但如果是一台24口交换机,ether1-ether12电口端口都是access vlan 200,ether13-ether24电口端口都是access vlan 300,trunk到sfp1端口,这样配置vlan trunk就很繁琐,其实在RouterOS可以简化trunk配置如下:
创建bridge1,启用vlan-filtering=yes
/interface bridge
add admin-mac=xx:xx:xx:xx:xx:xx auto-mac=no name=bridge1 vlan-filtering=yes
将sfp1和ether1-ether24加入bridge1
/interface bridge port
add bridge=bridge1 interface= sfp1
add bridge=bridge1 interface=ether1 pvid=200
add bridge=bridge1 interface=ether2 pvid=200
add bridge=bridge1 interface=ether3 pvid=200
…(省略)
add bridge=bridge1 interface=ether12 pvid=200
add bridge=bridge1 interface=ether13 pvid=300
…(省略)
add bridge=bridge1 interface=ether24 pvid=200
配置sfp1的trunk
“/interface bridge vlan
add bridge=bridge1 tagged= sfp1 vlan-ids=200,300”
这样的配置是错误的,新版本的RouterOS,在多VLAN trunk的时候,会提示“port with pvid added untagged group which might cause problems,consider adding a seperate vlan entry”
这个是因为多VLAN trunk可能会导致access端口VLAN的透传,官方不建议这样的配置,修正如下:
/interface bridge port
add bridge=bridge1 interface= sfp1 frame-types=admit-only-vlan-tagged ingress-filtering=yes
add bridge=bridge1 interface=ether1 pvid=200 frame-types=admit-only-vlan-tagged ingress-filtering=yes
add bridge=bridge1 interface=ether2 pvid=200 frame-types=admit-only-vlan-tagged ingress-filtering=yes
add bridge=bridge1 interface=ether3 pvid=200 frame-types=admit-only-vlan-tagged ingress-filtering=yes
…(省略)
add bridge=bridge1 interface=ether12 pvid=200 frame-types=admit-only-vlan-tagged ingress-filtering=yes
add bridge=bridge1 interface=ether13 pvid=300 frame-types=admit-only-vlan-tagged ingress-filtering=yes
…(省略)
add bridge=bridge1 interface=ether24 pvid=200 frame-types=admit-only-vlan-tagged ingress-filtering=yes
/interface bridge vlan
add bridge=bridge1 tagged= sfp1 vlan-ids=200
add bridge=bridge1 tagged= sfp1 vlan-ids=300
分类:Bridge
发布于 2020-05-07 20:45:40 +0800 CST
在官方给出的trunk口配置时,同时需要指定untagged的access口,如下图:
但如果是一台24口交换机,ether1-ether12电口端口都是access vlan 200,ether13-ether24电口端口都是access vlan 300,trunk到sfp1端口,这样配置vlan trunk就很繁琐,其实在RouterOS可以简化trunk配置如下:
创建bridge1,启用vlan-filtering=yes
/interface bridge
add admin-mac=xx:xx:xx:xx:xx:xx auto-mac=no name=bridge1 vlan-filtering=yes
将sfp1和ether1-ether24加入bridge1
/interface bridge port
add bridge=bridge1 interface= sfp1
add bridge=bridge1 interface=ether1 pvid=200
add bridge=bridge1 interface=ether2 pvid=200
add bridge=bridge1 interface=ether3 pvid=200
…(省略)
add bridge=bridge1 interface=ether12 pvid=200
add bridge=bridge1 interface=ether13 pvid=300
…(省略)
add bridge=bridge1 interface=ether24 pvid=200
配置sfp1的trunk
“/interface bridge vlan
add bridge=bridge1 tagged= sfp1 vlan-ids=200,300”
这样的配置是错误的,新版本的RouterOS,在多VLAN trunk的时候,会提示“port with pvid added untagged group which might cause problems,consider adding a seperate vlan entry”
这个是因为多VLAN trunk可能会导致access端口VLAN的透传,官方不建议这样的配置,修正如下:
/interface bridge port
add bridge=bridge1 interface= sfp1 frame-types=admit-only-vlan-tagged ingress-filtering=yes
add bridge=bridge1 interface=ether1 pvid=200 frame-types=admit-only-vlan-tagged ingress-filtering=yes
add bridge=bridge1 interface=ether2 pvid=200 frame-types=admit-only-vlan-tagged ingress-filtering=yes
add bridge=bridge1 interface=ether3 pvid=200 frame-types=admit-only-vlan-tagged ingress-filtering=yes
…(省略)
add bridge=bridge1 interface=ether12 pvid=200 frame-types=admit-only-vlan-tagged ingress-filtering=yes
add bridge=bridge1 interface=ether13 pvid=300 frame-types=admit-only-vlan-tagged ingress-filtering=yes
…(省略)
add bridge=bridge1 interface=ether24 pvid=200 frame-types=admit-only-vlan-tagged ingress-filtering=yes
/interface bridge vlan
add bridge=bridge1 tagged= sfp1 vlan-ids=200
add bridge=bridge1 tagged= sfp1 vlan-ids=300
但如果是一台24口交换机,ether1-ether12电口端口都是access vlan 200,ether13-ether24电口端口都是access vlan 300,trunk到sfp1端口,这样配置vlan trunk就很繁琐,其实在RouterOS可以简化trunk配置如下:
创建bridge1,启用vlan-filtering=yes
/interface bridge
add admin-mac=xx:xx:xx:xx:xx:xx auto-mac=no name=bridge1 vlan-filtering=yes
将sfp1和ether1-ether24加入bridge1
/interface bridge port
add bridge=bridge1 interface= sfp1
add bridge=bridge1 interface=ether1 pvid=200
add bridge=bridge1 interface=ether2 pvid=200
add bridge=bridge1 interface=ether3 pvid=200
…(省略)
add bridge=bridge1 interface=ether12 pvid=200
add bridge=bridge1 interface=ether13 pvid=300
…(省略)
add bridge=bridge1 interface=ether24 pvid=200
配置sfp1的trunk
“/interface bridge vlan
add bridge=bridge1 tagged= sfp1 vlan-ids=200,300”
这样的配置是错误的,新版本的RouterOS,在多VLAN trunk的时候,会提示“port with pvid added untagged group which might cause problems,consider adding a seperate vlan entry”
这个是因为多VLAN trunk可能会导致access端口VLAN的透传,官方不建议这样的配置,修正如下:
/interface bridge port
add bridge=bridge1 interface= sfp1 frame-types=admit-only-vlan-tagged ingress-filtering=yes
add bridge=bridge1 interface=ether1 pvid=200 frame-types=admit-only-vlan-tagged ingress-filtering=yes
add bridge=bridge1 interface=ether2 pvid=200 frame-types=admit-only-vlan-tagged ingress-filtering=yes
add bridge=bridge1 interface=ether3 pvid=200 frame-types=admit-only-vlan-tagged ingress-filtering=yes
…(省略)
add bridge=bridge1 interface=ether12 pvid=200 frame-types=admit-only-vlan-tagged ingress-filtering=yes
add bridge=bridge1 interface=ether13 pvid=300 frame-types=admit-only-vlan-tagged ingress-filtering=yes
…(省略)
add bridge=bridge1 interface=ether24 pvid=200 frame-types=admit-only-vlan-tagged ingress-filtering=yes
/interface bridge vlan
add bridge=bridge1 tagged= sfp1 vlan-ids=200
add bridge=bridge1 tagged= sfp1 vlan-ids=300打赏支持
微信
支付宝
