Versions Compared

Old Version 2

changes.mady.by.user Edgars P.

Saved on

compared with

New Version 9

changes.mady.by.user Edgars P.

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Many MikroTik devices come with built-in switch chips that usually have an option to do VLAN switching on a hardware level, this means that you can achieve wire-speed performance using VLANs if a proper configuration method is used. The configuration method changes across different models, this guide will focus on setting up a basic trunk/access port set up with a management port from the trunk port using different devices with the right configuration to achieve the best performance and to fully utilize the available hardware components.

Image RemovedImage Added

CRS3xx, CRS5xx series switches, CCR2116, CCR2216 and RTL8367, 88E6393X, 88E6191X, 88E6190, MT7621 and

...

MT7531 switch chips

...


Code Block
languageros
/interface bridge
add name=bridge1 frame-types=admit-only-vlan-tagged
/interface bridge port
add bridge=bridge1 interface=ether1 frame-types=admit-only-vlan-tagged
add bridge=bridge1 interface=ether2 pvid=20 frame-types=admit-only-untagged-and-priority-tagged
add bridge=bridge1 interface=ether3 pvid=30 frame-types=admit-only-untagged-and-priority-tagged
/interface bridge vlan
add bridge=bridge1 tagged=ether1 vlan-ids=20
add bridge=bridge1 tagged=ether1 vlan-ids=30
add bridge=bridge1 tagged=ether1,bridge1 vlan-ids=99
/interface vlan
add interface=bridge1 vlan-id=99 name=MGMT
/ip address
add address=192.168.99.1/24 interface=MGMT
/interface bridge
set bridge1 vlan-filtering=yes

More detailed examples can be found here.

Note

RTL8367, 88E6393X, 88E6191X, 88E6190, MT7621 and MT7621 MT7531 switch chips can use HW offloaded vlan-filtering since RouterOS v7.


Note

 Bridge ports with frame-types set to admit-all or admit-only-untagged-and-priority-tagged will be automatically added as untagged ports for the pvid VLAN.

More detailed examples can be found here.

CRS1xx/CRS2xx series switches

...

More detailed examples can be found here.

Other devices with a built-in switch chip

...

Warning

Not all devices with a switch chip are capable of VLAN switching on a hardware level, check the supported features for each switch chip, the compatibility table can be found Herehere. If a device has VLAN table support, then it is capable of VLAN switching using the built-in switch chip. You can check the device's switch chip either in the provided link or by using /interface ethernet switch print


Note

On QCA8337 and Atheros8327 switch On QCA8337 and Atheros8327 switch chips, a default default vlan-header=leave-as-is property  property should be used. The switch chip will determine which ports are access ports by using the the default-vlan-id property property. The The default-vlan-id should  should only be used on access/hybrid ports to specify which VLAN the untagged ingress traffic is assigned to.

...

Note

By default, the bridge interface is configured with protocol-mode set to with protocol-mode set to rstp. For some devices, this can disable hardware offloading because specific switch chips do not support this feature. See the the Bridge Hardware Offloading section  section with supported features.


Note

For devices that have multiple switch chips (for example, RB2011, RB3011, RB1100), each switch chip is only able to switch VLAN traffic between ports that are on the same switch chip, VLAN filtering will not work on a hardware level between ports that are on different switch chips, this means you should not add all ports to a single bridge if you are intending to use VLAN filtering using the switch chip, VLANs between switch chips will not get filtered. You can connect a single cable between both switch chips to work around this hardware limitation, another option is to use Bridge use Bridge VLAN Filtering, but it disables hardware offloading (and lowers the total throughput).

...

More detailed examples can be found here.