Community discussions

MikroTik App
  4. RouterOS
  5. General

Make RB2011 as VLAN Trunk

Post Reply
 
User avatar
tomasi
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 99
Joined: Fri Oct 03, 2014 6:40 pm
Location: Brazil
Contact:
Contact tomasi

Make RB2011 as VLAN Trunk

Thu Oct 12, 2017 1:09 am

Hi,

I've searched in the forum about this topic, but didn't find a solution.

Is it possible to make all RB2011 ports as VLAN trunk?

The idea is to transport any VLAN (already tagged) from AP to PPPoE Server, keeping redundancy of link between all RB2011 in the tower.
This way we can set each AP to a distinct VLAN, keeping isolated the traffic from each to other.

In this diagram, VLAN 700 flows from AP to PPPoE Server through RB2011 to Core Switch (all ports in trunk mode too) and vice-versa:

Image
Top
 
hugal
just joined
Posts: 14
Joined: Thu Sep 28, 2017 7:33 pm

Re: Make RB2011 as VLAN Trunk

Thu Oct 12, 2017 11:53 am

Depending on the RouterOS version:
https://wiki.mikrotik.com/wiki/Manual:Interface/VLAN

Newest version:
https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge

You should adapt the configuration to your needs
Top
 
User avatar
tomasi
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 99
Joined: Fri Oct 03, 2014 6:40 pm
Location: Brazil
Contact:
Contact tomasi

Re: Make RB2011 as VLAN Trunk

Fri Oct 13, 2017 3:32 am

Right, but in this scenario RB2011 will not tag or untag VLAN.

The aim is to configure RB2011 only to transport tagged VLAN from PPPoE Server > AP and vice-versa without modifying them.

It seems the only way is to create a bridge and add all ports to it (or use a VLAN capable switch with all ports in trunk mode, allowing VLAN from 1 to 4094 to passthrough)

??
:?
Top
 
idlemind
Forum Guru
Forum Guru
Posts: 1146
Joined: Fri Mar 24, 2017 11:15 pm
Location: USA

Re: Make RB2011 as VLAN Trunk

Sun Oct 15, 2017 11:52 pm

Right, but in this scenario RB2011 will not tag or untag VLAN.

The aim is to configure RB2011 only to transport tagged VLAN from PPPoE Server > AP and vice-versa without modifying them.

It seems the only way is to create a bridge and add all ports to it (or use a VLAN capable switch with all ports in trunk mode, allowing VLAN from 1 to 4094 to passthrough)

??
:?
tomasi, I'm not aware of that type of setting, even on a Cisco device which has that capability you'd still need to define the VLAN in the database for traffic to move correctly.

Regardless, open trunks that don't explicitly set the VLAN that is needed is a poor security practice.

Take the first replies advice and setup what you need in either the switch chip, legacy bridges or the new VLAN aware bridges. No IP addresses need to be assigned, in any of those setups you can perform simple layer 2 bridging.
Top
 
User avatar
tomasi
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 99
Joined: Fri Oct 03, 2014 6:40 pm
Location: Brazil
Contact:
Contact tomasi

Re: Make RB2011 as VLAN Trunk

Mon Oct 16, 2017 9:57 pm

Right,

I found the answer in this wiki:
https://wiki.mikrotik.com/wiki/Vlans_on ... nvironment

Where he says:
Interfaces eth3,eth4 are trunk ports and and only need to forward tagged packets. We do not need to do any tag add/remove so there is no need to add vlans.
Image
Top
Post Reply
  4. RouterOS
  5. General