In simple terms, if passing vlans from one smart device to another, this is done normally via a TRUNK PORT at both ends.
There should be no PVID assigned which basically tells the router untag the traffic leaving the port and tag the traffic entering the port with this vlan.
Not relevant between two smart devices carrying many vlans for distribution, at least at one side. Whenever the tagged traffic goes to a dumb device that cannot read vlans, such as a PC, dumb switch, dumb AP etc, that is an access port...
For example I look at this...........note the slight modification I made...
That most of your ports are access ports leading to dumb devices. Everything seems correct!
Bridge ports 2-5 are part of the vlan10 subnet and Bridge port 6 is part of the vlan20subnet.
/interface bridge port
add bridge=bridge1 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged interface=ether2 pvid=10 {access port}
add bridge=bridge1 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged interface=ether3 pvid=10 {access port}
add bridge=bridge1 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged interface=ether4 pvid=10 {access port}
add bridge=bridge1 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged interface=ether5 pvid=10 {access port}
add bridge=bridge1 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged interface=ether6 pvid=20 {access port}
add bridge=bridge1 ingress-filtering=yes frame-types=admit-only-vlan-tagged interface=combo1 {trunk port}
Hybrid ports tend to be rare, but one can only have one untagged vlan at any port regardless of type ( can only strip or add back in one vlan) and the rest are one or more tagged vlans that flow through like a trunk port.
The key is that both devices at either side are capable of dealing with hybrid ports.
Where you didn,t manage to follow the linked document is the /bridge vlan settings. Think of these as detailing each VLAN separately.
1. In general, the bridge should be tagged along with any ports requiring tagging for all vlans.
2. Each line shall accurately depict what traffic is flowing at each port for that VLAN.
3. Ports that require untagging NEED NOT BE entered for a vlan but the bridge still needs to be tagged.
The reason is that with PVID set on the bridge port, the router at traffic flow time will automatically add the untagged port to the config (dynamically).
HOWEVER, I prefer and recommend that folks manually put in the untaggings so that they can cross-check the config against /interface bridge ports to make sure everything makes sense visually.
4. In your case below, it may seem right, but what you have missed is the bridge tagging. I would also manually insert the untaggings.
From:
/interface bridge vlan
add bridge=bridge1 tagged=combo1 vlan-ids=10
add bridge=bridge1 tagged=combo1 vlan-ids=20
TO:
/interface bridge vlan
add bridge=bridge1 tagged=bridge,combo1 untagged=ether2,ether3,ether4,ether5 vlan-ids=10
add bridge=bridge1 tagged=bridge,combo1 untagged=ether6 vlan-ids=20
There should be no PVID assigned which basically tells the router untag the traffic leaving the port and tag the traffic entering the port with this vlan.
Not relevant between two smart devices carrying many vlans for distribution, at least at one side. Whenever the tagged traffic goes to a dumb device that cannot read vlans, such as a PC, dumb switch, dumb AP etc, that is an access port...
For example I look at this...........note the slight modification I made...
That most of your ports are access ports leading to dumb devices. Everything seems correct!
Bridge ports 2-5 are part of the vlan10 subnet and Bridge port 6 is part of the vlan20subnet.
/interface bridge port
add bridge=bridge1 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged interface=ether2 pvid=10 {access port}
add bridge=bridge1 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged interface=ether3 pvid=10 {access port}
add bridge=bridge1 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged interface=ether4 pvid=10 {access port}
add bridge=bridge1 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged interface=ether5 pvid=10 {access port}
add bridge=bridge1 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged interface=ether6 pvid=20 {access port}
add bridge=bridge1 ingress-filtering=yes frame-types=admit-only-vlan-tagged interface=combo1 {trunk port}
Hybrid ports tend to be rare, but one can only have one untagged vlan at any port regardless of type ( can only strip or add back in one vlan) and the rest are one or more tagged vlans that flow through like a trunk port.
The key is that both devices at either side are capable of dealing with hybrid ports.
Where you didn,t manage to follow the linked document is the /bridge vlan settings. Think of these as detailing each VLAN separately.
1. In general, the bridge should be tagged along with any ports requiring tagging for all vlans.
2. Each line shall accurately depict what traffic is flowing at each port for that VLAN.
3. Ports that require untagging NEED NOT BE entered for a vlan but the bridge still needs to be tagged.
The reason is that with PVID set on the bridge port, the router at traffic flow time will automatically add the untagged port to the config (dynamically).
HOWEVER, I prefer and recommend that folks manually put in the untaggings so that they can cross-check the config against /interface bridge ports to make sure everything makes sense visually.
4. In your case below, it may seem right, but what you have missed is the bridge tagging. I would also manually insert the untaggings.
From:
/interface bridge vlan
add bridge=bridge1 tagged=combo1 vlan-ids=10
add bridge=bridge1 tagged=combo1 vlan-ids=20
TO:
/interface bridge vlan
add bridge=bridge1 tagged=bridge,combo1 untagged=ether2,ether3,ether4,ether5 vlan-ids=10
add bridge=bridge1 tagged=bridge,combo1 untagged=ether6 vlan-ids=20
Statistics: Posted by anav — Sat Jan 20, 2024 3:24 pm