Hello
I am asking for help in configuring the ccr1009-7g-1c-1s + router. How to use a mikrotik that does not have a switch function. Does it cover the device according to the diagram in a wide range?
I don´t understand the question, sorry.
You always can use bridge and will earn switch behaviour on the bridge ports.
Better would be a dedicated switch. I use a CCR1009 only as firewall and router connected by SFP+ DAC (tagged VLAN trunk) to a CRS326-24G-2S+RM.
But of course it is possible to the CCR as switch with bridge. But I don not understand what you want to bridge. You have 4 WAN connections and a bonding interface to the switch below. What do you want to do?
Thanks for the answer.
CCR1009 is to be a bridge to monitor internet connections from service providers. As you can see in the drawing, the link is divided into routers (VLAN MAV and ORN untagged ) and servers (link aggregation + VLAN MAV and ORN). Earlier I used a different brand switch for this, but it did not show the utilization of individual ports or history.
At the moment I have only configured MAV connection (VLAN_MAV bridge ETH1COMBO+ETH4) and management of VLAN_DEV as bonding (ETH2+ETH3).
I can’t give VLAN1 bonding as tagged link and I have no idea how to configure VLAN ORN as shown in the picture on the top and right?
Maybe I should have a different device, please help.
For clarification:
- CCR should bridge WAN_MAV connection from ether4 to combo1 and WAN_ORN from ether6 to ether7?
- Are there different devices for each WAN? I don´t really logically understand this layout.
- Which WAN should bonding trunk use?
- Does the router do any routing or do you only use it as switch?
The configuration for your scheme would be like this:
# VLANS:
# 11: RouterMgmt
# 21: VLAN_MAV
# 22: VLAN_ORN
# 23: VLAN_ORN_IN
# 31: VLAN_DEV
/interface bonding
add mode=802.3ad name=bonding-switch slaves=ether2,ether3 transmit-hash-policy=layer-3-and-4
/interface vlan
add interface=bridge name=vlan11-RouterMgmt vlan-id=11 # for mangament of router
/interface bridge
add frame-types=admit-only-vlan-tagged ingress-filtering=yes name=bridge pvid=4094 vlan-filtering=yes
/interface bridge port
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=combo1 pvid=21
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether4 pvid=21
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether6 pvid=22
add bridge=bridge ingress-filtering=yes interface=ether7 pvid=23
add bridge=bridge frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=bonding-switch
/interface bridge vlan
add bridge=bridge tagged=bridge,bonding-switch vlan-ids=11
add bridge=bridge tagged=bonding-switch untagged=combo1,ether4 vlan-ids=21
add bridge=bridge tagged=bonding-switch,ether7 untagged=ether6 vlan-ids=22
add bridge=bridge untagged=ether7 vlan-ids=23
add bridge=bridge tagged=bonding-switch vlan-ids=31
But it does not make sense at some points
- VLAN_ORN_IN is only used once
- VLAN_DEV is only used once
- bridge of WAN is not clear for me
Thanks for the answer
- Yes, and transfer links to servers in aggregation ETH2 and ETH3
- I have two MAV and RON internet providers and want to separate them into other routers and servers (from both providers I have pools of 30 external ip addresses, and in the case of ORN I have another x.x81.254 address - that’s how they provide it).
- I use it only as a bridge (switch).
Earlier he used switch L2 + for this.
So I’m developing your idea with the CRS326-24G-2S + RM device.
If I have the ability to monitor WAN connections, that’s enough for me, and the CCR router will connect behind the switch.
I hope that CRS can handle packet forwarding.
The CRS has the same RouterOS like CCR and most other MikroTik devices. The CCR is ways to powerful for your scenario.
Syntax would be the same like in my snippet.
The only devices that don´t run RouterOS are CSS-devices. There are no graphs I think but you should also see the current bandwidth on the individual ports.
Thank you for your answer.
I have one more question, how would you do routing in ORN
IP: x.x.81.254 mask: 255.255.255.252 GW: x.x.81.253
next
IP: x.x.183.30 mask 255.255.255.224 GW: x.x.81.254
Routers that will connect to ORN will point to gate x.x.183.30
It would be a good idea to create a virtual interface ( IP: x.x.81.254 ) ?
Hello, unfortunately your configuration does not work on CRS
# VLANS:
# 11: RouterMgmt
# 21: VLAN_MAV
# 22: VLAN_ORN
# 23: VLAN_ORN_IN
/interface bonding
add mode=802.3ad name=bonding-switch slaves=ether1,ether2 transmit-hash-policy=layer-3-and-4
/interface vlan
add interface=bridge name=vlan11-RouterMgmt vlan-id=11 # for mangament of router
/interface bridge
add frame-types=admit-only-vlan-tagged ingress-filtering=yes name=bridge2 pvid=? vlan-filtering=yes # It cannot be called a bridge because it is a default name, missing pvid
/interface bridge port
add bridge=bridge2 frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=sfp-sfpplus1 pvid=21
add bridge=bridge2 frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether4 pvid=21
add bridge=bridge2 frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether6 pvid=22
add bridge=bridge2 ingress-filtering=yes interface=ether7 pvid=23
add bridge=bridge2 frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=bonding-switch #missing pvid = ?
/interface bridge vlan
add bridge=bridge2 tagged=bridge2,bonding-switch vlan-ids=11
add bridge=bridge2 tagged=bonding-switch untagged=sfp-sfpplus1,ether4 vlan-ids=21
add bridge=bridge2 tagged=bonding-switch,ether7 untagged=ether6 vlan-ids=22
add bridge=bridge2 untagged=ether7 vlan-ids=23
Should the configuration look like CRS, and what should you write in “?”
I understand that all VLANs should be added to the same bridge ?
A bridge is a like a switch, so yes. All vlans to the same bridge.
Take 4084 as pvid, it will be good as long as you do not need this vlan?