Mikrotik RoS 6.41: Big changes in Bridging and VLAN
- Tutorial
RoS developers have announced changes to the work of bridges for a long time, and included this new functionality in the Release Candidate branch, now they have added it to Current.
Now, there is no need to do tricks, like these: Mikrotik: a little trick switch chip .
ATTENTION! Read the warning in Release Notes !!!
Now you can configure VLAN directly in Bridge, and if there is hardware support, the switching chip will take over VLAN and forward traffic between ports (List of supported devices: Bridge Hardware Offloading ).
We turn to the manual and my previous article. The task is to make a bridge for the Internet with a TV set-top box and the rest of the network.
Using tricks with VLAN on the switching chip allowed removing the load from the router’s CPU for sending packets within the same switching group (several groups were emulated using VLAN).
But this problem is now solved in principle simply, since the bridge supports hw-offload, and it all comes down to adding ports to the corresponding bridge, that's it!
Therefore, we complicate the task. In addition to RB951G, I also use RBmAP2nD (both devices do not support hardware unloading), which, in addition to the main WiFi, also has a guest network. Therefore, before it I will have tagged traffic from a regular LAN and guest.
It all starts pretty obvious, we need three bridges:
We pay attention to the vlan-filtering option, it should not be turned on until the rest of the settings are completed, otherwise the router will become unavailable. The pvid option sets the default VLAN for the entire bridge.
We set the VLANs that will be served on the bridges.
Here you can see that we explicitly, directly in the bridge, indicate which ports to tag and which not.
And create the guest network VLAN:
Add the ports we need to the bridges:
By specifying the pvid option, we specify the default vlan for this port. So, using frame-types, we set which packets we are going to receive on the port.
Now turn on vlan-filtering = yes and everything works!
For me, this configuration is more visual, since it does not require to get into the chip settings and somehow “catch up” with how they are related to the settings of interfaces and bridges, but it is not supported in all home models.
What's new?
Now, there is no need to do tricks, like these: Mikrotik: a little trick switch chip .
ATTENTION! Read the warning in Release Notes !!!
Now you can configure VLAN directly in Bridge, and if there is hardware support, the switching chip will take over VLAN and forward traffic between ports (List of supported devices: Bridge Hardware Offloading ).
A bit of practice:
We turn to the manual and my previous article. The task is to make a bridge for the Internet with a TV set-top box and the rest of the network.
Using tricks with VLAN on the switching chip allowed removing the load from the router’s CPU for sending packets within the same switching group (several groups were emulated using VLAN).
But this problem is now solved in principle simply, since the bridge supports hw-offload, and it all comes down to adding ports to the corresponding bridge, that's it!
Therefore, we complicate the task. In addition to RB951G, I also use RBmAP2nD (both devices do not support hardware unloading), which, in addition to the main WiFi, also has a guest network. Therefore, before it I will have tagged traffic from a regular LAN and guest.
It all starts pretty obvious, we need three bridges:
/interface bridge
add name=B-EXT pvid=2 vlan-filtering=no
add comment=defconf name=B-LAN pvid=3 vlan-filtering=no
add arp=reply-only name=B-WG
We pay attention to the vlan-filtering option, it should not be turned on until the rest of the settings are completed, otherwise the router will become unavailable. The pvid option sets the default VLAN for the entire bridge.
We set the VLANs that will be served on the bridges.
/interface bridge vlan
add bridge=B-EXT untagged=ether1,ether3 vlan-ids=2
add bridge=B-LAN tagged=ether2 untagged=ether4,ether5 vlan-ids=3
add bridge=B-LAN tagged=ether2 vlan-ids=4
Here you can see that we explicitly, directly in the bridge, indicate which ports to tag and which not.
And create the guest network VLAN:
/interface vlan
add interface=B-LAN name=V-GST vlan-id=4
Add the ports we need to the bridges:
/interface bridge port
add bridge=B-LAN comment=defconf interface=ether2 pvid=3
add bridge=B-EXT comment=defconf frame-types=admit-only-untagged-and-priority-tagged interface=ether3 pvid=2
add bridge=B-LAN comment=defconf frame-types=admit-only-untagged-and-priority-tagged interface=ether4 pvid=3
add bridge=B-LAN comment=defconf frame-types=admit-only-untagged-and-priority-tagged interface=ether5 pvid=3
add bridge=B-LAN comment=defconf frame-types=admit-only-untagged-and-priority-tagged interface=wl-2ghz pvid=3
add bridge=B-EXT frame-types=admit-only-untagged-and-priority-tagged interface=ether1 pvid=2
add bridge=B-WG interface=V-GST
add bridge=B-WG interface=wlg-2ghz
By specifying the pvid option, we specify the default vlan for this port. So, using frame-types, we set which packets we are going to receive on the port.
Now turn on vlan-filtering = yes and everything works!
For me, this configuration is more visual, since it does not require to get into the chip settings and somehow “catch up” with how they are related to the settings of interfaces and bridges, but it is not supported in all home models.