802.1Q Trunking with Atheros 8316 on RouterOS

Routerboards with Atheros 8316 switch chips can be used for 802.1Q Trunking.
In this example ether2,ether3 and ether4 interfaces are access ports, while ether5 is trunk port.

VLAN-IDs for each access port are: ether2 – 200, ether3 – 300, ether4 – 400.
vlan-mode=secure is set to ensure strict use of VLAN table.
vlan-header=always-strip for access ports is set to remove VLAN header from frame when it leaves the switch chip.
vlan-header=add-if-missing for trunk port is set to add VLAN header to untagged frames.

/interface ethernet switch port
set 1 vlan-header=always-strip vlan-mode=secure
set 2 vlan-header=always-strip vlan-mode=secure
set 3 vlan-header=always-strip vlan-mode=secure
set 4 vlan-header=add-if-missing vlan-mode=secure

Forwarding rules for access and trunk ports need to be specified.
Default VLAN-ID will be changed for untagged frames entering access port before they will be forwarded to trunk port.
Frames received on trunk port will be forwarded to appropriate access ports according to their VLAN-ID.

/interface ethernet switch rule
add new-dst-ports=ether2 ports=ether5 switch=switch1 \
     vlan-header=present vlan-id=200
add new-dst-ports=ether3 ports=ether5 switch=switch1 \
     vlan-header=present vlan-id=300
add new-dst-ports=ether4 ports=ether5 switch=switch1 \
     vlan-header=present vlan-id=400
add new-dst-ports=ether5 new-vlan-id=200 ports=ether2 \
     switch=switch1 vlan-header=not-present
add new-dst-ports=ether5 new-vlan-id=300 ports=ether3 \
     switch=switch1 vlan-header=not-present
add new-dst-ports=ether5 new-vlan-id=400 ports=ether4 \
     switch=switch1 vlan-header=not-present

VLAN table entries need to be added to allow frames with specific VLAN-IDs on ingress port.

/interface ethernet switch vlan
add ports=ether5 switch=switch1 vlan-id=200
add ports=ether5 switch=switch1 vlan-id=300
add ports=ether5 switch=switch1 vlan-id=400
add ports=ether2,ether3,ether4 switch=switch1 vlan-id=0

Comments are closed.