Hahah,
Yes I will eat humble pie, I only looked at the example on the first page of the article........
Where it says to create the bridge and its very simple and notes add vlan-filtering=yes at the end.
/interface bridge
add name=bridge1
It later shows this setup as follows:
/interface bridge set bridge1 vlan-filtering=yes
Then they get into side niche examples where they put a different PVID on the bridge itself other than the default 1,
and after they show an example of setting frame types on the bridge itself, which is more of a switch approach and
by the way removes functionality...................
This does not only drop untagged packets, but disables the feature that dynamically adds untagged ports to the bridge VLAN table. If you print out the current bridge VLAN table you would notice that bridge1 is not dynamically added as an untagged port: ******
Neither of these side examples are needed in your simple case. All they serve to do is confuse the reader IMHO. As i stated, there doc are NOT to be used verbatim in your configs, but are presented for an overall understanding, often convoluted or confusing, of the available functionality.
What you should do is apply ingress filtering and frame types on each port ( /interface bridge ports ) and you are good to go.
****** I suspect this may have some negative effects sooner or later on your traffic..... especially because you do not manually untag ports (like I always do) and assume that the router will do it dynamically !!!
/interface bridge vlan
add bridge=bridge1 tagged=ether1,bridge1 vlan-ids=10
add bridge=bridge1 tagged=ether1,bridge1 vlan-ids=20 ( you assume untagged on ether3 )
add bridge=bridge1 tagged=ether1,bridge1 vlan-ids=30 ( you assume untagged on wifi1,wifi2 )
add bridge=bridge1 tagged=ether1,bridge1 vlan-ids=40 ( you assume untagged on wifi3 )
add bridge=bridge1 tagged=ether1,bridge1 vlan-ids=50 ( you assume untagged on wifi4 )
Yes I will eat humble pie, I only looked at the example on the first page of the article........
Where it says to create the bridge and its very simple and notes add vlan-filtering=yes at the end.
/interface bridge
add name=bridge1
It later shows this setup as follows:
/interface bridge set bridge1 vlan-filtering=yes
Then they get into side niche examples where they put a different PVID on the bridge itself other than the default 1,
and after they show an example of setting frame types on the bridge itself, which is more of a switch approach and
by the way removes functionality...................
This does not only drop untagged packets, but disables the feature that dynamically adds untagged ports to the bridge VLAN table. If you print out the current bridge VLAN table you would notice that bridge1 is not dynamically added as an untagged port: ******
Neither of these side examples are needed in your simple case. All they serve to do is confuse the reader IMHO. As i stated, there doc are NOT to be used verbatim in your configs, but are presented for an overall understanding, often convoluted or confusing, of the available functionality.
What you should do is apply ingress filtering and frame types on each port ( /interface bridge ports ) and you are good to go.
****** I suspect this may have some negative effects sooner or later on your traffic..... especially because you do not manually untag ports (like I always do) and assume that the router will do it dynamically !!!
/interface bridge vlan
add bridge=bridge1 tagged=ether1,bridge1 vlan-ids=10
add bridge=bridge1 tagged=ether1,bridge1 vlan-ids=20 ( you assume untagged on ether3 )
add bridge=bridge1 tagged=ether1,bridge1 vlan-ids=30 ( you assume untagged on wifi1,wifi2 )
add bridge=bridge1 tagged=ether1,bridge1 vlan-ids=40 ( you assume untagged on wifi3 )
add bridge=bridge1 tagged=ether1,bridge1 vlan-ids=50 ( you assume untagged on wifi4 )
Statistics: Posted by anav — Wed Mar 13, 2024 5:31 pm