Hi.
I want to create 3 VLANs on lan side of my Mikrotik. For WAN I use SFP and one management IP which is working.

Then I want to add 3 VLANs (ex. 10, 20, 30) under Interfaces tab, VLAN ID and add them to bridge that has 1-8 gig ports.
I create 3 addressess (192.167.10.1/24, etc) and add them to VLAN10 etc.
From all the videos and manuals, this should be enough.
But when I plug in my laptop to port 1 and set IP 192.168.10.10/24 with gateway 192.168.10.1 I cannot ping my gateway or other gateways (192.168.20.1, and 192.168.30.1).
Same happens if I set IP address from VLAN20 or 30 to my laptop.

I tought this should be easy and VLANs would see eachother.

If I add address directly to port on Mikrotik without creating VLAN it is working.

My goal is to have all 8 ports in trunk for these 3 VLANs and all devices in those 3 VLANs can access eachother.

Appreciate any help I can get!

With regards.

Can you please show your configuration so we can all see what you did and point you to right direction ?

There is a dedicated page for this switch:
https://help.mikrotik.com/docs/pages/vi ... =103841836

Think (can't see your current config yet) that you used VLAN filtering on the bridge, but to get better performance you should do it on the switch.

Whether the VLAN's can communicate to each other is depending on the router, not on the switch.

There is a dedicated page for this switch:
https://help.mikrotik.com/docs/pages/vi ... =103841836

Think (can't see your current config yet) that you used VLAN filtering on the bridge, but to get better performance you should do it on the switch.

Whether the VLAN's can communicate to each other is depending on the router, not on the switch.

Thank you.
Actually I would like it to act more as a router, not a switch.
For those 3 VLANs, Mikrotik would be a gateway and routing between VLANs should be on it.
I have not used VLAN filtering, it is set to default. I only did those steps, written above.
I can post my cofig, if it will make it clearer.

Thank you

Don't... That device is not meant to be a router...

Don't... That device is not meant to be a router...

Hello.
Really? Eventhough it says it can work as a router?
Basicly i want to separate my network from other network whic would be NATed for access.
I was thinking I could use this model as separator and have 3 VLANs for second network on it. Traffic will be small and slow. I can provide with network diagram, if it will clear things. I really am stuck...

Thank you.

It can work but it won't work well. What are you using now as router ?

Don't... That device is not meant to be a router...

Really? Eventhough it says it can work as a router?

It can work as a router, but performance is below mediocre. Look at official test results. Even in most optimistic interpretation it can't route at more than a few hundred Mbps. Reslistic real-life performance estimate is number, listed as "routing - 25 ip filter rules - 512 bytes", for your device it's mere 30Mbps.

If you would like push forward with configuring it as router, then show us you current (non-working) config.

Really? Eventhough it says it can work as a router?

It can work as a router, but performance is below mediocre. Look at official test results. Even in most optimistic interpretation it can't route at more than a few hundred Mbps. Reslistic real-life performance estimate is number, listed as "routing - 25 ip filter rules - 512 bytes", for your device it's mere 30Mbps.

If you would like push forward with configuring it as router, then show us you current (non-working) config.

I do not worry about performance, because this will serve only as Proof of Concept.

Below is current - non working configuration:

/interface bridge
add name=bridge protocol-mode=none
/interface ethernet
set [ find default-name=sfp9 ] name="sfp9 - UPLINK"
/interface vlan
add interface=bridge name=VLAN10 vlan-id=10
add interface=bridge name=VLAN20 vlan-id=20
add interface=bridge name=VLAN30 vlan-id=30
/interface ethernet switch
/interface ethernet switch trunk
add member-ports=ether1,ether2 name=trunk-1-2
set 0 name=serial0
/interface bridge port
add bridge=bridge interface=ether1
add bridge=bridge interface=ether2
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
/ip address
add address=192.168.99.10/24 interface="sfp9 - UPLINK" network=192.168.99.0
add address=192.168.10.1/24 interface=VLAN10 network=192.168.10.0
add address=192.168.20.1/24 interface=VLAN20 network=192.168.20.0
add address=192.168.30.1/24 interface=VLAN30 network=192.168.30.0
/ip dns
set servers=8.8.8.8
/ip firewall nat
add action=masquerade chain=srcnat out-interface=sfp12
/routing bfd configuration
add disabled=no interfaces=all min-rx=200ms min-tx=200ms multiplier=5

Also, picture shows topology how this Mikrotik would be used.

With regards and appreciation.

Really? Eventhough it says it can work as a router?

It can work as a router, but performance is below mediocre. Look at official test results. Even in most optimistic interpretation it can't route at more than a few hundred Mbps. Reslistic real-life performance estimate is number, listed as "routing - 25 ip filter rules - 512 bytes", for your device it's mere 30Mbps.

If you would like push forward with configuring it as router, then show us you current (non-working) config.

I had no vlans and one simple routing entry. I got realistic 10 MBit/s.
And hardware offload was already active.
Version 7.12 and 7.13 tested.

From my own experience I would recommend a crs328. It does routing a little better.
I ended up building an esxi vm and bought a license, as the 328 was to weak for vpn.
My routing including site2site VPN with high encryption settings works great with a vm of 4 cores at each 2,5 GHz.
(At least the bottleneck is now on the other side )

I thought the same... but the crs112 is not a router.

Guess what, CRS is also not a router It will do routing but poorly...

Guess what, CRS is also not a router It will do routing but poorly...

Ok, thank you.
Can you please help me with what I'm doing wrong with my configuration anyways? I would like to understand why it is not working as I tought it would. Never mind performance.

Thank you

Can you please help me with what I'm doing wrong with my configuration anyways?

Apart from VLAN interfaces (which allows CPU to talk to individual VLANs) you don't have any VLAN configuration in place. So none of ports are members of any of VLANs.

Have a look at CRS1xx switch configuration examples, in particular section "Port based VLAN".

Be careful because it's very easy to cut off your management access and only reset to factory defaults helps. So export/backup often, use "safe mode" extensively (unless you foresee that connectivity will break because it has to). And make sure you add switch-cpu interface as tagged member of all VLANs, otherwise CPU won't see any of traffic it has to (for routing).