VLANs on RouterOS used to be a bit of a dark art and was very much dependant on the hardware. What worked on one might not work on another. Thankfully that has changed some time ago in the 6.3x releases and now there’s a standard way using bridge VLAN filtering.
A quick note before we begin – Not all Mikrotik hardware supports hardware based VLAN filtering and those that don’t like the CRS-125 in my example will rely heavily on the CPU instead.
You’re probably familiar with how RouterOS bridges work? If not then it’s simple a matter of creating a Bridge in Winbox and then adding every port to it.
With this done first things first is we want to make sure VLAN filtering is disabled so we don’t lose connectivity to our switch:
First ensure VLAN Filtering is disabled so you don’t lose connectivity.
/interface bridge set CoreNet vlan-filtering=no
Next add bridge ports and specify pvid for VLAN access ports to assign their untagged traffic to the intended VLAN.
ether1 is our trunk and that needs to be tagged and ether16 will be on VLAN999 so therefore will be untagged and have a pvid of 999:
/interface bridge vlan
add bridge=CoreNet tagged=ether1 untagged=ether16 vlan-ids=999
Repeat for each VLAN or interface you so desire. For example to add ether 5 to VLAN40:
/interface bridge vlan
add bridge=CoreNet tagged=ether1 untagged=ether5 vlan-ids=40
Once you’re happy, enable Bridge VLAN filtering and hope everything works!
/interface bridge set CoreNet vlan-filtering=yes
That’s it! You’re done!
Recent Comments