I have tried to setup on SwOS with network management native (untagged) on a trunk port with several vlans.
(this is how I setup several networks for better or worse)

No success - over several days of trying many configs and searching the forum. Ready to rework these networks and put management network on a vlan with no native... unless someone has a solution.

What works: Either passing vlan traffic on trunk port to edge ports OR passing native traffic as native to some ports
What doesn't work: Doing both

My setup is very much like SwOS/router on a stick... https://wiki.mikrotik.com/wiki/SwOS/Router-On-A-Stick
except with management network untagged on trunk port. Here is my setup: Connecting trunk to Port 1: test port I could access SwOS management IP but could not pass vlan traffic to access ports
Connecting trunk to Port 2: Trunk port, I could pass vlan traffic but not access the SwOS, which I of course worked around by placing SwOS management IP on one of the vlans. After many tests and much searching I have come to the conclusion that the setup I had planned (untagged management while passing vlan traffic to edge and other trunk ports) is not possible with SwOS.

If you know my conclusion to be wrong, please help a poor soul out before I redesign several networks with management subnet on a vlan rather than native (untagged).

I'm doing essentially exactly what you are trying to do, but I'm doing it on a RB260GS with Ver. 1.6 firmware. I can't look at my config as I'm at work and my internet is down at home right now. This evening I will take a look at how I did it.

In my situation, I have a cloud managed WiFi access point connected to one port of the RB260GS. That access point must have a non-VLAN connection for it to be able to talk to the cloud management system. Once it gets it's configuration, it understands that the four VLANs that are VLAN tagged become the four different SSIDs on the WiFi.

Hello chenier,
The RB250GS does not support Native VLAN (untagged) traffic on VLAN trunk ports, this setup is not possible with RB250GS.
The RB260GS could do it because it allows separate VLAN actions for each VLAN in the "VLANs" menu.
https://wiki.mikrotik.com/wiki/SwOS#VLANs_Tab

@becs, Thank you for the clarification. I now have a RB260GS on the way.

@k6ccc or others, If you would be willing to upload a screen shot of VLANs and maybe VLAN tab to show me how you have this working, I'd be grateful and would save me some trial and error.

Thank you already for your time in responding

Does the CSS326 support this? I have the exact same setup as k6ccc (probably the same access point brand ) and planning on getting a CSS326.

Does the CSS326 support this? I have the exact same setup as k6ccc (probably the same access point brand ) and planning on getting a CSS326.

Which access points are you using? Mine are from Open-Mesh. Very happy with them.
And now that I'm completed with the 90th birthday parties for my Dad that have kept me busy, I'll post some data this evening.


Sent from my phone using Tapatalk, so blame any typos on Android!

Which access points are you using? Mine are from Open-Mesh.
Very happy with them.

I stand corrected, not the same brand . I'm using a Ubiquiti AP-AC-LR. It behaves in the same way as you describe above.

Regarding my question above, I found an answer in another thread (viewtopic.php?f=17&t=120667):

Since there is not an option in 2.x to specify whether to leave as-is, strip, or add VLAN headers to egressing packets, do packets always egress untagged on a port where the default VLAN ID of the port matches that of the packet, and tagged if the default VLAN ID does not match?

Yes, your assumption is correct.

Cheers
- Alex

Sorry for the delay in posting this - been a busy week! Here is screen captures of the VLAN and VLANs tab of my RB260GS. The trunk is the one labeled as Garage trunk and is using the SFP port at 1Gb/s (I don't need GB for this, but had a SFP floating around that I wanted to try). The port labeled as Backup trunk would be used if the SFP fails or I really need the Gb/s port on the switch at the other end of the link. VLAN 201 is the VLAN that is used for the management of the access point (labeled Open Mesh).
Let me see if I do this right for this forum...




BTW, I'm in the process of migrating stuff from an old to a new internet service. The reason for so many VLANs is that the switch is already setup for all the new VLANs in addition to the old VLANs. Eventually almost half of those will go away.

BTW, the screen captures that are linked in the previous post will be back in a day or so. I'm moving websites to a new internet service and this one has not been moved yet. Should happen soon. If someone can't wait, I can move them to one of the websites that has moved, or E-Mail them to you.