Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

Management VLAN configuration for CCR2004 router and mix of CRS1XX and CRS3XX switches

Post Reply
 
piotrekowalski
just joined
Topic Author
Posts: 1
Joined: Fri Dec 29, 2023 5:30 pm

Management VLAN configuration for CCR2004 router and mix of CRS1XX and CRS3XX switches

Mon Jan 08, 2024 5:09 pm

Hello every one.
Currently I am setting up small test network for vlan tests. Network consists of:
Router RT01 (model CCR2004), Core switch SW30 (model CRS317), Management switch SW10 (model CRS125) and Cluster switch SW20 (model CRS317).
I am connecting port sfp-sfpplus2 of RT01 to switch SW30 and configuring trunk for some vlans (including Vlan10 - Management). Ports on SW30 are trunk ports fo connecting acces switches.
Management switch SW10 is connected directly to RT01 (sfp1 of SW10 to ether10 of RT01). This connection is trunk connection for Vlan10 (management) only. All ether ports on SW10 are access ports for Vlan10.
Core switch SW20 is connected directly to RT01 (ether1 of SW20 to ether9 of RT01). This connection is trunk connection for Vlan10 (management) only. All sfp-sfpplus ports on SW20 are access ports for separated Vlan13 for cluster communication only.

When I/m pinging all switches from Router and from switches to router and each other there is no problem, ale devices return ping.
However, when I am connecting with my laptop to access port on Router (port ether7), I can ping router RT01, Core switch SW30 and access switches that are connected to it but I can not ping Management switch SW10 or Cluster switch SW20.

Can someone suggest me what am I doing wrong?


CCR2004 - RT01 - Router
Code: Select all
interface bridge
add name=BR1 protocol-mode=none vlan-filtering=yes
/interface vlan
add interface=BR1 name=Vlan10 vlan-id=10
add interface=BR1 name=Vlan11 vlan-id=11
add interface=BR1 name=Vlan12 vlan-id=12
add interface=BR1 name=Vlan13 vlan-id=13
add interface=BR1 name=Vlan14 vlan-id=14
add interface=BR1 name=Vlan15 vlan-id=15
add interface=BR1 name=Vlan30 vlan-id=30
add interface=BR1 name=Vlan40 vlan-id=40
add interface=BR1 name=Vlan41 vlan-id=41
/interface list
add name=WAN
add name=LAN
add name=GUEST
add name=MGMT
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=Vlan10_POOL ranges=10.10.10.230-10.10.10.240
add name=Vlan40_POOL ranges=10.10.40.2-10.10.40.254
add name=Vlan41_POOL ranges=10.10.41.2-10.10.41.254
/ip dhcp-server
add address-pool=Vlan10_POOL interface=Vlan10 name=Vlan10_DHCP
add address-pool=Vlan40_POOL interface=Vlan40 name=Vlan40_DHCP
add address-pool=Vlan41_POOL interface=Vlan41 name=Vlan41_DHCP
/port
set 0 name=serial0
set 1 name=serial1
/interface bridge port
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=ether3 pvid=40
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=ether4 pvid=40
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=ether5 pvid=40
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=ether6 pvid=40
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=ether7 pvid=10
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=ether8 pvid=41
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=ether11 pvid=41
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=ether12 pvid=41
add bridge=BR1 interface=sfp-sfpplus1
add bridge=BR1 frame-types=admit-only-vlan-tagged interface=sfp-sfpplus2
add bridge=BR1 frame-types=admit-only-vlan-tagged interface=ether1
add bridge=BR1 frame-types=admit-only-vlan-tagged interface=ether2
add bridge=BR1 frame-types=admit-only-vlan-tagged interface=ether9
add bridge=BR1 frame-types=admit-only-vlan-tagged interface=ether10
add bridge=BR1 interface=ether13
add bridge=BR1 interface=ether14
add bridge=BR1 interface=ether15
add bridge=BR1 interface=ether16
/ip neighbor discovery-settings
set discover-interface-list=MGMT
/interface bridge vlan
add bridge=BR1 tagged=BR1,sfp-sfpplus2,ether1,ether2,ether9,ether10,ether13,ether14,ether15,ether16 vlan-ids=10
add bridge=BR1 tagged=BR1,sfp-sfpplus2 vlan-ids=11
add bridge=BR1 tagged=BR1,sfp-sfpplus2 vlan-ids=12
add bridge=BR1 tagged=BR1,sfp-sfpplus2 vlan-ids=13
add bridge=BR1 tagged=BR1,sfp-sfpplus2 vlan-ids=14
add bridge=BR1 tagged=BR1,sfp-sfpplus2 vlan-ids=15
add bridge=BR1 tagged=BR1,sfp-sfpplus2 vlan-ids=30
add bridge=BR1 tagged=BR1,sfp-sfpplus2,ether1,ether2 vlan-ids=40
add bridge=BR1 tagged=BR1,sfp-sfpplus2 vlan-ids=41
/interface list member
add interface=sfp-sfpplus1 list=WAN
add interface=sfp-sfpplus2 list=LAN
add interface=ether1 list=GUEST
add interface=ether2 list=GUEST
add interface=ether3 list=GUEST
add interface=ether4 list=GUEST
add interface=ether5 list=LAN
add interface=ether6 list=LAN
add interface=ether7 list=MGMT
add interface=ether8 list=LAN
add interface=ether9 list=MGMT
add interface=ether10 list=MGMT
add interface=ether11 list=MGMT
add interface=ether12 list=MGMT
add interface=ether13 list=MGMT
add interface=ether14 list=MGMT
add interface=ether15 list=MGMT
add interface=ether16 list=MGMT
/ip address
add address=XXX.XXX.XXX.XXX/22 interface=sfp-sfpplus1 network=XXX.XXX.XXX.0
add address=10.10.10.1/24 interface=Vlan10 network=10.10.10.0
add address=10.10.11.1/24 interface=Vlan11 network=10.10.11.0
add address=10.10.12.1/24 interface=Vlan12 network=10.10.12.0
add address=10.10.13.1/24 interface=Vlan13 network=10.10.13.0
add address=10.10.14.1/24 interface=Vlan14 network=10.10.14.0
add address=10.10.15.1/24 interface=Vlan15 network=10.10.15.0
add address=10.10.30.1/24 interface=Vlan30 network=10.10.30.0
/ip dhcp-server network
add address=10.10.10.0/24 dns-server=10.10.10.1 gateway=10.10.10.1
add address=10.10.40.0/24 dns-server=10.10.10.1 gateway=10.10.40.1
add address=10.10.41.0/24 dns-server=10.10.10.1 gateway=10.10.41.1
/ip dns
set allow-remote-requests=yes servers=9.9.9.9
/ip route
add distance=1 gateway=XXX.XXX.XXX.XXX
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set winbox address=172.16.0.0/16,10.10.0.0/16
set api-ssl disabled=yes
/system identity
set name=RT01
/system note
set show-at-login=no
/system routerboard settings
set enter-setup-on=delete-key
/tool mac-server
set allowed-interface-list=MGMT
/tool mac-server mac-winbox
set allowed-interface-list=MGMT
/tool romon
set enabled=yes

CRS125 - SW10 - Management switch
Code: Select all
/interface bridge
add name=BR1
/interface vlan
add interface=BR1 name=Vlan10 vlan-id=10
/interface ethernet switch
set drop-if-invalid-or-src-port-not-member-of-vlan-on-ports="ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,ether11,ether12,ether13,ether14,ether15,ether16,ether17,ether18,ether19,ether20,ether21,ether22,ether23,ether24,sfp1"
/interface list
add name=MGMT
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/port
set 0 name=serial0
/interface bridge port
add bridge=BR1 interface=ether1
add bridge=BR1 interface=ether2
add bridge=BR1 interface=ether3
add bridge=BR1 interface=ether4
add bridge=BR1 interface=ether5
add bridge=BR1 interface=ether6
add bridge=BR1 interface=ether7
add bridge=BR1 interface=ether8
add bridge=BR1 interface=ether9
add bridge=BR1 interface=ether10
add bridge=BR1 interface=ether11
add bridge=BR1 interface=ether12
add bridge=BR1 interface=ether13
add bridge=BR1 interface=ether14
add bridge=BR1 interface=ether15
add bridge=BR1 interface=ether16
add bridge=BR1 interface=ether17
add bridge=BR1 interface=ether18
add bridge=BR1 interface=ether19
add bridge=BR1 interface=ether20
add bridge=BR1 interface=ether21
add bridge=BR1 interface=ether22
add bridge=BR1 interface=ether23
add bridge=BR1 interface=ether24
add bridge=BR1 interface=sfp1
/ip neighbor discovery-settings
set discover-interface-list=MGMT
/interface ethernet switch egress-vlan-tag
add tagged-ports=sfp1,switch1-cpu vlan-id=10
/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=10 ports=ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,ether11,ether12,ether13,ether14,ether15,ether16,ether17,ether18,ether19,ether20,ether21,ether22,ether23,ether24
/interface ethernet switch vlan
add ports="ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,ether11,ether12,ether13,ether14,ether15,ether16,ether17,ether18,ether19,ether20,ether21,ether22,ether23,ether24" vlan-id=0
add ports=sfp1,switch1-cpu vlan-id=10
/interface list member
add interface=Vlan10 list=MGMT
/ip address
add address=10.10.10.10/24 interface=Vlan10 network=10.10.10.0
/ip route
add distance=1 gateway=10.10.10.1
/system identity
set name=SW10
/system note
set show-at-login=no
/tool mac-server
set allowed-interface-list=MGMT
/tool mac-server mac-winbox
set allowed-interface-list=MGMT
/tool romon
set enabled=yes

CRS317 - SW20 - Cluster switch
Code: Select all
/interface bridge
add name=BR1 protocol-mode=none vlan-filtering=yes
/interface vlan
add interface=BR1 name=Vlan10 vlan-id=10
/interface list
add name=MGMT
/interface bridge port
add bridge=BR1 frame-types=admit-only-vlan-tagged interface=ether1
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=sfp-sfpplus1 pvid=13
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=sfp-sfpplus2 pvid=13
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=sfp-sfpplus3 pvid=13
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=sfp-sfpplus4 pvid=13
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=sfp-sfpplus5 pvid=13
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=sfp-sfpplus6 pvid=13
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=sfp-sfpplus7 pvid=13
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=sfp-sfpplus8 pvid=13
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=sfp-sfpplus9 pvid=13
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=sfp-sfpplus10 pvid=13
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=sfp-sfpplus11 pvid=13
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=sfp-sfpplus12 pvid=13
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=sfp-sfpplus13 pvid=13
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=sfp-sfpplus14 pvid=13
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=sfp-sfpplus15 pvid=13
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=sfp-sfpplus16 pvid=13
/ip neighbor discovery-settings
set discover-interface-list=MGMT
/interface bridge vlan
add bridge=BR1 tagged=BR1,ether1 vlan-ids=10
/interface list member
add interface=Vlan10 list=MGMT
/ip address
add address=10.10.10.20/24 interface=Vlan10 network=10.10.10.0
/ip route
add distance=1 gateway=10.10.10.1
/system identity
set name=SW20
/system note
set show-at-login=no
/system routerboard settings
set boot-os=router-os
/tool mac-server
set allowed-interface-list=MGMT
/tool mac-server mac-winbox
set allowed-interface-list=MGMT
/tool romon
set enabled=yes

CRS317 - SW30 - Core switch
Code: Select all
/interface bridge
add name=BR1 protocol-mode=none vlan-filtering=yes
/interface vlan
add interface=BR1 name=Vlan10 vlan-id=10
/interface list
add name=MGMT
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/port
set 0 name=serial0
/interface bridge port
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=ether1 pvid=10
add bridge=BR1 frame-types=admit-only-vlan-tagged interface=sfp-sfpplus1
add bridge=BR1 frame-types=admit-only-vlan-tagged interface=sfp-sfpplus2
add bridge=BR1 frame-types=admit-only-vlan-tagged interface=sfp-sfpplus3
add bridge=BR1 frame-types=admit-only-vlan-tagged interface=sfp-sfpplus4
add bridge=BR1 frame-types=admit-only-vlan-tagged interface=sfp-sfpplus5
add bridge=BR1 frame-types=admit-only-vlan-tagged interface=sfp-sfpplus6
add bridge=BR1 frame-types=admit-only-vlan-tagged interface=sfp-sfpplus7
add bridge=BR1 frame-types=admit-only-vlan-tagged interface=sfp-sfpplus8
add bridge=BR1 frame-types=admit-only-vlan-tagged interface=sfp-sfpplus9
add bridge=BR1 frame-types=admit-only-vlan-tagged interface=sfp-sfpplus10
add bridge=BR1 frame-types=admit-only-vlan-tagged interface=sfp-sfpplus11
add bridge=BR1 frame-types=admit-only-vlan-tagged interface=sfp-sfpplus12
add bridge=BR1 frame-types=admit-only-vlan-tagged interface=sfp-sfpplus13
add bridge=BR1 frame-types=admit-only-vlan-tagged interface=sfp-sfpplus14
add bridge=BR1 frame-types=admit-only-vlan-tagged interface=sfp-sfpplus15
add bridge=BR1 frame-types=admit-only-vlan-tagged interface=sfp-sfpplus16
/ip neighbor discovery-settings
set discover-interface-list=MGMT
/interface bridge vlan
add bridge=BR1 tagged="BR1,sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4,sfp-sfpplus5,sfp-sfpplus6,sfp-sfpplus7,sfp-sfpplus8,sfp-sfpplus9,sfp-sfpplus10,sfp-sfpplus11,sfp-sfpplus12,sfp-sfpplus13,sfp-sfpplus14,sfp-sfpplus15,sfp-sfpplus16" vlan-ids=10
add bridge=BR1 tagged="sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4,sfp-sfpplus5,sfp-sfpplus6,sfp-sfpplus7,sfp-sfpplus8,sfp-sfpplus9,sfp-sfpplus10,sfp-sfpplus11,sfp-sfpplus12,sfp-sfpplus13,sfp-sfpplus14,sfp-sfpplus15,sfp-sfpplus16" vlan-ids=11
add bridge=BR1 tagged="sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4,sfp-sfpplus5,sfp-sfpplus6,sfp-sfpplus7,sfp-sfpplus8,sfp-sfpplus9,sfp-sfpplus10,sfp-sfpplus11,sfp-sfpplus12,sfp-sfpplus13,sfp-sfpplus14,sfp-sfpplus15,sfp-sfpplus16" vlan-ids=12
add bridge=BR1 tagged="sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4,sfp-sfpplus5,sfp-sfpplus6,sfp-sfpplus7,sfp-sfpplus8,sfp-sfpplus9,sfp-sfpplus10,sfp-sfpplus11,sfp-sfpplus12,sfp-sfpplus13,sfp-sfpplus14,sfp-sfpplus15,sfp-sfpplus16" vlan-ids=13
add bridge=BR1 tagged="sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4,sfp-sfpplus5,sfp-sfpplus6,sfp-sfpplus7,sfp-sfpplus8,sfp-sfpplus9,sfp-sfpplus10,sfp-sfpplus11,sfp-sfpplus12,sfp-sfpplus13,sfp-sfpplus14,sfp-sfpplus15,sfp-sfpplus16" vlan-ids=14
add bridge=BR1 tagged="sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4,sfp-sfpplus5,sfp-sfpplus6,sfp-sfpplus7,sfp-sfpplus8,sfp-sfpplus9,sfp-sfpplus10,sfp-sfpplus11,sfp-sfpplus12,sfp-sfpplus13,sfp-sfpplus14,sfp-sfpplus15,sfp-sfpplus16" vlan-ids=15
add bridge=BR1 tagged="sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4,sfp-sfpplus5,sfp-sfpplus6,sfp-sfpplus7,sfp-sfpplus8,sfp-sfpplus9,sfp-sfpplus10,sfp-sfpplus11,sfp-sfpplus12,sfp-sfpplus13,sfp-sfpplus14,sfp-sfpplus15,sfp-sfpplus16" vlan-ids=30
add bridge=BR1 tagged="sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4,sfp-sfpplus5,sfp-sfpplus6,sfp-sfpplus7,sfp-sfpplus8,sfp-sfpplus9,sfp-sfpplus10,sfp-sfpplus11,sfp-sfpplus12,sfp-sfpplus13,sfp-sfpplus14,sfp-sfpplus15,sfp-sfpplus16" vlan-ids=41
/interface list member
add interface=Vlan10 list=MGMT
/ip address
add address=10.10.10.30/24 interface=Vlan10 network=10.10.10.0
/ip route
add distance=1 gateway=10.10.10.1
/system identity
set name=SW30
/system note
set show-at-login=no
/system routerboard settings
set boot-os=router-os
/tool mac-server
set allowed-interface-list=MGMT
/tool mac-server mac-winbox
set allowed-interface-list=MGMT
/tool romon
set enabled=yes
Top
Post Reply

Who is online

Users browsing this forum: No registered users and 19 guests
  4. RouterOS
  5. Beginner Basics