MikroTik

Community discussions
https://forum.mikrotik.com/

advice/pitfalls of switch rule set vlan from mac

https://forum.mikrotik.com/viewtopic.php?t=202964

Page 1 of 1

advice/pitfalls of switch rule set vlan from mac

Posted: Tue Jan 02, 2024 3:50 am
by syadnom
Hi all. I'm looking to do some mac based vlans on netpower 16p. I have a radio that can't handle setting vlans, and the CPE also cannot. I need to split the users on the radio out into two groups. 'normal' and 'vlan'.

As I understand it, and I haven't done this in production yet so I'm looking to be corrected if I'm wrong, I should be able to create a rule as follows:

/interface ethernet switch rule
add switch=switch1 ports=ether1-AP1 src-mac-addres=xxxx/FFFFFFFFFFFF new-vlan-id=50

ether1-AP1 would have a vlan 50 attached (ether1-AP1-v50) and that would be added to a bridge-v50 which is has a vlan (or vxlan or vpls etc) back to the core.

The goal is to attach the CPE to a VLAN at the core through the network but do so selectively, some CPE would remain in the default vlan.

Any pitfalls I should worry about for those doing this or similar?

Also, in looking at the mikrotik notes, it's unclear if I need a second rule with dst-mac-address

Re: advice/pitfalls of switch rule set vlan from mac

Posted: Tue Jan 02, 2024 2:19 pm
by netravnen
The example from the docs is:
Add VLANs in the Bridge VLAN table and specify ports:
Code: Select all
/interface bridge vlan
add bridge=bridge1 tagged=ether2 untagged=ether7 vlan-ids=200,300,400
Add Switch rules which assign VLAN id based on MAC address:
Code: Select all
/interface ethernet switch rule
add switch=switch1 ports=ether7 src-mac-address=A4:12:6D:77:94:43/FF:FF:FF:FF:FF:FF new-vlan-id=200
add switch=switch1 ports=ether7 src-mac-address=84:37:62:DF:04:20/FF:FF:FF:FF:FF:FF new-vlan-id=300
add switch=switch1 ports=ether7 src-mac-address=E7:16:34:A1:CD:18/FF:FF:FF:FF:FF:FF new-vlan-id=400
Following your except. The keypart is to remember to add the VLANs you created as MAC-based VLAN's as untagged under bridge vlan's.
Code: Select all
/interface bridge vlan
add bridge=<bridge> tagged=<core-facing-port1>,<core-facing-port2> untagged=ether1-AP1 vlan-ids=50,<x1>,x2>,<x3>,etc.
No need to create a switch rule in the reverse direction. If you want to follow the docs reference example.

Re: advice/pitfalls of switch rule set vlan from mac

Posted: Tue Jan 02, 2024 7:14 pm
by syadnom
I see the configurations in the docs, but this is Mikrotik. I don't mean to throw any shade here because I really love the products, but it's a kit that you really need to know the ins and outs of each feature before deploying it.

Basically, is this feature 'as advertised' without any glaring bugs?
All times are UTC+03:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/