I just received my Cloud Router Switch (CRS125-24G-1S-2HnD-IN), and ofcourse I want to configure this routerboard.
I was able to connect to the switch with WebFig. I can see a lot of options and a lot of factory settings but I have no idea how and what to configure.
For example, I connected port 1 with my internetrouter and port 10 with my laptop, I can access internet but it goes very very slow…
What I want to do:
port 1: connected to my internetrouter to have internet on the other ports.
port 2: is connected to an AP, has to be in a “public” vlan. devices connected to this AP must have an IP in the range of this public vlan.
port 3 - 13 + wlan: devices connected to this ports are in the “private” vlan. they receive an IP in the range of the private vlan.
port 14 - 24: devices connected to this ports are in the vlan of the internetrouter. they receive an IP from this router.
I am sure I made some mistakes on using the correct names or definitions but I hope everybody understands the configuration I want.
Of course I did not talk about firewall and other options, I also hope that I can get some advice for this also.
So what I hope for is that you can tell me where to start, how to configure, how to learn,… I am a newbie on networking and routeros, so all help is much appreciated.
So first of all, do i remove the factory settings? How do I do this? What is the next step? I already tried to read the wiki but it seems to be to difficult to understand and find exactly what I need.
Connect to the router and download the winbox utility for the easiest configuration.
I have some questions on what you want
Do you really want VLANs or are you happy to segregate with Firewall Rules and Subnets much easier and less headache?
I will outline how to build with out VLANs here using subnets
Create the Port 3-13 switch (Assuming the ether ports are called ether#
/interface ethernet
set ether4 master-port=ether3
set ether5 master-port=ether3
set ether6 master-port=ether3
set ether7 master-port=ether3
set ether8 master-port=ether3
set ether9 master-port=ether3
set ether10 master-port=ether3
set ether11 master-port=ether3
set ether12 master-port=ether3
set ether13 master-port=ether3The Port 14-24 & 1 Switch
set ether14 master-port=ether1
set ether15 master-port=ether1
set ether16 master-port=ether1
set ether17 master-port=ether1
set ether18 master-port=ether1
set ether19 master-port=ether1
set ether20 master-port=ether1
set ether21 master-port=ether1
set ether22 master-port=ether1
set ether23 master-port=ether1
set ether24 master-port=ether1Create a bridge using winbox for the private network and add ether3 and wlan1 to the bridge.
Remove all firewall and nat rules From IP → Firewall
(if the CRS is providing DHCP)
Create a DHCP server for ether2 with the required details follow the winbox wizard
Create a DHCP server for bridge1 (the private network) using the winbox wizard
Finally create the firewall rules using winbox to
Drop Traffic from bridge1 to ether2
Drop Traffic from ether2 to bridge1
That should suit your application other firewall rules can be added to further segregate your network, and you will run at full switch speed most of the time. Let me know if this doesn’t work or you need more help.
Add DHCP clients on all the networks interfaces (ether1, bridge1 etc) so that they are assigned an IP adress and routes
Ports 1& 14-24 are switched together at wire speed, the DHCP settings are from the internetrouter.
I assume that the public network is on ether2 with the drop firewall rule is to stop communication between the public ether3-12&wlan1 (Bridge1) and ether2.
So any data on the private network is inaccessible on the public, whilst the internet-router is still fully accessible.
In RouterOS to perform hardware (No CPU Utilization) based packet switching you create a master/slave switch, if any packets are routed to a different subnet or utilize cpu feature it will go out of ether3 to the CPU which is limited to 1Gb/s on the NIC and 1Gb/s on the backbone from the hardware switch chip to the CPU. Thus for normal traffic between computers on the private Subnet there is no bottle neck, but traffic moving between the private and internetrouter subnet will be limited by the CPU (Generally around 200Mb/s) which also has the same effect if VLANS are used.
Is this an issue or is 200 Mb/s enough to have a decent internet connection on the workstations?
Another question: I logged in to the router yesterday with Winbox. I removed the factory settings but after that I was unable to login (IP 0.0.0.0). I have restored the router to factory settings now, and are able again to login, but ofcourse now all the settings are back again and I thought I needed to start from the scratch to be sure everything is installed as you said… What’s the most ideal way to install my own configuration?
Then run winbox and it says 0.0.0.0 for the IP Address, click on the MAC address instead and use the “admin” / “” default config to login
Then you can create an IP Address on one interface if you want to use it that way or start your config and add a DHCP client to an interface if you want a management IP to work with in future.
We set up management IP’s at work but we love love love mac address management and it has saved us from many an error
Go to the IP / Pool menu then go back to IP / DHCP Server and add that pool under the Address Pool option. Under IP / DHCP there is a DHCP Setup wizard.
there is no IP under the pool…
The switch is not yet connected with the internetrouter, but it must be possible to configure a dhcp server without internet?
DHCP server will be the one to give the IP addresses. If you want your ISP to give the IP addresses, you don’t need a DHCP server in your router, but you will need your ISP to cooperate. Usually ISPs don’t give out more than one or two IP addresses, that’s why you create a local area network with the help of your router, and give the local users “internal” IP addresses with the DHCP server.
To make a DHCP server, do these two things:
Add a local IP address to the local interface, for example 192.168.88.1/24
Run “/ip dhcp-server setup” and leave all pre-filled values as they are (basically agree to all that is offered)
Thank you for your explanation about DHCP servers.
In my configuration, port 3-13 need an “internal” IP address. port 14-24 need an IP from the ISP (which is able to give more than a few IP addresses)
So for port 3-13 I setup a pool? And after this a DHCP server?
And what for port 14-24? How do I configure that these ports are getting an IP from the ISP.
And finally, I suppose when port 14-24 are getting an IP from the ISP they are able to connect with the internet? But what about port 3-13? How do I do this?
