.

3) RB4011 router: All VLANs are defined and routed here. Ether1 is WAN, Ether2-8 are LAN. All other VLAN30 HA devices are connected to the LAN here. hAP ac ether1 connected to a LAN port.

This worked for me: Starting with no configuration on the hAP ac: 1) Define a bridge, add all ports to the bridge. At the terminal command line:

/interface ethernet switch vlan

add ports=ether1,ether5 switch=switch1 vlan-id=30

/interface ethernet switch port

set ether1 vlan-mode=fallback vlan-header=always-strip

set ether5 vlan-mode=secure vlan-header=add-if-missing default-vlan-id=30

I changed ether1 to Fallback mode to access the other devices on hAP ac ether 2-4.


This approach worked for the RB 951, too.


For the CRS125, the commands were slightly different:

In this case the trunk port to my router is Eth 21 and the HA device I want to put on VLAN 30 is on Eth23.


At the Terminal Command line:

interface bridge

add name=bridge1

/interface bridge port

add bridge=bridge1 interface=ether21 hw=yes

add bridge=bridge1 interface=ether23 hw=yes


/interface ethernet switch ingress-vlan-translation

add ports=ether23 customer-vid=0 new-customer-vid=30


/interface ethernet switch egress-vlan-tag

add tagged-ports=ether21 vlan-id=30


/interface ethernet switch vlan

add ports=ether21,ether23 vlan-id=30


The following line is in the Mikrotik examples. Don’t add this if you’re connected to the trunk port (ether21 in my case). You’ll lose your connection. A reminder to never modify the interface you’re connected to. Of course, I did this and lost the connection!

/interface ethernet switch

set drop-if-invalid-or-src-port-not-member-of-vlan-on-ports=ether21,ether23
Top
Post Reply

Who is online

Users browsing this forum: Ahrefs [Bot] and 32 guests
  4. RouterOS
  5. General