...
Many MikroTik devices come with built-in switch chips that usually have an option to do VLAN switching on a hardware level, this means that you can achieve wire-speed performance using VLANs if a proper configuration method is used. The configuration method changes across different models, this guide will focus on setting up a basic trunk/access port set up with a management port from the trunk port using different devices with the right configuration to achieve the best performance and to fully utilize the available hardware components.
CRS3xx, CRS5xx series switches, CCR2116, CCR2216 and RTL8367, 88E6393X, 88E6191X, 88E6190, MT7621 and
...
MT7531 switch chips
...
Code Block | ||
---|---|---|
| ||
/interface bridge add name=bridge1 frame-types=admit-only-vlan-tagged /interface bridge port add bridge=bridge1 interface=ether1 frame-types=admit-only-vlan-tagged add bridge=bridge1 interface=ether2 pvid=20 frame-types=admit-only-untagged-and-priority-tagged add bridge=bridge1 interface=ether3 pvid=30 frame-types=admit-only-untagged-and-priority-tagged /interface bridge vlan add bridge=bridge1 tagged=ether1 vlan-ids=20 add bridge=bridge1 tagged=ether1 vlan-ids=30 add bridge=bridge1 tagged=ether1,bridge1 vlan-ids=99 /interface vlan add interface=bridge1 vlan-id=99 name=MGMT /ip address add address=192.168.99.1/24 interface=MGMT /interface bridge set bridge1 vlan-filtering=yes |
...
Note |
---|
RTL8367, 88E6393X, 88E6191X, 88E6190, MT7621 and MT7621 MT7531 switch chips can use HW offloaded vlan-filtering since RouterOS v7. |
...
Warning |
---|
Not all devices with a switch chip are capable of VLAN switching on a hardware level, check the supported features for each switch chip, the compatibility table can be found here. If a device has |
Note |
---|
On QCA8337 and Atheros8327 switch chips, a default |
...
Note |
---|
This type of configuration should be used on RouterBOARD series devices, this includes RB4xx, RB9xx, RB2011, RB3011, hAP, hEX, cAP, and other devices. |
Note |
---|
By default, the bridge interface is configured with protocol-mode set to |
...
It is possible to do VLAN filtering using the CPU, there are multiple ways to do it, but it is highly recommended by using to use bridge VLAN filtering.
Code Block | ||
---|---|---|
| ||
/interface bridge add name=bridge1 frame-types=admit-only-vlan-tagged /interface bridge port add bridge=bridge1 interface=ether1 frame-types=admit-only-vlan-tagged add bridge=bridge1 interface=ether2 pvid=20 frame-types=admit-only-untagged-and-priority-tagged add bridge=bridge1 interface=ether3 pvid=30 frame-types=admit-only-untagged-and-priority-tagged /interface bridge vlan add bridge=bridge1 tagged=ether1 vlan-ids=20 add bridge=bridge1 tagged=ether1 vlan-ids=30 add bridge=bridge1 tagged=ether1,bridge1 vlan-ids=99 /interface vlan add interface=bridge1 vlan-id=99 name=MGMT /ip address add address=192.168.99.1/24 interface=MGMT /interface bridge set bridge1 vlan-filtering=yes |
...