MikroTik

Hello there, I successfully running RB450 router with VLAN config. Ether4 port is a trunk port which is working fine (connected to CRS354). Now I wanted to use another port (ether3) on RB450 as access port to one of the VLANs. Unfortunately, i can't connect to the desired network through it.

/interface bridge
add name=br-WAN
add name=br-switch1

/interface bridge port
add bridge=br-WAN interface=ether1
add bridge=br-switch1 interface=ether2
add bridge=br-switch1 interface=ether3
add bridge=br-switch1 interface=ether4
add bridge=br-switch1 interface=ether5

/interface vlan
add interface=br-switch1 name=vlan-PUBLIC vlan-id=3
add interface=br-switch1 name=vlan-KS vlan-id=4

/interface ethernet switch
set switch1 switch-all-ports=no

/interface ethernet switch port
set ether2 vlan-mode=disabled
set ether3 default-vlan-id=3 vlan-header=always-strip vlan-mode=secure
set ether4 vlan-header=add-if-missing vlan-mode=secure
set ether5 vlan-mode=disabled
set switch1-cpu vlan-mode=secure

/interface ethernet switch vlan
add ports=ether3,ether4,switch1-cpu switch=switch1 vlan-id=3
add ports=ether4,switch1-cpu switch=switch1 vlan-id=4

You should configure it as:

I have vlan-header=leave-as-is on switch1-cpu. It's the default value so not showing in my config export.

Configuration seems fine to me.

Did you try to cold-boot device after changing configuration of VLANs? I seem to remember rare cases where configuration did not apply properly after change in ROS and (oddly enough) did not apply at warm boot (reboot). Cold boot (power off, disconnect power for a few minutes, power on) did help.

Configuration seems fine to me.

Did you try to cold-boot device after changing configuration of VLANs? I seem to remember rare cases where configuration did not apply properly after change in ROS and (oddly enough) did not apply at warm boot (reboot). Cold boot (power off, disconnect power for a few minutes, power on) did help.

no luck

What RouterOS version and firmware are you running?

What RouterOS version and firmware are you running?

both 7.4.1

What exactly do you mean by "I can't connect to the desired network through it."?
Is this the complete export?
Why is there a second bridge (though not related)?
Can you also share the config of the CRS354?

Which model do you have, RB450G or RB450Gx4?

Two different chips and needs to be configured differently

What exactly do you mean by "I can't connect to the desired network through it."?
Is this the complete export?
Why is there a second bridge (though not related)?
Can you also share the config of the CRS354?

There are DHCP servers + couple of virtual servers on each VLAN. Can't get the IP or connect to servers with static config on access port client.
Second bridge is not related, it's WAN interface on ether1 (which excluded from the switch group - /interface ethernet switch set switch1 switch-all-ports=no).
CRS354 running SWOS so can't export. But it's running fine (uplink from RB450 ether4, access and trunk ports working as expected).

Which model do you have, RB450G or RB450Gx4?

Two different chips and needs to be configured differently

RB450G with Atheros8316. Can you provide some hint regarding "needs to be configured differently"? I have another router with Atheros 8327 which running just fine. But can't find anywhere the required configuration differences.

You should configure it as:

Code: Select all

set switch1-cpu vlan-header=leave-as-is vlan-mode=secure

So instead of:
I used:
Both trunk and access port are working now as expected.