Hi to all,
i just bought CRS518-16XS-2XQ-RM and discover that SWOS doesn't exist (too lame).
I need to use my switch to have port-based VLAN !!! simple and efficient.
But i dunno how to setup it, only tuto talk about trunk setup, nos usefull for me !
Does some person can share configuration to do it with this switch please?
Best Regads.
Elrick
Re: Need to use CRS518-16XS-2XQ-RM as L2 switch to have port-based VLAN
That device supports bridge based VLAN filtering.
The documentation is here and is quite easy to understand:
https://help.mikrotik.com/docs/display/ ... NFiltering
The documentation is here and is quite easy to understand:
https://help.mikrotik.com/docs/display/ ... NFiltering
Re: Need to use CRS518-16XS-2XQ-RM as L2 switch to have port-based VLAN
I need to create 3 completely watertight VLANs, isolate them from each other and assign each port to a single VLAN so that the port in question can only be used for the VLAN in question.That device supports bridge based VLAN filtering.
The documentation is here and is quite easy to understand:
https://help.mikrotik.com/docs/display/ ... NFiltering
This amounts to using the hardware as level 2.
VLAN 2000 does not see other VLANs
VLAN 3000 does not see other VLANs
VLAN 4000 does not see other VLANs
The link you provide talks about trunking, which doesn't help me.
How can I set up this configuration with RouterOS?
Many thanks.
Re: Need to use CRS518-16XS-2XQ-RM as L2 switch to have port-based VLAN
Complete config follows (you'll have to start from completely blank config and you'll need winbox with MAC connection, preferrably use management port).
And that's it ... pure L2 switch without any tagged (a.k.a. trunk) ports. In this context IP addresses don't make any sense.
Beware that you won't have in-band management, you'll have to use the management port (which is the intended way).
Now, if you're thinking that this switch should have anything to do with particular IP addresses ... that would already be routing. Which CRS518 can do, bu it has to be properly configured.
Code: Select all
/interface/bridge
add name=bridge vlan-filtering=yes
/interfaca/bridge/port
add bridge=bridge interface=sfp-sfpplus1 pvid=2000
add bridge=bridge interface=sfp-sfpplus2 pvid=2000
add bridge=bridge interface=sfp-sfpplus3 pvid=2000
add bridge=bridge interface=sfp-sfpplus4 pvid=2000
add bridge=bridge interface=sfp-sfpplus5 pvid=2000
add bridge=bridge interface=sfp-sfpplus6 pvid=2000
add bridge=bridge interface=sfp-sfpplus7 pvid=3000
add bridge=bridge interface=sfp-sfpplus8 pvid=3000
add bridge=bridge interface=sfp-sfpplus9 pvid=3000
add bridge=bridge interface=sfp-sfpplus10 pvid=3000
add bridge=bridge interface=sfp-sfpplus11 pvid=3000
add bridge=bridge interface=sfp-sfpplus12 pvid=3000
add bridge=bridge interface=sfp-sfpplus13 pvid=4000
add bridge=bridge interface=sfp-sfpplus14 pvid=4000
add bridge=bridge interface=sfp-sfpplus15 pvid=4000
add bridge=bridge interface=sfp-sfpplus16 pvid=4000
Beware that you won't have in-band management, you'll have to use the management port (which is the intended way).
Now, if you're thinking that this switch should have anything to do with particular IP addresses ... that would already be routing. Which CRS518 can do, bu it has to be properly configured.
Re: Need to use CRS518-16XS-2XQ-RM as L2 switch to have port-based VLAN
Ohh, exaclty what i want. Many thanksComplete config follows (you'll have to start from completely blank config and you'll need winbox with MAC connection, preferrably use management port).
And that's it ... pure L2 switch without any tagged (a.k.a. trunk) ports. In this context IP addresses don't make any sense.Code: Select all/interface/bridge add name=bridge vlan-filtering=yes /interfaca/bridge/port add bridge=bridge interface=sfp-sfpplus1 pvid=2000 add bridge=bridge interface=sfp-sfpplus2 pvid=2000 add bridge=bridge interface=sfp-sfpplus3 pvid=2000 add bridge=bridge interface=sfp-sfpplus4 pvid=2000 add bridge=bridge interface=sfp-sfpplus5 pvid=2000 add bridge=bridge interface=sfp-sfpplus6 pvid=2000 add bridge=bridge interface=sfp-sfpplus7 pvid=3000 add bridge=bridge interface=sfp-sfpplus8 pvid=3000 add bridge=bridge interface=sfp-sfpplus9 pvid=3000 add bridge=bridge interface=sfp-sfpplus10 pvid=3000 add bridge=bridge interface=sfp-sfpplus11 pvid=3000 add bridge=bridge interface=sfp-sfpplus12 pvid=3000 add bridge=bridge interface=sfp-sfpplus13 pvid=4000 add bridge=bridge interface=sfp-sfpplus14 pvid=4000 add bridge=bridge interface=sfp-sfpplus15 pvid=4000 add bridge=bridge interface=sfp-sfpplus16 pvid=4000
Beware that you won't have in-band management, you'll have to use the management port (which is the intended way).
Now, if you're thinking that this switch should have anything to do with particular IP addresses ... that would already be routing. Which CRS518 can do, bu it has to be properly configured.
As you say ... if i specify subnet for each VLAN, i figure that it was routing and it will impact my switching throughput ? or not ? if not can you update the script with subnet on each VLAN please ?
If it has impact, i prefer to rest like this, i will test your first script.
Re: Need to use CRS518-16XS-2XQ-RM as L2 switch to have port-based VLAN
I try your script and i have an issue :Ohh, exaclty what i want. Many thanksComplete config follows (you'll have to start from completely blank config and you'll need winbox with MAC connection, preferrably use management port).
And that's it ... pure L2 switch without any tagged (a.k.a. trunk) ports. In this context IP addresses don't make any sense.Code: Select all/interface/bridge add name=bridge vlan-filtering=yes /interfaca/bridge/port add bridge=bridge interface=sfp-sfpplus1 pvid=2000 add bridge=bridge interface=sfp-sfpplus2 pvid=2000 add bridge=bridge interface=sfp-sfpplus3 pvid=2000 add bridge=bridge interface=sfp-sfpplus4 pvid=2000 add bridge=bridge interface=sfp-sfpplus5 pvid=2000 add bridge=bridge interface=sfp-sfpplus6 pvid=2000 add bridge=bridge interface=sfp-sfpplus7 pvid=3000 add bridge=bridge interface=sfp-sfpplus8 pvid=3000 add bridge=bridge interface=sfp-sfpplus9 pvid=3000 add bridge=bridge interface=sfp-sfpplus10 pvid=3000 add bridge=bridge interface=sfp-sfpplus11 pvid=3000 add bridge=bridge interface=sfp-sfpplus12 pvid=3000 add bridge=bridge interface=sfp-sfpplus13 pvid=4000 add bridge=bridge interface=sfp-sfpplus14 pvid=4000 add bridge=bridge interface=sfp-sfpplus15 pvid=4000 add bridge=bridge interface=sfp-sfpplus16 pvid=4000
Beware that you won't have in-band management, you'll have to use the management port (which is the intended way).
Now, if you're thinking that this switch should have anything to do with particular IP addresses ... that would already be routing. Which CRS518 can do, bu it has to be properly configured.
As you say ... if i specify subnet for each VLAN, i figure that it was routing and it will impact my switching throughput ? or not ? if not can you update the script with subnet on each VLAN please ?
If it has impact, i prefer to rest like this, i will test your first script.
Code: Select all
[admin@MikroTik] > /interface/bridge/port
[admin@MikroTik] /interface/bridge/port> add bridge=bridge interface=sfp-sfpplus1 pvid=2000
invalid value for argument interface:
input does not match any value of interface
input does not match any value of interface-list
[admin@MikroTik] /interface/bridge/port> add bridge=bridge interface=sfp28-1 pvid=2000
failure: device already added as bridge portit return failure: device already added as bridge port
Re: Need to use CRS518-16XS-2XQ-RM as L2 switch to have port-based VLAN
I should have added a disclaimer: I don't have a CRS518, so I've no idea how those SFP+ ports are named. Ypur corrected command did not work because you did not start from blank configuration but rather from default configuration. You could start from default config, but I can't write you a cookbook since ... I don't know what's default config.
As to routing: it really depends on the whole network layout, simply configuring subnets on CRS is verry likely not enough.
As to routing: it really depends on the whole network layout, simply configuring subnets on CRS is verry likely not enough.
Re: Need to use CRS518-16XS-2XQ-RM as L2 switch to have port-based VLAN
How can i clear all config ? How can i be sure that entire config is erased ?I should have added a disclaimer: I don't have a CRS518, so I've no idea how those SFP+ ports are named. Ypur corrected command did not work because you did not start from blank configuration but rather from default configuration. You could start from default config, but I can't write you a cookbook since ... I don't know what's default config.
As to routing: it really depends on the whole network layout, simply configuring subnets on CRS is verry likely not enough.
reset button from front panel is enoug ? i need to connect with winbox and start to write command directly ?
Re: Need to use CRS518-16XS-2XQ-RM as L2 switch to have port-based VLAN
It's been a while since I cleared config via UI ... but I have something lurking in the memory that winbox allows to do that (something like: reset configuration and don't check to use factory defaults).
But: as I said, you can probably go from current config, just post it here. In terminal window execute command "/export file=anynameyouwish", fetch file off device, open it with text editor, remove serial number and any password shown, then copy-paste it inside [code] [/code] block (the [] butzon above post editing region).
But: as I said, you can probably go from current config, just post it here. In terminal window execute command "/export file=anynameyouwish", fetch file off device, open it with text editor, remove serial number and any password shown, then copy-paste it inside [code] [/code] block (the [] butzon above post editing region).
Re: Need to use CRS518-16XS-2XQ-RM as L2 switch to have port-based VLAN
I use reset button and it sounds good, your command can be applied without error message.It's been a while since I cleared config via UI ... but I have something lurking in the memory that winbox allows to do that (something like: reset configuration and don't check to use factory defaults).
But: as I said, you can probably go from current config, just post it here. In terminal window execute command "/export file=anynameyouwish", fetch file off device, open it with text editor, remove serial number and any password shown, then copy-paste it inside [code] [/code] block (the [] butzon above post editing region).
Does all command is recorded directly ? there is no need to use command to save configuration ? it doesn't seems but i prefer to ask in doubt.
Other questions, about ether1 interface (that equal to management port), i notice that if i assign VLAN on it, i was no more able to connect to RouterOS, is it normal ?
When i try to connect, about Quick set, what mode does i need to choose, Router or Bridge ?
I will be interesting to have same script with VLAN ip subnet assigned, can you write it for me please?
Many thanks for your help, i win a lots of time
Re: Need to use CRS518-16XS-2XQ-RM as L2 switch to have port-based VLAN
In ROS, everything you type is applied immediately and permanently (unless you use safe mode).
During initial configuration you can decide to use QuickSet and one of its modes. I guess that bridge mode is the one making device a basic switch. When selecting router, it'll probably use first port as WAN port and possibly add firewall rules. But none of QuickSet modes cover multiple VLANs (and routing between them), here you're on your own.
Since you're still showing interest in QuickSet: after setting anything outside QuickSet windows (either the nornal GUI or CLI), never ever go back into QuickSet part of GUI. It'll mess your config in random ways making your mother cry.
As to the management port (ether1): it's not connected to switch chip, rather it connects directly to CPU. So any traffic passing it will bother (not so fast) CPU. So it really is meant only for out-of-band management and thus no VLANs are necessary. But if you do so, then yes, it's normal to loose access ... unless you prepare a few things beforehand. And that's true for in-band managenent as well (if you go for it ... many devices don't have dedicated management port and in-band management is commonly used)
I ferl that you want to learn more about how to do VLANs on Mikrotik (including routing), so I suggest you to study this great tutorial. When dealing with bridge, it's important to understand bridge's multiple personalities.
During initial configuration you can decide to use QuickSet and one of its modes. I guess that bridge mode is the one making device a basic switch. When selecting router, it'll probably use first port as WAN port and possibly add firewall rules. But none of QuickSet modes cover multiple VLANs (and routing between them), here you're on your own.
Since you're still showing interest in QuickSet: after setting anything outside QuickSet windows (either the nornal GUI or CLI), never ever go back into QuickSet part of GUI. It'll mess your config in random ways making your mother cry.
As to the management port (ether1): it's not connected to switch chip, rather it connects directly to CPU. So any traffic passing it will bother (not so fast) CPU. So it really is meant only for out-of-band management and thus no VLANs are necessary. But if you do so, then yes, it's normal to loose access ... unless you prepare a few things beforehand. And that's true for in-band managenent as well (if you go for it ... many devices don't have dedicated management port and in-band management is commonly used)
I ferl that you want to learn more about how to do VLANs on Mikrotik (including routing), so I suggest you to study this great tutorial. When dealing with bridge, it's important to understand bridge's multiple personalities.
Re: Need to use CRS518-16XS-2XQ-RM as L2 switch to have port-based VLAN
Concerning quickset, after resetting, I connected with Winbox and applied the configuration you gave me without difficulty but the Quickset window was pop-up when I connected.In ROS, everything you type is applied immediately and permanently (unless you use safe mode).
During initial configuration you can decide to use QuickSet and one of its modes. I guess that bridge mode is the one making device a basic switch. When selecting router, it'll probably use first port as WAN port and possibly add firewall rules. But none of QuickSet modes cover multiple VLANs (and routing between them), here you're on your own.
Since you're still showing interest in QuickSet: after setting anything outside QuickSet windows (either the nornal GUI or CLI), never ever go back into QuickSet part of GUI. It'll mess your config in random ways making your mother cry.
As to the management port (ether1): it's not connected to switch chip, rather it connects directly to CPU. So any traffic passing it will bother (not so fast) CPU. So it really is meant only for out-of-band management and thus no VLANs are necessary. But if you do so, then yes, it's normal to loose access ... unless you prepare a few things beforehand. And that's true for in-band managenent as well (if you go for it ... many devices don't have dedicated management port and in-band management is commonly used)
I ferl that you want to learn more about how to do VLANs on Mikrotik (including routing), so I suggest you to study this great tutorial. When dealing with bridge, it's important to understand bridge's multiple personalities.
From what I understand, it's better not to use it to avoid it modifying the configuration I've given it.
Nevertheless, do you know if I can configure the management port ether-1 with a fixed ip address and a subnet while keeping the VLANs working? So that I can connect to the management interface without going through Winbox?
If so, what commands should I enter?
Thanks for your help.
Re: Need to use CRS518-16XS-2XQ-RM as L2 switch to have port-based VLAN
For the ether1 config, you could go with something like this:
There are more settings that can go into DHCP server setup, but since you're setting up only management access and device is not configured for routing (yet), those additional settings don't make any sense. If you decide to develop the device into router (but I'm not going to spoon-feed you
), then you will have opportunity to add some features (such as dns-server, etc.).
Code: Select all
/ip/address
add address=192.168.88.1/24 interface=ether1
# the rest is optional if you want to allow PC with DHCP client running
/ip/pool
add name=pool-MGMT ranges=192.168.88.100-192.168.88.200
/ip/dhcp-server/network
add address=192.168.88.0/24 gateway=192.168.88.1 netmask=24
/ip/dhcp-server
add address-pool=pool-MGMT interface=ether1 name=dhcp-MGMT
There are more settings that can go into DHCP server setup, but since you're setting up only management access and device is not configured for routing (yet), those additional settings don't make any sense. If you decide to develop the device into router (but I'm not going to spoon-feed you
), then you will have opportunity to add some features (such as dns-server, etc.).Re: Need to use CRS518-16XS-2XQ-RM as L2 switch to have port-based VLAN
add address=192.168.88.1/24 interface=ether1 is enough, no services, only layer 2, other things is managed with pfsense.For the ether1 config, you could go with something like this:
Code: Select all/ip/address add address=192.168.88.1/24 interface=ether1 # the rest is optional if you want to allow PC with DHCP client running /ip/pool add name=pool-MGMT ranges=192.168.88.100-192.168.88.200 /ip/dhcp-server/network add address=192.168.88.0/24 gateway=192.168.88.1 netmask=24 /ip/dhcp-server add address-pool=pool-MGMT interface=ether1 name=dhcp-MGMT
There are more settings that can go into DHCP server setup, but since you're setting up only management access and device is not configured for routing (yet), those additional settings don't make any sense. If you decide to develop the device into router (but I'm not going to spoon-feed you
Many thanks for your help, i need now to recover some sfp+ and make some test.
Who is online
Users browsing this forum: No registered users and 0 guests