marking VLANs
Posted: Sat Apr 08, 2006 10:04 am
It may sound stupid, but how do I mark VLANs that pass through Mikrotik box configured as bridge?
.Page 1 of 1
Posted: Mon Apr 10, 2006 10:51 am
I can not understand what exactly do you mean. However, there is a problem about marking whatever traffic on bridge interfaces in 2.9.x versions .
.Re: marking VLANs
Posted: Tue Apr 11, 2006 3:19 pm
You would do that in bridge firewall.It may sound stupid, but how do I mark VLANs that pass through Mikrotik box configured as bridge?
Posted: Thu Apr 20, 2006 11:23 am
I propably asked question incorrectly. Let's assume that I have a Mikrotik box with two interfaces configured as bridge. I want the traffic which is passing trough it to belong to certain VLAN. On a hardware switch it would be setting one port to VLAN ID 32 (for example) and other to trunk port. It is very simple thing, but I can't find it in Mikrotik. 
Posted: Thu Apr 20, 2006 2:02 pm
Hmmm.. I may stand corrected, but configure the Bridge with the VLAN Interface, not the Ethernet Interface.
Posted: Thu Apr 20, 2006 2:57 pm
May you explain in a more detailed way? 
Posted: Thu Apr 20, 2006 3:02 pm
NETWORK -> Ether1 (MT) VLAN Interface -> NETWORK
Bridge acrross Ether1 and VLAN Interface.
Basically, you wont be able to bridge into a VLAN if the bridge is not part of the VLan, that's what the 'setting one port to VLAN ID 32' does. So basically, create a VLAN Interface on the MT, join the correct VLAN ID and make sure that works. Then bridge your other Ethernet Interface and the newly created VLAN Interface together and pass the traffic.
Not tested, but it *should* work fine...
Bridge acrross Ether1 and VLAN Interface.
Basically, you wont be able to bridge into a VLAN if the bridge is not part of the VLan, that's what the 'setting one port to VLAN ID 32' does. So basically, create a VLAN Interface on the MT, join the correct VLAN ID and make sure that works. Then bridge your other Ethernet Interface and the newly created VLAN Interface together and pass the traffic.
Not tested, but it *should* work fine...
Posted: Thu Apr 20, 2006 5:56 pm
It is still not exactly that.
Please, consider following situation. We have 2 layer network which is connected to MT switch. In that network traffic is flawing without any VLAN tags because it is built not on "smart" switches. To go to another network segment, traffic needs to pass MT switch, which has 2 ports. I want traffic which goes through this MT bridge to start belonging to some VLAN. Am I clear enough?
Thank you for your help, I appreciate it so much.
Please, consider following situation. We have 2 layer network which is connected to MT switch. In that network traffic is flawing without any VLAN tags because it is built not on "smart" switches. To go to another network segment, traffic needs to pass MT switch, which has 2 ports. I want traffic which goes through this MT bridge to start belonging to some VLAN. Am I clear enough?
Thank you for your help, I appreciate it so much.
Posted: Thu Apr 20, 2006 6:09 pm
Have you tried it?
I know what you're talking about - MT *should* be able to do it like that. If it doesn't work MT would need to look at it because it should strip the VLAN tag off the packet when it exits over Ethernet.
What you are configuring is basically standard Ethernet going into a VLAN Trunk on another Ethernet segment. MT should strip the VLAN Tag of packets exiting via Ethernet, and add the VLAN Tags for packets going into the trunk.
Your alternative if you don't wish to try it and report back on it, would be to go and buy something like a Catalyst and configure a VLAN Trunk port.
--
C
I know what you're talking about - MT *should* be able to do it like that. If it doesn't work MT would need to look at it because it should strip the VLAN tag off the packet when it exits over Ethernet.
What you are configuring is basically standard Ethernet going into a VLAN Trunk on another Ethernet segment. MT should strip the VLAN Tag of packets exiting via Ethernet, and add the VLAN Tags for packets going into the trunk.
Your alternative if you don't wish to try it and report back on it, would be to go and buy something like a Catalyst and configure a VLAN Trunk port.
--
C
Posted: Thu Apr 20, 2006 7:19 pm
Let's assume that ether1 is interface connected to "internal" network, and ether2 is connected to "external" one, it means traffic going from ether1 to ether2 should start belonging to vlan, and traffic going from ether2 to ether1 should be stripped (vlan ids removed). To what interface should I add VLAN interface? After adding vlan interface, what interfaces should be bridged?
Posted: Thu Apr 20, 2006 8:14 pm
To the interface connected to the vlan obviously.... ?
Ether1
- Internal Network
Ether2
VLAN Interface ID 10
VLAN Interface ID 40
VLAN Interface ID 100
Bridge between Ether1 and VLAN 40, traffic over the bridge will be part of VLAN 40 exiting on Ether2, and not be part of any VLAN on Ether1. For this to work the Interfaces that you bridge over, will be Ether1 and VLAN Interface ID 40
You must first create a Virtual Interface on the MT that is part of the VLAN, and then bridge that Virtual Interface to what ever Interface you want to pass into the VLAN... It can't be that hard to understand?
--
C
Ether1
- Internal Network
Ether2
VLAN Interface ID 10
VLAN Interface ID 40
VLAN Interface ID 100
Bridge between Ether1 and VLAN 40, traffic over the bridge will be part of VLAN 40 exiting on Ether2, and not be part of any VLAN on Ether1. For this to work the Interfaces that you bridge over, will be Ether1 and VLAN Interface ID 40
You must first create a Virtual Interface on the MT that is part of the VLAN, and then bridge that Virtual Interface to what ever Interface you want to pass into the VLAN... It can't be that hard to understand?
--
C
Posted: Fri Apr 21, 2006 4:02 pm
Ok, I see. Now I understand it clearly, we will make some tests now. Thank you!