I am trying to learn the correct config settings for setting up a new RB5009 to replace a hAP router in our small network, segmented with vlans.
I attached an image showing the VLAN/Trunks goal, with ether1 being the WAN port, and a mix of trunk and untagged ports.
I don't have a config to share just yet as I am still in the learning phase, the settings seem quite different from the old router, so want to make sure I am following along accurately, after reading many posts here about VLAN's on this model router.
I think - THINK I need the following for the bridge with vlan interfaces.
add name=bridge protocol-mode=none
/interface bridge port
add bridge=bridge comment=Trunk interface=sfp-sfpplus1 ingress-filtering=yes frame-types=admit-only-vlan-tagged
add bridge=bridge comment=Access interface=ether2 ingress-filtering=yes frame-types=admit-priority-and-untagged pvid=10
add bridge=bridge comment=Access interface=ether3 ingress-filtering=yes frame-types=admit-priority-and-untagged pvid=10
add bridge=bridge comment=Access interface=ether4 ingress-filtering=yes frame-types=admit-priority-and-untagged pvid=20
add bridge=bridge comment=Trunk interface=ether5 ingress-filtering=yes frame-types=admit-only-vlan-tagged
add bridge=bridge comment=Trunk interface=ether6 ingress-filtering=yes frame-types=admit-only-vlan-tagged
add bridge=bridge comment=Trunk interface=ether7 ingress-filtering=yes frame-types=admit-only-vlan-tagged
add bridge=bridge comment=Access interface=ether8 ingress-filtering=yes frame-types=admit-priority-and-untagged pvid=99
/interface bridge vlan
# Trunk ports
add bridge=bridge tagged=bridge,sfp-sfpplus1,ether5,ether6,ether7 vlan-ids=10,20,30,40,99
# access ports
add bridge=bridge untagged=ether2 vlan-ids=10
add bridge=bridge untagged=ether3 vlan-ids=10
add bridge=bridge untagged=ether4 vlan-ids=20
add bridge=bridge untagged=ether8 vlan-ids=99
Does this look accurate for what I am trying to do? I read through the VLAN guide, and is how I setup the old router vlans, and everything works fine. This new router seems a bit different. On my first try I locked myself out after enabling vlan filtering, so I figured I need to learn the basics of what I am trying to do, then will tackle it again once I have a better understanding.