Community discussions

MikroTik App
 
ZCSadmin
just joined
Topic Author
Posts: 5
Joined: Wed Sep 28, 2022 8:49 pm

VLAN filtering on RB5009

Wed Sep 28, 2022 9:00 pm

Hello,

I am trying to learn the correct config settings for setting up a new RB5009 to replace a hAP router in our small network, segmented with vlans.

I attached an image showing the VLAN/Trunks goal, with ether1 being the WAN port, and a mix of trunk and untagged ports.
I don't have a config to share just yet as I am still in the learning phase, the settings seem quite different from the old router, so want to make sure I am following along accurately, after reading many posts here about VLAN's on this model router.

I think - THINK I need the following for the bridge with vlan interfaces.

/interface bridge
add name=bridge protocol-mode=none

/interface bridge port
add bridge=bridge comment=Trunk interface=sfp-sfpplus1 ingress-filtering=yes frame-types=admit-only-vlan-tagged
add bridge=bridge comment=Access interface=ether2 ingress-filtering=yes frame-types=admit-priority-and-untagged pvid=10
add bridge=bridge comment=Access interface=ether3 ingress-filtering=yes frame-types=admit-priority-and-untagged pvid=10
add bridge=bridge comment=Access interface=ether4 ingress-filtering=yes frame-types=admit-priority-and-untagged pvid=20
add bridge=bridge comment=Trunk interface=ether5 ingress-filtering=yes frame-types=admit-only-vlan-tagged
add bridge=bridge comment=Trunk interface=ether6 ingress-filtering=yes frame-types=admit-only-vlan-tagged
add bridge=bridge comment=Trunk interface=ether7 ingress-filtering=yes frame-types=admit-only-vlan-tagged
add bridge=bridge comment=Access interface=ether8 ingress-filtering=yes frame-types=admit-priority-and-untagged pvid=99


/interface bridge vlan

# Trunk ports
add bridge=bridge tagged=bridge,sfp-sfpplus1,ether5,ether6,ether7 vlan-ids=10,20,30,40,99

# access ports
add bridge=bridge untagged=ether2 vlan-ids=10
add bridge=bridge untagged=ether3 vlan-ids=10
add bridge=bridge untagged=ether4 vlan-ids=20
add bridge=bridge untagged=ether8 vlan-ids=99

Does this look accurate for what I am trying to do? I read through the VLAN guide, and is how I setup the old router vlans, and everything works fine. This new router seems a bit different. On my first try I locked myself out after enabling vlan filtering, so I figured I need to learn the basics of what I am trying to do, then will tackle it again once I have a better understanding.

Thank you
You do not have the required permissions to view the files attached to this post.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 14362
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: VLAN filtering on RB5009

Thu Sep 29, 2022 4:43 pm

Did you read through this...... viewtopic.php?t=143620
 
ZCSadmin
just joined
Topic Author
Posts: 5
Joined: Wed Sep 28, 2022 8:49 pm

Re: VLAN filtering on RB5009

Thu Sep 29, 2022 5:34 pm

Did you read through this...... viewtopic.php?t=143620
Yes, and a few guides over on network berg on youtube.

Here is how far I have gotten so far, thought I had enabled vlan filtering last night, and some other ip pools, but I see this morning it's not enabled. So taking another stab at it, and see if I can get packets flowing the right way, then the firewall rules. ether8 is my management or BASE so I don't lock myself out again.
# jan/01/1970 19:55:03 by RouterOS 7.4
# software id = GJYP-PF1L
#
# model = RB5009UG+S+
# serial number = xxx1212xxx
/interface bridge
add name=bridge protocol-mode=none
/interface vlan
add comment=Users interface=bridge name=VLAN10 vlan-id=10
add comment=CCTV interface=bridge name=VLAN20 vlan-id=20
add comment=Guest interface=bridge name=VLAN30 vlan-id=30
add comment=SRV interface=bridge name=VLAN40 vlan-id=40
add comment=MGMT interface=bridge name=VLAN99 vlan-id=99
/interface list
add comment=JF name=WAN
add comment=JF name=LAN
add comment=JF name=VLAN
add comment=JF name=MGMT
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool1 ranges=192.168.120.2-192.168.120.254
/ip dhcp-server
add address-pool=dhcp_pool1 interface=ether8 name=dhcp1
/interface bridge port
add bridge=bridge comment=Trunk frame-types=admit-only-vlan-tagged interface=sfp-sfpplus1
add bridge=bridge comment=Trunk frame-types=admit-only-vlan-tagged interface=ether5
add bridge=bridge comment=Trunk frame-types=admit-only-vlan-tagged interface=ether6
add bridge=bridge comment=Trunk frame-types=admit-only-vlan-tagged interface=ether7
add bridge=bridge comment=Access frame-types=admit-only-untagged-and-priority-tagged interface=ether2 pvid=10
add bridge=bridge comment=Access frame-types=admit-only-untagged-and-priority-tagged interface=ether3 pvid=10
add bridge=bridge comment=Access frame-types=admit-only-untagged-and-priority-tagged interface=ether4 pvid=20
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface bridge vlan
add bridge=bridge tagged=bridge,sfp-sfpplus1,ether5,ether6,ether7 untagged=ether2,ether3,ether4 vlan-ids=\
    10,20,30,40,99
/interface detect-internet
set detect-interface-list=WAN
/interface list member
add interface=ether1 list=WAN
add interface=bridge list=LAN
add interface=VLAN99 list=MGMT
add interface=VLAN10 list=VLAN
add interface=VLAN20 list=VLAN
add interface=VLAN30 list=VLAN
add interface=VLAN40 list=VLAN
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 14362
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: VLAN filtering on RB5009  [SOLVED]

Thu Sep 29, 2022 5:58 pm

That is not your complete config, no firewall rules and vlan filtering is not enabled ??

(1)
Dont think you are following the link I provided at all and worse a complete lack of understand of the vlan filtering method.
If you did read and profess to know ...........how do yo explain this setting...

/interface bridge vlan
add bridge=bridge tagged=bridge,sfp-sfpplus1,ether5,ether6,ether7 untagged=ether2,ether3,ether4 vlan-ids=\
10,20,30,40,99


Should look more like.
/interface bridge vlan
add bridge=bridge tagged=bridge,sfp-sfpplus1,ether5,ether6,ether7 vlan-ids=30,40,99
add bridge=bridge tagged=bridge,sfp-sfpplus1,ether5,ether6,ether7 untagged=ether2,ether3 vlan-ids=10
add bridge=bridge tagged=bridge,sfp-sfpplus1,ether5,ether6,ether7 untagged=ether4 vlan-ids=20
 
ZCSadmin
just joined
Topic Author
Posts: 5
Joined: Wed Sep 28, 2022 8:49 pm

Re: VLAN filtering on RB5009

Thu Sep 29, 2022 6:17 pm

That is not your complete config, no firewall rules and vlan filtering is not enabled ??

(1)
Dont think you are following the link I provided at all and worse a complete lack of understand of the vlan filtering method.
If you did read and profess to know ...........how do yo explain this setting...

/interface bridge vlan
add bridge=bridge tagged=bridge,sfp-sfpplus1,ether5,ether6,ether7 untagged=ether2,ether3,ether4 vlan-ids=\
10,20,30,40,99


Should look more like.
/interface bridge vlan
add bridge=bridge tagged=bridge,sfp-sfpplus1,ether5,ether6,ether7 vlan-ids=30,40,99
add bridge=bridge tagged=bridge,sfp-sfpplus1,ether5,ether6,ether7 untagged=ether2,ether3 vlan-ids=10
add bridge=bridge tagged=bridge,sfp-sfpplus1,ether5,ether6,ether7 untagged=ether4 vlan-ids=20
Don't know much, still trying to get my head around the concepts (if not obvious lol) - Must admit I was in winbox messing with the vlans in 'safe mode' and somehow lost a portion of the config settings somehow. Still working on the firewall rules. Thanks for the syntax tip.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 14362
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: VLAN filtering on RB5009

Thu Sep 29, 2022 6:38 pm

For firewall rules........
viewtopic.php?t=180838
 
ZCSadmin
just joined
Topic Author
Posts: 5
Joined: Wed Sep 28, 2022 8:49 pm

Re: VLAN filtering on RB5009

Thu Sep 29, 2022 11:31 pm

For firewall rules........
viewtopic.php?t=180838
Thanks for your help anav
 
User avatar
Buckeye
Long time Member
Long time Member
Posts: 557
Joined: Tue Sep 11, 2018 2:03 am
Location: Ohio, USA

Re: VLAN filtering on RB5009

Fri Sep 30, 2022 12:26 am

For firewall rules........
viewtopic.php?t=180838
Thanks for your help anav
@anav has a good Thread with many links to useful information here New User Pathway To Config Success. Section C has stuff you should review. Don't overlook the links to the official documentation, it is worth reading, and has some examples, and the reason for @anav's response in post #4. See this note in this section Trunk/Access port setup where it has this:
misconfigured VLAN table.png
And note @anav's avatar. He often uses hot language and is stubborn. In his own words, it's his way or the highway if want help from him.
You do not have the required permissions to view the files attached to this post.
 
ZCSadmin
just joined
Topic Author
Posts: 5
Joined: Wed Sep 28, 2022 8:49 pm

Re: VLAN filtering on RB5009

Fri Sep 30, 2022 3:37 pm

Thank you for the links Buckeye, I can use all the help I can get. Much appreciated, I don't know how anav puts up with idiot newbies like me, but I am learning.

Who is online

Users browsing this forum: Techknow and 37 guests