Hello. I have a hEX S that I wasn't using and decided to play around and learn more about VLANs. The rest of the network is powered by Unifi. In its management console I've created a VLAN with ID 3 called Guest. There's also a DHCP server for the 192.168.3.0/24 subnet for that VLAN.
I'd like the MikroTik to act as a switch but to only allow traffic with VLAN ID 3 set. Normally I think you'd do this on the Unifi switch connected to the MikroTik device. It's a cheap Flex Mini, however, and doesn't support configuring assigning individual ports to a VLAN.
Requirements: all traffic into the hEX S's ethernet port 1 from the Unifi switch must be tagged with ID 3 and then untagged (I think this is done at the bridge level). All traffic out of the ethernet port 1 should have ID 3 tagged.
I've looked at the docs and hammered out the below configuration. Is there a better way to do this? Am I doing anything unnecessary? Thanks.
I'd like the MikroTik to act as a switch but to only allow traffic with VLAN ID 3 set. Normally I think you'd do this on the Unifi switch connected to the MikroTik device. It's a cheap Flex Mini, however, and doesn't support configuring assigning individual ports to a VLAN.
Requirements: all traffic into the hEX S's ethernet port 1 from the Unifi switch must be tagged with ID 3 and then untagged (I think this is done at the bridge level). All traffic out of the ethernet port 1 should have ID 3 tagged.
I've looked at the docs and hammered out the below configuration. Is there a better way to do this? Am I doing anything unnecessary? Thanks.
Code:
/interface bridgeadd name=bridge/interface vlanadd interface=ether1 name=vlan3 vlan-id=3/interface wireless security-profilesset [ find default=yes ] supplicant-identity=MikroTik/interface bridge portadd bridge=bridge frame-types=admit-only-vlan-tagged interface=vlan3add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged interface=ether2 pvid=3add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged interface=ether3 pvid=3add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged interface=ether4 pvid=3add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged interface=ether5 pvid=3/ip neighbor discovery-settingsset discover-interface-list=!dynamic/interface bridge vlanadd bridge=bridge tagged=vlan3 vlan-ids=3/ip dhcp-clientadd disabled=no interface=bridge/system clockset time-zone-name=Europe/LondonStatistics: Posted by DeltaCreek — Sun Mar 17, 2024 10:43 am