Metro Ethernet Notes: http://www.experts-exchange.com/Hardware/Networking_Hardware/Routers/Q_23688899.html

Example with Wireless: http://mum.mikrotik.com/presentations/CZ09/VLAN-Workshop-Prague-final.pdf

Great examples with CoS: http://wiki.mikrotik.com/wiki/Vlans_on_Mikrotik_environment

• VLAN = Broadcast Domain
• VLAN interfaces on MikroTik devices are “add tag on egress / remove tag from ingress”
• To be able to forward packets from access-ports to VLANs, we need bridges
• Ethernet MTU will increase up to 1522 bytes because of the added tag
  • The normal Ethernet MTU is up to 1518 bytes

• Access
  • An access port should be used only with untagged packets.
  • This kind of port is used to connect PCs to the switch.
• Trunk
  • A trunk port is capable of receiving and forwarding packets from multiple vlans.
  • This type of port is used to interconnect switches.
• Hybrid
  • A hybrid port is a special mode that allow untagged and tagged packets on the same port.
  • For example, you have a VoIP desk phone and you connect your PC to the phone and the phone to the switch.
  • We will have a VLAN for VoIP and untagged data for the PC.
  • http://forum.mikrotik.com/viewtopic.php?f=13&t=87537

• Create VLAN sub-interfaces on physical interfaces
• Bridge the sub-interfaces
  • To forward packets from access-ports to VLANs we need bridges
• IP addresses are then configured on the respective bridges
• Treat EoIP tunnel interfaces like physical interfaces
• If you are not stripping tags, you don't need to configure the VLAN interfaces, at least on physical trunk ports

1. Configure VLANs on trunk interface ports

   • /interface vlan add name=vlan-10 vlan-id=10 interface=ether5 disabled=no

2. Create bridges for the VLANs

   • /interface bridge add name=br-vlan10 disabled=no

3. Add access-ports to the bridges

   • /interface bridge port add interface="vlan-10" bridge="br-vlan10" disabled=no
     /interface bridge port add interface="ether1" bridge="br-vlan10" disabled=no

http://blog.butchevans.com/2010/02/to-tag-or-not-to-tag-that-is-the-question/

http://forum.mikrotik.com/viewtopic.php?t=24352

http://networkingforintegrators.com/2012/12/mikrotik-basic-vlan-example/

http://berbagitulisan.com/?p=9

https://vanachterberg.org/2011/09/per-vlan-pptp-with-routeros-and-mikrotik/

Create vlan interfaces to the physical interface connected to the Cisco interface which in trunking mode (I don't like Ciscos naming, a trunk is bundled ports). Then if you want to have ports in the MT to be “untagged” (Cisco: access mode). create a bridge for every VLAN that you put in the Cisco “trunk”. Put the VLAN interfaces of the physical port and the ports you want to be left untagged into the bridge.

Untagged traffic on the “trunk” port is the physical interface traffic ie ether1.

Example of MT interfaces:

ether1 (this is the port connected to the Cisco "trunk" port)
ether1-vl100 (VLAN interface)
ether1-vl200
ether1-vl300

br-vl100 (Bridge for vlan ID 100)
ether1-vl100 (VLAN interface)
ether2 (physical interface untagged traffic)

br-vl200 (Bridge for vlan ID 200)
ether1-vl200 (VLAN interface)
ether3 (physical interface untagged traffic)

br-vl300 (Bridge for vlan ID 300)
ether1-vl300 (VLAN interface)
ether4 (physical interface untagged traffic)
wds-1-vl300 (VLAN interface on the wds-1 interface)
eoip-1 (Ethernet over IP interface in the same Layer2 network)

Summary: create VLAN interfaces in physical interfaces or WDS interfaces. create a bridge for each VLAN I hope this clarify how to do VLAN and bridging in ROS.

I'm not a writer so for you you need some references if you want to read more: http://gentoo-wiki.com/HOWTO_setup_a_gentoo_bridge http://www.pixelchaos.net/2008/07/16/vl … ing-in-xen http://mum.mikrotik.com/presentations/2 … ngwire.pdf