CONFIGURATION SWITCH create 1 bridge [admin@SWITCH2] > interface bridge add name=BR_VL protocol-mode=none vlan-filtering=no ############################ ACCESS PORTS ############################## Interface for VLAN 1025 [admin@SWITCH2] > interface bridge port add bridge=BR_VL interface=sfp-sfpplus5 pvid=1025 [admin@SWITCH2] > interface bridge port add bridge=BR_VL interface=sfp-sfpplus6 pvid=1025 Interface for VLAN 1026 [admin@SWITCH2] > interface bridge port add bridge=BR_VL interface=sfp-sfpplus7 pvid=1026 [admin@SWITCH2] > interface bridge port add bridge=BR_VL interface=sfp-sfpplus8 pvid=1026 Interface for VLAN 1125 [admin@SWITCH2] > interface bridge port add bridge=BR_VL interface=sfp-sfpplus9 pvid=1125 [admin@SWITCH2] > interface bridge port add bridge=BR_VL interface=sfp-sfpplus10 pvid=1125 [admin@SWITCH2] > interface bridge port add bridge=BR_VL interface=sfp-sfpplus11 pvid=1125 [admin@SWITCH2] > interface bridge port add bridge=BR_VL interface=sfp-sfpplus12 pvid=1125 [admin@SWITCH2] > interface bridge port add bridge=BR_VL interface=sfp-sfpplus13 pvid=1125 [admin@SWITCH2] > interface bridge port add bridge=BR_VL interface=sfp-sfpplus14 pvid=1125 [admin@SWITCH2] > interface bridge port add bridge=BR_VL interface=sfp-sfpplus15 pvid=1125 [admin@SWITCH2] > interface bridge port add bridge=BR_VL interface=sfp-sfpplus16 pvid=1125 ######################## TRUNK PORTS ####################### [admin@SWITCH2] > interface bridge port add bridge=BR_VL interface=sfp-sfpplus1 [admin@SWITCH2] > interface bridge port add bridge=BR_VL interface=sfp-sfpplus2 [admin@SWITCH2] > interface bridge port add bridge=BR_VL interface=sfp-sfpplus3 [admin@SWITCH2] > interface bridge port add bridge=BR_VL interface=sfp-sfpplus4 [admin@SWITCH2] > interface bridge port add bridge=BR_VL interface=ether1 [admin@SWITCH2] > interface bridge vlan add bridge=BR_VL tagged=sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4,ether1 vlan-ids=1025 [admin@SWITCH2] > interface bridge vlan add bridge=BR_VL tagged=sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4,ether1 vlan-ids=1026 [admin@SWITCH2] > interface bridge vlan add bridge=BR_VL tagged=sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4,ether1 vlan-ids=1125 [admin@SWITCH2] > interface bridge vlan add bridge=BR_VL tagged=BR_VL,sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4,ether1 vlan-ids=1099 ######################### IP ADDRESSING & ROUTING ######################## [admin@SWITCH2] > interface vlan add interface=BR_VL name=BASE_VLAN vlan-id=1099 [admin@SWITCH2] > ip address add address=10.30.25.2/24 interface=BASE_VLAN [admin@SWITCH2] > ip address add address=10.30.26.2/24 interface=BASE_VLAN [admin@SWITCH2] > ip route add distance=1 gateway=10.30.25.1 (router ip) [admin@SWITCH2] > ip route add distance=1 gateway=10.30.26.1 (router ip) ########################### VLAN SECURITY --> Allow ingress packet without tags on access ports ############################ [admin@SWITCH2] > interface bridge port set bridge=BR_VL ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged [find interface=sfp-sfpplus5] [admin@SWITCH2] > interface bridge port set bridge=BR_VL ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged [find interface=sfp-sfpplus6] [admin@SWITCH2] > interface bridge port set bridge=BR_VL ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged [find interface=sfp-sfpplus7] [admin@SWITCH2] > interface bridge port set bridge=BR_VL ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged [find interface=sfp-sfpplus8] [admin@SWITCH2] > interface bridge port set bridge=BR_VL ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged [find interface=sfp-sfpplus9] [admin@SWITCH2] > interface bridge port set bridge=BR_VL ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged [find interface=sfp-sfpplus10] [admin@SWITCH2] > interface bridge port set bridge=BR_VL ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged [find interface=sfp-sfpplus11] [admin@SWITCH2] > interface bridge port set bridge=BR_VL ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged [find interface=sfp-sfpplus12] [admin@SWITCH2] > interface bridge port set bridge=BR_VL ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged [find interface=sfp-sfpplus13] [admin@SWITCH2] > interface bridge port set bridge=BR_VL ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged [find interface=sfp-sfpplus14] [admin@SWITCH2] > interface bridge port set bridge=BR_VL ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged [find interface=sfp-sfpplus15] [admin@SWITCH2] > interface bridge port set bridge=BR_VL ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged [find interface=sfp-sfpplus16] ####################################################### Only allow ingress packets WITH tags on Trunk Ports ######################################################## [admin@SWITCH2] > set bridge=BR_VL ingress-filtering=yes frame-types=admit-only-vlan-tagged [find interface=sfp-sfpplus1] [admin@SWITCH2] > set bridge=BR_VL ingress-filtering=yes frame-types=admit-only-vlan-tagged [find interface=sfp-sfpplus2] [admin@SWITCH2] > set bridge=BR_VL ingress-filtering=yes frame-types=admit-only-vlan-tagged [find interface=sfp-sfpplus3] [admin@SWITCH2] > set bridge=BR_VL ingress-filtering=yes frame-types=admit-only-vlan-tagged [find interface=sfp-sfpplus4] [admin@SWITCH2] > set bridge=BR_VL ingress-filtering=yes frame-types=admit-only-vlan-tagged [find interface=ether1] # Ensure only visibility and availability from BASE_VLAN, the MGMT network [admin@SWITCH2] > interface list add name=BASE [admin@SWITCH2] > interface list member add interface=BASE_VLAN list=BASE [admin@SWITCH2] > ip neighbor discovery-settings set discover-interface-list=BASE [admin@SWITCH2] > tool mac-server mac-winbox set allowed-interface-list=BASE [admin@SWITCH2] > tool mac-server set allowed-interface-list=BASE ####################################### Turn on VLAN mode ####################################### [admin@SWITCH2] > interface bridge set BR_VL vlan-filtering=yes