MikroTik

Been reading pcunite's work on VLANs.
viewtopic.php?f=13&t=143620

I have a question about "Switch with a separate router (RoaS)". I understand why these examples fully VLAN all traffic. However, in my small system, I'd prefer to mix in untagged traffic as slightly more trusted, and keep IOT and guest WLAN on VLANs. I'm not clear on how this would change the configuration.

My assumptions for changing the "blue" ports to untagged:

# Purple Trunk. These need IP Services (L3), so add Bridge as member
add bridge=BR1 untagged=BR1,ether2,ether3,ether4,ether5,ether6,ether7,sfp1
add bridge=BR1 tagged=BR1,ether2,ether3,ether4,ether5,ether6,ether7,sfp1 vlan-ids=20
add bridge=BR1 tagged=BR1,ether2,ether3,ether4,ether5,ether6,ether7,sfp1 vlan-ids=30

# Blue VLAN interface creation, IP assignment, and DHCP service
/interface vlan add interface=BR1 name=BLUE_LAN
/ip address add interface=BLUE_LAN address=10.0.10.1/24
/ip pool add name=BLUE_POOL ranges=10.0.10.2-10.0.10.254
/ip dhcp-server add address-pool=BLUE_POOL interface=BLUE_LAN name=BLUE_DHCP disabled=no
/ip dhcp-server network add address=10.0.10.0/24 dns-server=192.168.0.1 gateway=10.0.10.1

I think your missing the point. Untagged traffic is not for the purpose of subnetting a specific LAN. It is a functionality to enable the admin to indicate to the router which interfaces need the tagged vlan stripped off before reaching the other end of the cable connected to the port. This is typical of access ports which are connected to PCs, printers etc.............

Also with your presented config you have one foot in the vlan door and one foot out the vlan door which will not work.
There is not advantage to take your home trusted blue vlan and remove it from its vlan structure, so not sure I understand why you are going down this route.
Furthermore you cannot magically add your homelan to any trunk port which is very limiting.
You could I suppose add the homelan subnet to the bridge itself, but one important aspect of entire linked thread was to eliminate the confusing practice of putting the subnet on the bridge and using PVID=1 for more than jus the default setting on bridges, switches etc........

Finally, is there anything that is prevented by using Blue VLan for homelan (trusted). Answer = No, so why change it?

Thanks very much for clarifying this for me. Probably because I'm new to all this, I did not quite get that understanding out of the VLAN post. I appreciate your thorough replay. Hopefully, in the coming days I'll take a stab at implementing this. Worst case, I've become very familiar with the reset button, and restoring my configuration.

Thanks very much for clarifying this for me. Probably because I'm new to all this, I did not quite get that understanding out of the VLAN post. I appreciate your thorough replay. Hopefully, in the coming days I'll take a stab at implementing this. Worst case, I've become very familiar with the reset button, and restoring my configuration.

Let me direct you to the SAFE MODE button at the top of the winbox page. It is your new BFF when touching your config.

Funny! My brother, who works on networks at a small carrier, told me the same thing last night.

By the way, my Mikrotik stuff was a Christmas gift from him. Something to keep me occupied.... it's certainly done that!

Funny! My brother, who works on networks at a small carrier, told me the same thing last night.

By the way, my Mikrotik stuff was a Christmas gift from him. Something to keep me occupied.... it's certainly done that!

So, there is a family plot at foot to drive you stark raving mad! ;-=)