Mikrotik RoS 6.41: Big Changes in Bridging and VLAN
RoS developers have long ago announced changes in the operation of bridges (bridge), and included this new functionality in the Release Candidate branch, and now they have added this to Current.
Now, there is no need to do tricks like these: Mikrotik: a little trick switch chip .
ATTENTION! Read the warning in the release notes !!!
Now you can configure VLAN directly in Bridge, while having hardware support, the switching chip will take over the work with VLAN and transfer traffic between ports (List of supported devices: Bridge Hardware Offloading ).
Referring to the manual and my previous article. The task is to make a bridge for the Internet with a set-top box and the rest of the network.
')
Using tricks with VLANs on the switching chip made it possible to remove the load from the CPU router for sending packets within the same switching group (they emulated several groups using VLAN).
But such a task is solved in principle now elementary, since the bridge supports hw-offload, and it all comes down to adding ports to the appropriate bridge, that's all!
Therefore, we complicate the task. In addition to RB951G, I use RBmAP2nD (both devices do not support hardware unloading), which in addition to the main WiFi also keeps a guest network. Therefore, before him I will have the tagged traffic of the usual local and guest traffic.
It all starts pretty obvious, we need three bridges:
Pay attention to the vlan-filtering option, it should not be turned on until the rest of the settings are completed, otherwise the router will become unavailable. The pvid option sets the default VLAN for the entire bridge.
We set VLAN which will be serviced on bridges.
Here you can see that we explicitly, directly in the bridge, indicate which ports to tag and which ones not to tag.
And create a VLAN of the guest network:
Add the ports we need to the bridges:
Specifying the pvid option, we specify the default vlan for this port. Also, using frame-types, we specify which packets we are going to receive on the port.
Now turn on vlan-filtering = yes and everything works!
For me, this configuration is clearer, since it does not require to go into the chip settings, and somehow “catch up” as they relate to the settings of interfaces and bridges, but is not supported in all home models.
What's new?
Now, there is no need to do tricks like these: Mikrotik: a little trick switch chip .
ATTENTION! Read the warning in the release notes !!!
Now you can configure VLAN directly in Bridge, while having hardware support, the switching chip will take over the work with VLAN and transfer traffic between ports (List of supported devices: Bridge Hardware Offloading ).
A bit of practice:
Referring to the manual and my previous article. The task is to make a bridge for the Internet with a set-top box and the rest of the network.
')
Using tricks with VLANs on the switching chip made it possible to remove the load from the CPU router for sending packets within the same switching group (they emulated several groups using VLAN).
But such a task is solved in principle now elementary, since the bridge supports hw-offload, and it all comes down to adding ports to the appropriate bridge, that's all!
Therefore, we complicate the task. In addition to RB951G, I use RBmAP2nD (both devices do not support hardware unloading), which in addition to the main WiFi also keeps a guest network. Therefore, before him I will have the tagged traffic of the usual local and guest traffic.
It all starts pretty obvious, we need three bridges:
/interface bridge add name=B-EXT pvid=2 vlan-filtering=no add comment=defconf name=B-LAN pvid=3 vlan-filtering=no add arp=reply-only name=B-WG Pay attention to the vlan-filtering option, it should not be turned on until the rest of the settings are completed, otherwise the router will become unavailable. The pvid option sets the default VLAN for the entire bridge.
We set VLAN which will be serviced on bridges.
/interface bridge vlan add bridge=B-EXT untagged=ether1,ether3 vlan-ids=2 add bridge=B-LAN tagged=ether2 untagged=ether4,ether5 vlan-ids=3 add bridge=B-LAN tagged=ether2 vlan-ids=4 Here you can see that we explicitly, directly in the bridge, indicate which ports to tag and which ones not to tag.
And create a VLAN of the guest network:
/interface vlan add interface=B-LAN name=V-GST vlan-id=4 Add the ports we need to the bridges:
/interface bridge port add bridge=B-LAN comment=defconf interface=ether2 pvid=3 add bridge=B-EXT comment=defconf frame-types=admit-only-untagged-and-priority-tagged interface=ether3 pvid=2 add bridge=B-LAN comment=defconf frame-types=admit-only-untagged-and-priority-tagged interface=ether4 pvid=3 add bridge=B-LAN comment=defconf frame-types=admit-only-untagged-and-priority-tagged interface=ether5 pvid=3 add bridge=B-LAN comment=defconf frame-types=admit-only-untagged-and-priority-tagged interface=wl-2ghz pvid=3 add bridge=B-EXT frame-types=admit-only-untagged-and-priority-tagged interface=ether1 pvid=2 add bridge=B-WG interface=V-GST add bridge=B-WG interface=wlg-2ghz Specifying the pvid option, we specify the default vlan for this port. Also, using frame-types, we specify which packets we are going to receive on the port.
Now turn on vlan-filtering = yes and everything works!
For me, this configuration is clearer, since it does not require to go into the chip settings, and somehow “catch up” as they relate to the settings of interfaces and bridges, but is not supported in all home models.
Source: https://habr.com/ru/post/345374/
All Articles