EdgeRouter - Set up a VLAN Management Bridge on an EdgeRouter

Overview
Readers will learn how to set up a management VLAN bridge on a EdgeRouter. This is useful if you have a routed customer network, but want a switched or bridged management network. Radios can be discovered and managed across a routed network like they were on a switch. If you are migrating a flat network to a routed network, this technique can be especially useful. 

Define the Bridge

In this example, we assume the AirMax devices are set up with a Management VLAN of 100 as in the above video. You will need to use CLI commands. The first step is to define the vlan bridge that will link the ports.

set interfaces bridge br2 address 10.0.1.1/24

The above command creates a bridge called br2 and assigns an IP of 10.0.1.1 to the bridge. After we finish configuring the ports, this bridge and the IP defined, will only be accessible to VLAN 100 tagged traffic.

The next step is to add vlan 100 to selected EdgeRouter ports and bridge them together to br2. 

set interfaces ethernet eth1 vif 100 bridge-group bridge br2

The above command adds our management VLAN 100 to eth1 and bridges VLAN 100 tagged traffic only, through bridge br2.

Repeat the line above for each ethernet port on the EdgeRouter where you need managment vlan 100 bridged.

configure
set interfaces bridge br2 address 10.0.1.1/29
set interfaces ethernet eth1 vif 100 bridge-group bridge br2
set interfaces ethernet eth2 vif 100 bridge-group bridge br2
set interfaces ethernet eth3 vif 100 bridge-group bridge br2
set interfaces ethernet eth7 vif 100 bridge-group bridge br2
commit
save

Once this is done, any traffic tagged with VLAN 100 will be bridged to all ports defined just like if the EdgeRouter was a switch. Non VLAN tagged traffic, or traffic tagged with any other VLAN will be routed normally.  You will also be able to manage the EdgeRouter itself using VLAN 100 and the IP defined with the bridge.

Additional Info

Of course you shouldn't let your management bridge network get too unwieldy. You can avoid this by breaking your network into multiple vlans, one for each tower for example.  Or use this technique to only get to AP's, and route the management of customer CPE's.

Finally, switching on the EdgeRouter is done in software, which can be slower.  But management traffic is very light and will have minor impact on the router.