Dear Gurus;

Here is what I am trying to do.
Do I need to just add ports to a VLAN or do you have to unslave a group of ports to setup a vlan?????



MIKROTIK 450G
Ether-1 - Internet
Ether-2 to "Ether-2" of CRS125-24G-1S-2HnD-IN

VLAN 10 Ports 4-5-6-7-8 Unslaved from Ether-2 (Port 4 Becomes Master for 5-6-7-8)

VLAN20 Ports 10-11-12-13-14 Unslaved from Ether-2 (Port 10 Becomes Master for 11-12-13-14)

Now I want VLAN10 and VLAN20 to be able to go through Ether-2 to the 450G where using VLAN Tags I will hand out DHCP addresses per VLAN.

Do I bridge the VLAN10 and VLAN20 with ether-2????

On an HP Procurve this is done with a graphical interface using the TAG and UNTAG language where I make VLAN10 and VLAN20 able to be tagged or untagged with Port 2 on the switch so it can reach the router.

Does anyone know of any documentation that helps with CRS vlans going out a certain port to be routed to the internet via the router?

Any help would be most appreciated. Hopefully this question is not that convoluted...

I found this in the search for an answer to my question. hope it helps

http://forum.mikrotik.com/viewtopic.php?t=78674

Dear Gurus;

Here is what I am trying to do.
Do I need to just add ports to a VLAN or do you have to unslave a group of ports to setup a vlan?????



MIKROTIK 450G
Ether-1 - Internet
Ether-2 to "Ether-2" of CRS125-24G-1S-2HnD-IN

VLAN 10 Ports 4-5-6-7-8 Unslaved from Ether-2 (Port 4 Becomes Master for 5-6-7-8)

VLAN20 Ports 10-11-12-13-14 Unslaved from Ether-2 (Port 10 Becomes Master for 11-12-13-14)

Now I want VLAN10 and VLAN20 to be able to go through Ether-2 to the 450G where using VLAN Tags I will hand out DHCP addresses per VLAN.

Do I bridge the VLAN10 and VLAN20 with ether-2????

On an HP Procurve this is done with a graphical interface using the TAG and UNTAG language where I make VLAN10 and VLAN20 able to be tagged or untagged with Port 2 on the switch so it can reach the router.

Does anyone know of any documentation that helps with CRS vlans going out a certain port to be routed to the internet via the router?

Any help would be most appreciated. Hopefully this question is not that convoluted...

I'm confused... are Ports 10-14 and 4-8 supposed to be untagged or tagged? On RouterOS you add vlans on to ports you want to send tags out and bridge ones you don't.

So my guess is that you want to add VLAN10 and VLAN20 to ether2 and then bridge VLAN10 with ether4 and VLAN20 with ether10. This would make Ether2 a trunk for VLAN10 and VLAN20, ether4-8 access ports for VLAN10, and ether10-14 access ports for VLAN20.

And yes... VLANs on RouterOS are confusing.

Thank you for the reply.
I looked at http://wiki.mikrotik.com/wiki/Manual:CRS_examples and with experimentation got it to work.

What I guess I am trying to get my head around is do I need to unslave a set or physical ports like 4-8 to use VLANs?

If I unslave ports 4 - 8 do I need to make one master? like say port 4?

If I do that then I have to use routing or bridging for ports 4 - 8 to talk to port 2 correct?

Where as if I leave ports 4 - 8 with ether-2 as the master I only need to set ingress and egress VLAN tagging on ports 4 - 8 and they will flow over port2 to my router where the router will check the VLAN ID and do what I tell it to do with the VLAN traffic.

Sorry my brain is kind of mushy after reading so much vlan examples and research for Mikrotik

Thank you for the reply.
I looked at http://wiki.mikrotik.com/wiki/Manual:CRS_examples and with experimentation got it to work.

What I guess I am trying to get my head around is do I need to unslave a set or physical ports like 4-8 to use VLANs?

If I unslave ports 4 - 8 do I need to make one master? like say port 4?

If I do that then I have to use routing or bridging for ports 4 - 8 to talk to port 2 correct?

Where as if I leave ports 4 - 8 with ether-2 as the master I only need to set ingress and egress VLAN tagging on ports 4 - 8 and they will flow over port2 to my router where the router will check the VLAN ID and do what I tell it to do with the VLAN traffic.

Sorry my brain is kind of mushy after reading so much vlan examples and research for Mikrotik

What exactly are you trying to do?... if you slave ports they basically work like one port... e.g. if you slave 5,6,7,8 on to port 2 and add a vlan to port 2 that vlan will go out on each of those ports tagged.

This is all I am doing very simple.

Example
Port Group A Ports 4,5,6,7
Port Group B Ports 8,9,10,11

Group A is one subnet
Group B is another subnet

Group A can use internet from Port 2 connected to RB450G
Group B can use internet from port 2 connected to RB 450G

Group A and B should not be able to see each other. (Did this by making firewall filter forward rules on the 450G to not allow subnet A to talk to subnet B and vice versa on the CRS125-24G-1S-2HnD-IN switch)

Unslaving Ports from Group A and Group B from ether2 made them purely isolated from each other - not really what I wanted to do

This is all I am doing very simple.

Example
Port Group A Ports 4,5,6,7
Port Group B Ports 8,9,10,11

Group A is one subnet
Group B is another subnet

Group A can use internet from Port 2 connected to RB450G
Group B can use internet from port 2 connected to RB 450G

Group A and B should not be able to see each other. (Did this by making firewall filter forward rules on the 450G to not allow subnet A to talk to subnet B and vice versa on the CRS125-24G-1S-2HnD-IN switch)

Unslaving Ports from Group A and Group B from ether2 made them purely isolated from each other - not really what I wanted to do

What do you mean "purely isolated" ..