What is the bridge on RouterOS?

On MikroTik RouterOS products, you have the possibility to make a bridge configuration. The bridge has 2 functions:

  1. You can bridge 2 or more ethernet ports so they act like switch ports.
  2. You can bridge 2 different network technologies (like Ethernet and Wireless), so they become like 1 network.

Let me explain the 2 points more clearly.

Point 1: Say that you have a router connected to the internet on its interface Ether1. You want that you share the internet from this router so anyone who is connected to any of the other router’s Ether ports he can have internet. Then what you want to do, you create a bridge internet and you put the rest Ethernet ports inside this bridge and you put on the bridge interface the IP address, afterword you do the NAT. This way, anyone who connects to any of the other Ethernet interfaces, he can have internet.

One thing to mention here: once you bridge Ethernet ports then any traffic going from one Ethernet interface to another Ethernet interface, which are on the same bridge, will not go to the router CPU anymore. That’s because of the switch ship which can do switching of the traffic without the need to take resources from the CPU of the router. This is called Hardware Offloading, and MikroTik has added this feature since RouterOS version 6.41 and up.

Point 2: Let’s imagine that you already have set the bridge between all Ethernet interfaces, then you decided that you want also to provide internet via Wireless (WLAN). You can simply add the WLAN interface inside this bridge, and you will be able to provide internet via wireless. This way, you are bridging 2 different network technologies together, which are Ethernet and Wireless LAN.

That’s all what I wanted to explain about bridging, let’s apply this in a LAB now and see how we can create a Bridge on the MikroTik RouterOS.

 

LAB: Bridge

Our LAB is still the same as it was left since the last chapter. At this moment, R1 has internet service, Ether2 interface has an IP of 192.168.88.1/24, the router is giving DHCP IP addresses, and my PC has received an IP and is able to go to the internet. The only missing thing that I need to do is to make the NAT (something we didn’t do in the last LAB) so the PC can go to the internet.

Let’s do it:

Now my PC should have internet. Let’s check:

Indeed, it does.

Now I want that if I connect my PC to Ether3, Ether4 and Ether5 interfaces, then I can go to the internet also. At this moment, this is not possible because I do not have a bridge interface.

Let’s create the bridge:

The bridge interface has been created. This interface is a virtual one, but the MikroTik router will see it as a normal physical interface.

Now we need to add the interfaces Ether2, Ether3, Ether4, Ether5 into that Bridge interface so they become switch ports. I will show you how to add one interface and you can do the rest for the rest of the interfaces.

That’s how you can add an interface to the bridge. Be careful that Hardware Offload is checked so the switch ship is being used for traffic between the bridge interfaces as already explained.

I will add the rest of the interfaces to the bridge interface:

All interfaces (except Ether1) are in the bridge now. You can see the “H” letter which refer to the Hardware Offload that is enabled.

Now I need to move the IP address of 192.168.88.1/24 from Ether2 to the Bridge interface, then the DHCP server should be set on the Bridge interfaces. That’s because we need that anyone connected to any of the ports in the bridge to go to the internet. Got the idea?

Let’s move the IP from Ether2 to the Bridge interface:

Now the IP of 192.168.88.1/24 has been set on the Bridge interface.

Let’s move the DHCP server on the Bridge interface then in case anyone connected to the interfaces inside the bridge, he will get an IP from the DHCP server.

You can see that you have an error on the DCHP server as the following:

Why is this error appearing? Because for the moment, the DHCP server is still running on Ether2 and this interface is inside the bridge. So, the RouterOS is seeing is as a slave interface and DHCP server cannot run on a salve interface.

Let’s remove the DHCP server from Ether2 interface put it on the Bridge interface:

Once done, the error will disappear:

Excellent!!!

Let’s do the test now. At this moment, I am connecting my PC to Ether2. Let’s see if I have internet on my PC:

Indeed, the internet is working.

I will move my PC cable from Ether2 to Ether3 and see If I will have internet also:

Also, I have internet.

I will try on Ether 4 and Ether 5:

Ether4:

Ether5:

The internet is working on my PC when connected to all interfaces that are in the bridge. That’s awesome.

Let’s make the LAB more complicated. I want also that anyone who is connected to the wireless on my router will also be able to go to the internet, and I want him to get an IP from the range of 192.168.88.0/24. Also, I want that anyone who connects to my Ethernet interfaces will also be able to go to the internet.

To do that, we need to enable the WLAN interface and just add it into the Bridge interface. Remember, I said beginning of this chapter that you can bridge 2 different network technologies, so now we will be bridging the Ethernet and the WLAN.

Let’s do this work.

I have done the minimum settings on the wireless. I have just enabled the WLAN on 5 GHz and made the mode of AP bridge, so it acts as an access point. We will have a chapter speaking about wireless in this book, but for now this is all what you need to know. Also, I didn’t put a password on the wireless.

Now we need to add this WLAN interface inside the bridge interface.

To mention, the Wireless LAN will not do hardware offload with the Ethernet interfaces because they are 2 different technologies. That’s you can see it clearly once you add the WLAN interface inside the bridge that it doesn’t have an “H” letter:

To test if the Wireless is working, I will connect my phone to that Wireless SSID.

At this moment my phone is not connected to any wireless. Let’s check if I can see the SSID MikroTik which is the default SSID (SSID means the wireless name that we see on our phone):

Indeed, I can see the SSID.

Let me connect to it (remember, we do not have any password set on that SSID):

Great, I am connected. Let’s see If I can go to the internet:

That is awesome. The internet is working.

We can also check the lease table of the DHCP server on the MikroTik router to see which IP was leased to my phone:

Here it is.

This is all what I wanted to show you in this LAB. I hope you enjoyed it and see you in the upcoming topic.

Course Content

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.

Please Login to Reply or add a comment!

About