Coming from a Cisco environment, configuring access ports for VLANs are relatively simple. When I recently invested in a MikroTik RB1200 router, I was surprised that I could not find any way of simply setting one of the ethernet ports as an access-port for a configured VLAN. Whenever you configure a VLAN and attach it to an ethernet port, it leaves the device tagged. There was no configuration option which allowed me to configure a physical port to strip the VLAN tag before a packet leaves the device. But, after a few hours of intense searching and trial and error, I found a way!
It seems that you need to configure a bridge which you attach both the physical interface and the vlan interface as bridge-ports. I will show an example where I configure one port as a VLAN trunk (ether9), adding VLAN 4 and 10, and two access-ports for VLAN 4 (ether1,ether2) and two for VLAN 10 (ether3,ether4).
First, we configure the VLANs. In RouterOS, every VLAN has to belong to an interface, so we attach the VLANs to ether9.
/interface vlan add name=vlan4 interface=ether9 vlan-id=4
/interface vlan add name=vlan10 interface=ether9 vlan-id=10
Now that we have the VLANs, we can configure the bridges. We need two bridges, one for VLAN 4 and one for VLAN10
/interface bridge add name=br-vlan4
/interface bridge add name=br-vlan10
For each of these bridges, we add the physical interfaces as well as the VLAN we want to configure access-ports for.
/interface bridge port add bridge=br-vlan4 interface=ether1
/interface bridge port add bridge=br-vlan4 interface=ether2
/interface bridge port add bridge=br-vlan4 interface=vlan4
/interface bridge port add bridge=br-vlan10 interface=ether3
/interface bridge port add bridge=br-vlan10 interface=ether4
/interface bridge port add bridge=br-vlan10 interface=vlan10
As you see from above, we add ether1, ether2 and vlan4 to the br-vlan4 bridge, the same goes for vlan10. This will for all intents and purposes behave the exact way as Cisco’s way of saying:
# switchport mode access
# switchport access vlan 4
I must say, that this way of configuring access-ports seems a little strange at first, but when you think about it – RouterOS is basically a Linux Operating system below the configuration interface.
I hope this post helps newcomers like me enjoy their brand new RouterOS experience!
Fonte: http://sygard.no/2011/09/vlan-access-ports-on-mikrotik-routers/
