Ok, this seems like a simple thing, but I can't figure out how to implement it on my MT.
I have a 5 port miniRouter Routerboard that I'm trying to use as a small VLAN switch. Port 1 of the switch is connected to a wireless backhaul radio which bridges back to the rest of my network. This port needs to have all of the VLAN traffic tagged. I've set up many VLAN switches that way in the past & they're usually configured as a "Trunk" port. Port 2 on the switch needs to have one VLAN that is tagged (VLAN ID 5). All of the rest of the traffic that will be going through is untagged. The problem is that the untagged traffic then needs to be bridged to a tagged VLAN (VLAN 6) on Port 1. VLAN 5 traffic on port 2 also needs to be bridged to VLAN5 on port 1. I've only been able to get one of them bridged successfully so far. Other VLAN switches have the option to set a VLAN ID to "untagged" traffic coming into a port, but I can't seem to figure out how to do that on the MT.

A Mikrotik Routerboard is a router first, switch/bridge, etc second. The point of VLANs are to replace an actual LAN. So, if you want to use VLANs, I suggest use only one cable between your switch and mikrotik. Place that switchport in "trunk mode" the IP address on the ethernet port on your mikrotik will be untagged, usually "vlan 1" on switches. Then create your additional VLANs in the mikro as well as inside your switch. Place the vlans in the mikrotik under the interface that connects to the switch. Make sure you trunk allow all the vlans you need through your trunked switchport. Place whatever ports on your switch in their necessary switchport access ports. Setup IP addressing, dhcp servers, etc on the VLANs in the mikrotik. That's it. Otherwise, if you have multiple switches, you don't need VLANs, just use the ports on the Mikrotik.

Two examples:


Mikrotik cabled ether 1 to fast 1 on switch
vlan 3,5,6 setup on mikro under ether 1
vlan 3,5,6 setup on switch and trunked through fast 1
ether 1 ip on mikro ether 1 is 192.168.1.1/24
vlan 1 ip on switch 192.168.1.2/24
vlan 3 ip on mikro is 10.10.10.1/24
vlan 5 ip on mikro is 192.168.200.1/24
vlan 5 ip on mikro is 192.168.100.1/25
vlan 6 ip on mikro is 10.20.30.1/29place fast 2-6 on switch in switchport access mode, access vlan 3
place fast 7-12 on switch in switchport access mode, access vlan 5
place fast 13-24 on switch in switchport access mode, access vlan 6
setup dhcp servers & ip pools as needed on each interface in the mikrotik.

done.


Example 2:

Mikrotik cabled as follows:

ether 1 > internet
ether 2 > switch 1
ether 3 > switch 2
ether 4 > server
ether 5 > access point

assign IP ranges, dhcp servers, etc to each interface

No VLAN necessary, using physically separate LAN because you have different routed interfaces.


If you only have one switch and want different physical interfaces:

On switch:

Place all ports in switchport mode access.
Place 1-8 in access vlan 2
Place 9-16 in access vlan 5
Place 17-24 in access vlan 8

cable as follows:

Mikrotik

ether 1 > internet
ether 2 > switchport 1
ether 3 > switchport 9
ether 4 > switchport 17


Best of luck,

Brian
No VLANs needed in Mikro, just do IP setup on physical interfaces.

Other VLAN switches have the option to set a VLAN ID to "untagged" traffic coming into a port, but I can't seem to figure out how to do that on the MT.

I have a similar issue, I need to transfer two LANs between two buildings. One solution would be to use two fiber pairs, or replace every switch with VLAN aware switches.

No, you don't need to replace all the switches. You have 2 options:

1) use mikrotik rb433 or similar with two radio cards. Build two radio links, bridge each link to an ethernet port on the other end, would be similar to two ethernet runs.

2) only buy vlan aware switches for the edge of each building. Mikro link>vlan switch>existing switch on each side.

Thanks for your reply. You are right that I do not need to replace every switch in the building. However, I need at least two new VLAN aware switches (one in each building).

I'm already running a wireless bridge between the buildings (dual Nstreme), but the increasing use of visual technology for instructional purposes is driving growth in bandwidth requirements. This drives the need for fiber networks as opposed to wireless networks, which may not be able to meet the increasing bandwidth demand.

Another soultion would be to use a EoIP tunnel, but of previous experience I know that encrypted tunnels requires a lot of CPU power. Since I already have one RB1000 in each building, the best solution would be if those routers could tag untagged packets, and then untag it like a VLAN aware switch would do.

Depending on the distance between the buildings and your location, you may want to go with licensed wireless before fiber. Usually you can do a 300 meg full duplex licensed wireless solution for a fraction of burying fiber. That's really 300 meg, not some lame over the air rate. Many of the high end wireless units can be mated to get over 1 gbps of usable transport. While fiber is a little more "future proof" my guess is if you're sweating replacing some switches with some vlan aware ones, then cost is a concern.

The distance between the buildings are only 50 meters, and there is already fiber optic cables deployed in the basement. The problem is that there are limited numbers of them available for me to use. Maybe there is another solution to this issue? Instead of using EoIP tunnels, I saw that RouterOS supports MPLS/VPLS. Unfortunately, I don't have any experience in this area. I just need to have some faith that this is going to work out for me, so if someone here can tell me if this is the right thing to use I would be very grateful.

My issue is actually slightly different. Port 1 of the MT box is connected to a backhaul bridge which is the "truncked" interface with all of the VLANs connecting back to my main router. Port 2 has a Tranzeo AP. The AP has an option for to have the web config accessible through a VLAN interface. That option does not exist for the CPEs connected to it. I have configured all of my network to use a VLAN interface for management of my devices, which is separated from the client traffic. I actually set up a different VLAN interface for each of my access points & have a hotspot & pppoe server on each. This way I can see exactly where any of my clients are connecting from. So the issue here is that I need to be able to manage the Tranzeo AP through VLAN5 which is trunked on Port 1 & needs to somehow be bridged to port 2. I also need to bridge the traffic from the clients connected through the Tranzeo AP, which come out of the AP untagged, but need to be bridged to a tagged VLAN on port 1.