Advice on Network Config

RouterOS
1

Hello everyone, I am seeking advice for our network configuration for AV deployments. This is what we currently require:

Primary CRS328 Cloud Router Switch connected to secondary unmanaged Hex PoE switch handling camera streams.

VLAN-10: Dicentis + Dante
Ether 1-6: Contains hosts and server for Bosch Dicentis (IP-based conference system) also handles Dante traffic
VLAN-20: Video
Ether 7-14: Contains all video streams and link to hex PoE switch which powers PTZ cameras and carries IP camera streams
VLAN-30: Client devices/internet
Ether15-20: Used for connecting client devices that need access to internet but are intentionally separated from other VLAN’s

I have previously configured our switch by creating seperate bridges and assigning the required ports to each bridge, I understand that this method is crude and does not allow for advanced routing rules. This is problematic because we need one of one of our devices to sit in the video VLAN but have access to the Dicentis VLAN for camera + mic integration.

I am wondering what the best way to configure our network is?

2

Hi,

You have two different topics to cover:

  1. VLAN configuration: you can find a lot of topics on the forum covering it
  2. Dante: look for Dante keyword on the forum as Mikrotik is not considered to be easy base for such setups
    image
    image1331×669 127 KB
3

Use one bridge with VLAN filtering on your MikroTik CRS328 Cloud Router Switch

  • Create VLANs:

    • VLAN 10 → Dicentis + Dante

    • VLAN 20 → Video

    • VLAN 30 → Clients

  • Assign ports:

    • Ether1–6 → VLAN 10

    • Ether7–14 → VLAN 20

    • Ether15–20 → VLAN 30

  • Add VLAN interfaces (for routing)

Key fix for your problem:

Use firewall rules to allow only ONE device in VLAN 20 to access VLAN 10.

Bottom line:

:right_arrow: One bridge + VLANs + firewall = clean, flexible, and scalable setup