Have any question? support@tikdis.com
Any RouterOS device with traffic passing the CPU works as a layer 3 router and will by default route traffic between all it's connected networks. To stop this, you need to use ACLs or the firewall.
An access port (or edge/untagged), is for untagged packets, usually a port where you connect devices like servers/clients.
A trunk port (or core/tagged) is usually used to connect 2 switches - it receives and forwards packets from different VLANs. They are trunked together inside the port/cable.
The hybrid port will allow both untagged and tagged packets on the same port. This can be used for a client, that needs both normal untagged internet data, and a separate secured VLAN network.
To setup VLAN tagging in the router (CPU), add a bridge for the VLAN:
1 | /interface bridge add name=bridge-vlan200 |
Then create the desired VLAN interfaces, and connect them to the uplink interface:
1 | /interface vlan add name=eth1-vlan200 vlan-id=200 interface=ether1 |
And finally to receive untagged vlan200 traffic for a device, add the client port and the vlan to the bridge:
1 2 | /interface bridge port add bridge=bridge-vlan200 interface=eth1-vlan200 /interface bridge port add bridge=bridge-vlan200 interface=ether9 |
If you want ether9 to become a hybrid port, receiving untagged vlan200 and tagged vlan300 traffic, you would need to add:
1 2 3 4 5 | /interface bridge add name=bridge-vlan300 /interface vlan add interface=ether1 name=eth1-vlan300 vlan-id=300 /interface vlan add interface=ether9 name=eth9-vlan300 vlan-id=300 /interface bridge port add bridge=bridge-vlan300 interface=eth1-vlan300 /interface bridge port add bridge=bridge-vlan300 interface=eth9-vlan300 |
Warning! Adding a VLAN to a MikroTik interface, will automatically change the interface to trunk mode, and will take down the link for normal untagged traffic. If you need to add VLANs without downtime for untagged traffic, you have to start by adding a bridge with both the VLAN and the interface, to set change interface to hybrid mode.