Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

VLAN's with switch chip (CRS125)?

Locked
 
jkaberg
just joined
Topic Author
Posts: 24
Joined: Sun Jul 17, 2016 5:00 am

VLAN's with switch chip (CRS125)?

Mon Jul 25, 2016 8:23 pm

I'm trying to figure out how I can utilize the switch chip to handle VLAN's, I got two scenarios where I'd like to make use of it

Case 1)
On my incoming port (sfp1) I'm reciving usual traffic, and IP from ISP's DHCP.. I'm also reciving VLAN 303 which is used for IPTV where on this VLAN it also resides an DHCP server along with multicast streams (I have an IPTV decoder on my LAN which expects usual traffic, not VLAN - it's not configured to listen on VLAN), currently I utilize ether23 port for the IPTV decoder

Case 2)
On ether24 I have an pfSense router with only 1 NIC, now there is a common workaround where you use 1 NIC and 2 VLAN's and still beeing able to act as an router hence vlan10 and vlan20. (see my config)

In both cases I've been able to use bridges and VLAN interfaces to accomplish "what I want" (see config below), but at the cost of CPU usage

So now I'm looking for help too solve both cases with the switch chip instead (if at all possible), so does anyone have any ideas? :-)

My current config looks like this:

[admin@MikroTik] > export
# jan/03/1970 22:14:12 by RouterOS 6.35.4
# software id = 4ZWJ-QVRS
#
/interface bridge
add name=bridge-iptv
add name=bridge-lan
add name=bridge-wan
/interface ethernet
set [ find default-name=ether2 ] master-port=ether1
set [ find default-name=ether3 ] comment=Kontoret master-port=ether1
set [ find default-name=ether4 ] comment=Dunder master-port=ether1
set [ find default-name=ether5 ] comment=Wifi master-port=ether1
set [ find default-name=ether6 ] comment=Stua master-port=ether1
set [ find default-name=ether7 ] master-port=ether1
set [ find default-name=ether8 ] master-port=ether1
set [ find default-name=ether9 ] master-port=ether1
set [ find default-name=ether10 ] master-port=ether1
set [ find default-name=ether11 ] master-port=ether1
set [ find default-name=ether12 ] master-port=ether1
set [ find default-name=ether13 ] master-port=ether1
set [ find default-name=ether14 ] master-port=ether1
set [ find default-name=ether15 ] master-port=ether1
set [ find default-name=ether16 ] master-port=ether1
set [ find default-name=ether17 ] master-port=ether1
set [ find default-name=ether18 ] master-port=ether1
set [ find default-name=ether19 ] master-port=ether1
set [ find default-name=ether20 ] master-port=ether1
set [ find default-name=ether21 ] master-port=ether1
set [ find default-name=ether22 ] master-port=ether1
set [ find default-name=ether23 ] comment="Stua - IPTV Dekoder"
set [ find default-name=ether24 ] comment=Router
set [ find default-name=sfp1 ] comment=WAN
/interface vlan
add interface=ether24 name=ether24-lan vlan-id=20
add interface=ether24 name=ether24-wan vlan-id=10
add interface=sfp1 name=sfp1-vlan303 vlan-id=303
/interface bridge port
add bridge=bridge-wan interface=ether24-wan
add bridge=bridge-wan interface=sfp1
add bridge=bridge-lan interface=ether24-lan
add bridge=bridge-iptv interface=sfp1-vlan303
add bridge=bridge-iptv interface=ether23
add bridge=bridge-lan interface=ether1
/system routerboard settings
set protected-routerboot=disabled
[admin@MikroTik] > 
Top
 
jkaberg
just joined
Topic Author
Posts: 24
Joined: Sun Jul 17, 2016 5:00 am

Re: VLAN's with switch chip (CRS125)?

Tue Jul 26, 2016 11:10 am

After reading up on the terminology I now know that I need to:

Send untagged traffic from sfp1 to tagged vlan 10 on ether24
Send Tagged vlan 20 from ether24 to ether22 untagged

Send tagged (vlan 303) traffic from sfp1 to untagged ether23

An illustrative network diagram (notice that VLAN 20 actully goes "back")
Image

Still not sure on how to accomplish this, will investigate further.
Top
 
jkaberg
just joined
Topic Author
Posts: 24
Joined: Sun Jul 17, 2016 5:00 am

Re: VLAN's with switch chip (CRS125)?

Tue Jul 26, 2016 7:58 pm

So I gave it a shoot with this config,
/interface ethernet
set numbers=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24 master-port=sfp1

/interface ethernet switch vlan
add ports=sfp1,ether24 vlan-id=10
add ports=sfp1,ether23 vlan-id=303
add ports=ether01,ether02,ether03,ether04,ether05,ether06,ether07,ether08,ether09,ether10,ether11,ether12,ether13,ether14,ether15,ether16,ether17,ether18,ether19,ether20,ether21,ether22,switch1-cpu vlan-id=20

/interface ethernet switch ingress-vlan-translation
add ports=ether23 new-customer-vid=303
add ports=ether01,ether02,ether03,ether04,ether05,ether06,ether07,ether08,ether09,ether10,ether11,ether12,ether13,ether14,ether15,ether16,ether17,ether18,ether19,ether20,ether21,ether22,switch1-cpu new-customer-vid=20

/interface ethernet switch egress-vlan-tag
add vlan-id=10 tagged-ports=sfp1,ether24
add vlan-id=20 tagged-ports=ether24,ether1,switch1-cpu
add vlan-id=303 tagged-ports=sfp1,ether23
But obviously this aint working (I can see there's traffic on sfp1 and ether23 but I can't see anything).. Seems I'm at a loss here..
Top
 
jkaberg
just joined
Topic Author
Posts: 24
Joined: Sun Jul 17, 2016 5:00 am

Re: VLAN's with switch chip (CRS125)?

Wed Jul 27, 2016 7:49 am

So after a few more hours tinkering and thinking I finally understand how this works, and here is my working config/solution with only VLAN's (no bridges or "vlan interfaces" aka. no CPU/software mode)
/interface ethernet
set [ find default-name=ether1 ] master-port=sfp1
set [ find default-name=ether2 ] master-port=sfp1
set [ find default-name=ether3 ] master-port=sfp1
set [ find default-name=ether4 ] master-port=sfp1
set [ find default-name=ether5 ] master-port=sfp1
set [ find default-name=ether6 ] master-port=sfp1
set [ find default-name=ether23 ] master-port=sfp1
set [ find default-name=ether24 ] master-port=sfp1
/interface ethernet switch egress-vlan-translation
add customer-vid=303 customer-vlan-format=untagged-or-tagged new-customer-vid=0 \
    ports=ether23 service-vlan-format=untagged-or-tagged
add customer-vid=20 customer-vlan-format=untagged-or-tagged new-customer-vid=0 \
    ports=ether1,ether2,ether3,ether4,ether5,ether6,switch1-cpu \
    service-vlan-format=untagged-or-tagged
add customer-vid=10 customer-vlan-format=untagged-or-tagged new-customer-vid=0 \
    ports=sfp1 service-vlan-format=untagged-or-tagged
/interface ethernet switch ingress-vlan-translation
add customer-vid=0 customer-vlan-format=untagged-or-tagged new-customer-vid=20 \
    ports=ether1,ether2,ether3,ether4,ether5,ether6,switch1-cpu \
    sa-learning=no service-vlan-format=untagged-or-tagged
add customer-vid=0 customer-vlan-format=untagged-or-tagged new-customer-vid=10 \
    ports=sfp1 sa-learning=no service-vlan-format=untagged-or-tagged
add customer-vid=0 customer-vlan-format=untagged-or-tagged new-customer-vid=303 \
    ports=ether23 sa-learning=no service-vlan-format=untagged-or-tagged
/interface ethernet switch vlan
add ports=ether23,sfp1 vlan-id=303
add ports=ether24,sfp1 vlan-id=10
add ports=ether1,ether2,ether3,ether4,ether5,ether6,ether24,switch1-cpu \
    vlan-id=20
For anyone comeing here not understanding what ingress and egress means (like me), ingress=inbound and egress=outbound and in my case as I needed untagged (tagged=traffic in a VLAN, untagged=not in VLAN) traffic on most of my "end destinations" I needed to translate VLAN's (in both directions) on thoes interfaces. Translate meaning either strip or add VLAN header to traffic
Top
Locked

Who is online

Users browsing this forum: Bing [Bot], MaxwellsEq, STMT and 101 guests
  4. RouterOS
  5. Beginner Basics