Bridge VLAN Filtering on MikroTik

Bridge VLAN Filtering Tutorial on CRS Series Switch or Router. A feature that allows you to set and manage VLANs. It is used to ensure that VLANs on the network through the bridge device can be filtered or filtered according to the VLAN settings you specify.

1. Topology

Here I utilize 2 Routers so it's like a Switch, 3 ROS (1 Router, 2 Switches).

2. Configuration

Lessgo to the configuration stage 🤙.

A. Router (RTR)

Configure IP Address, Firewall NAT, DNS Server, DHCP Server, and create vlan10, vlan20, vlan99 on ether2 pointing to the switch.

VLAN99-MGMT = 172.16.1.0/29
VLAN10 = 10.10.10.0/24
VLAN20 = 10.20.20.0/24

B. Switch (SW-CORE)

Here the role of SW-CORE is as a bridge to SW-Distries that connect directly to clients with vlan10 and vlan20, so the role of SW-CORE is very crucial.

Actually, it could be SW-Distry directly to the Router, I just added SW-CORE so that you understand what to configure if you later encounter a case like this (RTR> SW1> SW2> Client).

• Create a vlan99-MGMT on ether1 that points to the Router

• First create the bridge interface, free name, and set the IP Address at 172.16.1.2/29 on the Bridge interface

• After it is created, enter the Ports tab, enter which port you want to broadcast / forward the vlan, here according to the topology is ether1, ether2, oiya and don't forget to enter the vlan99-MGMT too, because it is he who plays the role of forwarding the vlan header, (replacement for vlan1). And set all interfaces that go to PVID 99, change from 1 to 99.

  

• Then go to the VLANs tab, set according to the image below, which ones want to be Tagged and Untagged.

  

• After that, we just go to the Bridge tab, double click on the bridge interface name, set the PVID to 99

  

C. Switch (SW-Distri)

This is where the role of SW-Distri as a direct link to the client, lessgo just set it up, here I configure ether2 in vlan10 and ether3 in vlan20.

• First create the bridge interface, free name, and set the IP Address at 172.16.1.3/29 on the Bridge interface.

• After it is created, enter the Ports tab, you must pay attention to the PVID, ether1 which leads to SW-CORE must be 99, ether2 in 10 and ether3 in 20.

  

• Click the VLANs tab, and set it according to the image below, yes the D (Dynamic) symbol is there because I have set the VLAN Filtering, but to prevent it from not being able to be on the remote switch, it would be better to set it first in the VLANs tab, or you can also activate the RoMON feature.

  

• After that, we just go to the Bridge tab, double click on the bridge interface name, set the PVID to 99

  

3. Testing

   Finally, we will do testing on the PC Client, remember, ether2 vlan10, ether3 vlan20.

   We start at VPC-VL10 first (vlan10):

   • Click the PC, then type ip dhcp.

   • Tada, we have successfully obtained the DHCP IP, obtained at 10.10.10.254/24.

     

Next open the VPC-VL20:

• Click on the PC, then type ip dhcp.

• Tada, you have successfully obtained the DHCP IP, it can be at 10.20.20.254/24

  

Then we test ping or connectivity between PCs and ping to the internet.

VPC-VL10:

• Successful ping to VPC-VL20 and ping to the internet, namely 1.1.1.1 (Cloudflare) and google.com.

  

VPC-VL20:

• Successful ping to VPC-VL10 and ping to the internet, namely 1.1.1.1 (Cloudflare) and google.com.

  

It's done and it works!, this Bridge VLAN Filtering feature is indeed suitable if you utilize the Router as a Switch, because the Bridge feature itself works at Layer2.

If you configure the CRS (Cloud Router Switch) series Switch, this must also be the configuration.

Have a good day! ☕.