I didn't have a problem. I was sharing a solution.

Good idea. HOW TO: sounds good if I share something again. We'll see about an article. I have 5 vlans going across the trunk including access to the native vlan on the switch. The key, I found, was to understand that the packets from the native vlan of the switch do not have vlan tags. I was trying to get vlan1, the native vlan, to commuicate before I added any more. These steps are how I finally did it.

First of all, I posted my configuration as a working example. I don’t think Paul understood my goals and hence failed to understand the configuration I was trying to share. Vlans are configured on bridges in order to have multiple vlans communicate across a single interface as I'll explain.

I’ll begin by saying that I could not find any MikroTik documentation that described what I wanted to accomplish. I researched and read RFCs on 802.1Q, I studied Cisco documentation and I read the Mikrotik documents. What I will describe below was based on what I learned, what the ROS allowed me to configure, and several attempts until I finally figured it all out. It works perfectly to my design. I have multiple sites configured the same way and it makes perfect sense.

I may have failed to show and explain what I wanted to share with everyone the first time. I’ll try to do a better job of explaining how I have my router and switch configured for everyone’s learning pleasure. Names of interfaces and vlans have been changed from the configuration I tried to share before.
--------------------------------------------------------------------------
I have a 4 port NIC in my router. My routers all run Version 3.11 ROS. I have a Cisco 2924 switch. The 4 port NIC and the switch’s highest speed is 100meg.

My design is to have all connectivity go through my switch and then go to router. To accomplish this I needed multiple VLANs configured on the switch and I needed the router to communicate to all the VLANs.

I also wanted to take full advantage of all 4 ports on the 4 port interface. I have bonded Cisco switch ports before for more throughput so I thought bonding the 4 ports in the router to the switch and have an effectively 400meg trunk between my router and my switch for all traffic would be the best utilization of all 4 interfaces.

I patched all 4 Ethernet ports in the router to the Cisco 2924 switch. I then configured those 4 ports in the switch to be in a port group. They all take on the same configuration for VLAN trunking using 802.1q encapsulation, speed, duplex, etc. See below statements.

interface FastEthernet0/1
description => Port Group to MT Router <=
load-interval 30
duplex full
speed 100
timeout absolute 1 0
port group 1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1-3,99,1002-1005
switchport mode trunk
!
interface FastEthernet0/2
description => Port Group to MT Router <=
load-interval 30
duplex full
speed 100
timeout absolute 1 0
port group 1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1-3,99,1002-1005
switchport mode trunk
!
interface FastEthernet0/3
description => Port Group to MT Router <=
load-interval 30
duplex full
speed 100
timeout absolute 1 0
port group 1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1-3,99,1002-1005
switchport mode trunk
!
interface FastEthernet0/4
description => Port Group to MT Router <=
load-interval 30
duplex full
speed 100
timeout absolute 1 0
port group 1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1-3,99,1002-1005
switchport mode trunk

I configured the ROS so all 4 ethernet interfaces in the router are on a bonding interface. This completes the bonding of the four ports I configured in the switch as a port group. I now have an effectively 400meg trunk between my router and my switch for all traffic. The 4 interfaces are labeled F0/0-B1,F0/1-B2,F0/2-B3, and F0/3-B4. I labeled my interfaces close to the way Cisco labels theirs as I work mostly with Cisco equipment. See below configuration statements.

/interface ethernet
set 0 arp=enabled auto-negotiation=no cable-settings=default comment="" \
disable-running-check=yes disabled=no full-duplex=yes mac-address=\
00:0C:41:52:27:80 mtu=1500 name=F0/0-B1 speed=100Mbps
set 1 arp=enabled auto-negotiation=no cable-settings=default comment="" \
disable-running-check=yes disabled=no full-duplex=yes mac-address=\
00:0C:41:52:27:81 mtu=1500 name=F0/1-B2 speed=100Mbps
set 2 arp=enabled auto-negotiation=no cable-settings=default comment="" \
disable-running-check=yes disabled=no full-duplex=yes mac-address=\
00:0C:41:52:27:82 mtu=1500 name=F0/2-B3 speed=100Mbps
set 3 arp=enabled auto-negotiation=no cable-settings=default comment="" \
disable-running-check=yes disabled=no full-duplex=yes mac-address=\
00:0C:41:52:27:83 mtu=1500 name=F0/3-B4 speed=100Mbps


/interface bonding
add arp=enabled arp-interval=100ms comment="" disabled=no down-delay=500ms \
lacp-rate=30secs link-monitoring=mii-type1 mii-interval=100ms mode=\
balance-rr mtu=1500 name=F0/Bonded primary=none slaves=\
F0/0-B1,F0/1-B2,F0/2-B3,F0/3-B4 up-delay=500ms


This is the hard part to explain. Remember my design was to have the router be able to communicate to multiple VLANs on the switch. When I tried to configure multiple vlans to communicate across the bonded interface I found that I could not create multiple vlans to the bonded interface. You have to configure a bridge and then add the bonded interface to the bridge. You then create multiple VLANs on the bridge interface for all VLANs you want to communicate across the bonded trunk to the switch. See my ROS configuration statements below.


/interface bridge
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
comment="" disabled=no forward-delay=15s max-message-age=20s mtu=1500 \
name=F0/Bridge priority=0x8000 protocol-mode=none transmit-hold-count=6

/interface bridge port
add bridge=F0/Bridge comment="" disabled=no edge=auto external-fdb=auto \
horizon=none interface=F0/Bonded path-cost=10 point-to-point=auto \
priority=0x80

/interface vlan
add arp=enabled comment="" disabled=no interface=F0/Bridge mtu=1500 name=\
VLAN2_Servers vlan-id=2
add arp=enabled comment="" disabled=no interface=F0/Bridge mtu=1500 name=\
VLAN3_DMZ vlan-id=3
add arp=enabled comment="" disabled=no interface=F0/Bridge mtu=1500 name=\
VLAN99_Internet vlan-id=99

I learned that the packets from the default vlan, VLAN1 on the switch, do not have vlan tags. So to communicate to the default vlan the bridge interface is configured with an ip address to communicate to that default vlan, VLAN1, on the switch. To communicate to all the other VLANs you configure ip addresses on the corresponding VLAN interfaces in ROSr. See the below ROS statements.

/ip address
add address=10.100.1.1/24 broadcast=10.100.1.255 comment=LAN disabled=no \
interface=F0/Bridge network=10.100.1.0
add address=10.100.3.1/24 broadcast=10.100.3.255 comment=DMZ disabled=no \
interface=VLAN3_DMZ network=10.100.3.0
add address=10.100.2.1/24 broadcast=10.100.2.255 comment=Server disabled=no \
interface=VLAN2_Servers network=10.100.2.0

I get the IP addresses for VLAN99_Internet from my ISP.

/ip dhcp-client
add add-default-route=yes comment="" default-route-distance=0 disabled=no \
interface=VLAN99_Internet use-peer-dns=yes


Now any of the other Csico 2924 switch ports can be configured to access the VLANs configured as VLAN1 – Workgroup vlan, VLAN2 – Servers Vlan, VLAN3 – DMZ vlan, VLAN99 – Internet vlan. I can easily add as many other vlans to the ROS that I would need to communicate across the bonded trunk to the switch, up to 4095 total vlan interfaces.

This completes how I configured ROS for multiple vlans to a Cisco Switch. The rest of the configuration would be as you would configure ROS firewall filters, nats, DHCP, routing, etc as if these where physical interfaces.

First of all, I posted my configuration as a working example. I don’t think Paul understood my goals and hence failed to understand the configuration I was trying to share. Vlans are configured on bridges in order to have multiple vlans communicate across a single interface as I'll explain.

I’ll begin by saying that I could not find any MikroTik documentation that described what I wanted to accomplish. I researched and read RFCs on 802.1Q, I studied Cisco documentation and I read the Mikrotik documents. What I will describe below was based on what I learned, what the ROS allowed me to configure, and several attempts until I finally figured it all out. It works perfectly to my design. I have multiple sites configured the same way and it makes perfect sense.

I may have failed to show and explain what I wanted to share with everyone the first time. I’ll try to do a better job of explaining how I have my router and switch configured for everyone’s learning pleasure. Names of interfaces and vlans have been changed from the configuration I tried to share before.
--------------------------------------------------------------------------
I have a 4 port NIC in my router. My routers all run Version 3.11 ROS. I have a Cisco 2924 switch. The 4 port NIC and the switch’s highest speed is 100meg.

My design is to have all connectivity go through my switch and then go to router. To accomplish this I needed multiple VLANs configured on the switch and I needed the router to communicate to all the VLANs.

I also wanted to take full advantage of all 4 ports on the 4 port interface. I have bonded Cisco switch ports before for more throughput so I thought bonding the 4 ports in the router to the switch and have an effectively 400meg trunk between my router and my switch for all traffic would be the best utilization of all 4 interfaces.

I patched all 4 Ethernet ports in the router to the Cisco 2924 switch. I then configured those 4 ports in the switch to be in a port group. They all take on the same configuration for VLAN trunking using 802.1q encapsulation, speed, duplex, etc. See below statements.

interface FastEthernet0/1
description => Port Group to MT Router <=
load-interval 30
duplex full
speed 100
timeout absolute 1 0
port group 1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1-3,99,1002-1005
switchport mode trunk
!
interface FastEthernet0/2
description => Port Group to MT Router <=
load-interval 30
duplex full
speed 100
timeout absolute 1 0
port group 1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1-3,99,1002-1005
switchport mode trunk
!
interface FastEthernet0/3
description => Port Group to MT Router <=
load-interval 30
duplex full
speed 100
timeout absolute 1 0
port group 1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1-3,99,1002-1005
switchport mode trunk
!
interface FastEthernet0/4
description => Port Group to MT Router <=
load-interval 30
duplex full
speed 100
timeout absolute 1 0
port group 1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1-3,99,1002-1005
switchport mode trunk

I configured the ROS so all 4 ethernet interfaces in the router are on a bonding interface. This completes the bonding of the four ports I configured in the switch as a port group. I now have an effectively 400meg trunk between my router and my switch for all traffic. The 4 interfaces are labeled F0/0-B1,F0/1-B2,F0/2-B3, and F0/3-B4. I labeled my interfaces close to the way Cisco labels theirs as I work mostly with Cisco equipment. See below configuration statements.

/interface ethernet
set 0 arp=enabled auto-negotiation=no cable-settings=default comment="" \
disable-running-check=yes disabled=no full-duplex=yes mac-address=\
00:0C:41:52:27:80 mtu=1500 name=F0/0-B1 speed=100Mbps
set 1 arp=enabled auto-negotiation=no cable-settings=default comment="" \
disable-running-check=yes disabled=no full-duplex=yes mac-address=\
00:0C:41:52:27:81 mtu=1500 name=F0/1-B2 speed=100Mbps
set 2 arp=enabled auto-negotiation=no cable-settings=default comment="" \
disable-running-check=yes disabled=no full-duplex=yes mac-address=\
00:0C:41:52:27:82 mtu=1500 name=F0/2-B3 speed=100Mbps
set 3 arp=enabled auto-negotiation=no cable-settings=default comment="" \
disable-running-check=yes disabled=no full-duplex=yes mac-address=\
00:0C:41:52:27:83 mtu=1500 name=F0/3-B4 speed=100Mbps


/interface bonding
add arp=enabled arp-interval=100ms comment="" disabled=no down-delay=500ms \
lacp-rate=30secs link-monitoring=mii-type1 mii-interval=100ms mode=\
balance-rr mtu=1500 name=F0/Bonded primary=none slaves=\
F0/0-B1,F0/1-B2,F0/2-B3,F0/3-B4 up-delay=500ms


This is the hard part to explain. Remember my design was to have the router be able to communicate to multiple VLANs on the switch. When I tried to configure multiple vlans to communicate across the bonded interface I found that I could not create multiple vlans to the bonded interface. You have to configure a bridge and then add the bonded interface to the bridge. You then create multiple VLANs on the bridge interface for all VLANs you want to communicate across the bonded trunk to the switch. See my ROS configuration statements below.


/interface bridge
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
comment="" disabled=no forward-delay=15s max-message-age=20s mtu=1500 \
name=F0/Bridge priority=0x8000 protocol-mode=none transmit-hold-count=6

/interface bridge port
add bridge=F0/Bridge comment="" disabled=no edge=auto external-fdb=auto \
horizon=none interface=F0/Bonded path-cost=10 point-to-point=auto \
priority=0x80

/interface vlan
add arp=enabled comment="" disabled=no interface=F0/Bridge mtu=1500 name=\
VLAN2_Servers vlan-id=2
add arp=enabled comment="" disabled=no interface=F0/Bridge mtu=1500 name=\
VLAN3_DMZ vlan-id=3
add arp=enabled comment="" disabled=no interface=F0/Bridge mtu=1500 name=\
VLAN99_Internet vlan-id=99

I learned that the packets from the default vlan, VLAN1 on the switch, do not have vlan tags. So to communicate to the default vlan the bridge interface is configured with an ip address to communicate to that default vlan, VLAN1, on the switch. To communicate to all the other VLANs you configure ip addresses on the corresponding VLAN interfaces in ROSr. See the below ROS statements.

/ip address
add address=10.100.1.1/24 broadcast=10.100.1.255 comment=LAN disabled=no \
interface=F0/Bridge network=10.100.1.0
add address=10.100.3.1/24 broadcast=10.100.3.255 comment=DMZ disabled=no \
interface=VLAN3_DMZ network=10.100.3.0
add address=10.100.2.1/24 broadcast=10.100.2.255 comment=Server disabled=no \
interface=VLAN2_Servers network=10.100.2.0

I get the IP addresses for VLAN99_Internet from my ISP.

/ip dhcp-client
add add-default-route=yes comment="" default-route-distance=0 disabled=no \
interface=VLAN99_Internet use-peer-dns=yes


Now any of the other Csico 2924 switch ports can be configured to access the VLANs configured as VLAN1 – Workgroup vlan, VLAN2 – Servers Vlan, VLAN3 – DMZ vlan, VLAN99 – Internet vlan. I can easily add as many other vlans to the ROS that I would need to communicate across the bonded trunk to the switch, up to 4095 total vlan interfaces.

This completes how I configured ROS for multiple vlans to a Cisco Switch. The rest of the configuration would be as you would configure ROS firewall filters, nats, DHCP, routing, etc as if these where physical interfaces.

should i create new interfaces with VLAN{ID} and add that interface to the existing bridge (BRIDGE1=ETH+WLAN) ??

/interface bridge
add name=VLAN100-Bridge

/interface vlan
add interface=ether1 l2mtu=1594 name=vlan100-ether1 vlan-id=100
add interface=wlan1 l2mtu=1596 name=vlan100-wlan vlan-id=100

/interface bridge port
add bridge=VLAN100-Bridge interface=vlan100-ether1
add bridge=VLAN100-Bridge interface=vlan100-wlan