I would like to use my RB951G as a 5 port switch with wifi disabled.
What would be the required steps to take? (using the onboard switch chip)
starting from a blank config.
thx
Only ports 2-5 can be switched. You must create a bridge with port1 and port2 and set master port2 to ports 3-5.
Is this correct as below ?
Can I also make this a firewalled switch?
/interface bridge
add name="My bridge"
/interface ethernet
set [ find default-name=ether1 ] name=ether1-To-modem
set [ find default-name=ether3 ] master-port=ether2
set [ find default-name=ether4 ] master-port=ether2
set [ find default-name=ether5 ] master-port=ether2
/interface bridge port
add bridge="My bridge" interface=ether1-To-modem
add bridge="My bridge" interface=ether2
/system leds
set 0 interface=wlan1
If you want to disable wifi, you must disable wireless interface, not only LED indication.
/interface wireless
set [ find default-name=wlan1 ] disabled=yes
I don’t have 951g to check but is it missing “switch all ports” option?
i have a rb951G and i am using it as a hardware manageable switch using vlans (on switch) using all the 5 ports
looking the block diagram i think switch all option do not apply
when configuring in a blank config without ip addresses you have to star using winbox connecting to the mac od device
first of all reset config, then configure all ethernet ports using the same master port (except of course the master port itself)
put an ip address to the ethernet master interface to mange the device using ip address (more stable)
then use this guide to config vlans and rules (switch chip of rb951g Atheros8327 supports it)
Where should I set the IP for managing the switch without interfering with the switch function itself?
on Ethernet port 1 my ISP modem is connected that has a dhcp that hands out public IP’s.
port 2 to 5 are my clients that receives IP from ISP
Whatever interface is configured as master, put the IP address there. This won’t interfere with the switching functionality in any way.
Just set ether1 master=none, and ether2 - ether5 master = ether1.
Done. You can even plug the ISP modem into any of the 5 ports - the master port status only has to do with internal things like bridge membership, IP addressing, firewall rules, etc. Whatever of those settings you put on the master will also apply to the slaves.
If you’re also doing wifi with this unit, then create a bridge interface and then connect ether1 and wlan1 to the bridge in the ports tab of the bridge menu. Move the management IP onto the bridge interface. Configure the wireless settings however you wish and you’re good to go.
If I understand correctly the IP is only used internally and does not interfere with
the clients IP’s on port 2-5 or the wan IP on port 1?
In config below what is the command to set the management IP:
/interface bridge
add name="My bridge"
/interface ethernet
set [ find default-name=ether1 ] name=ether1-To-modem
set [ find default-name=ether3 ] master-port=ether2
set [ find default-name=ether4 ] master-port=ether2
set [ find default-name=ether5 ] master-port=ether2
/interface bridge port
add bridge="My bridge" interface=ether1-To-modem
add bridge="My bridge" interface=ether2
/system leds
set 0 interface=wlan1
please read this guide to understand the role of master an slave ports
I read that page and i understand how the switching works but i still have no clue how to set a management ip
for this config.
If you have a bridge between ether1 and ether2, then put the management IP on the bridge interface.
An earlier post in the thread stated that ether1 cannot be added to the hardware switch but the block diagram for the device shows all 5 ethernet interfaces being connected to the Atheros switch chip, so I’d think that you can hardware-switch all 5 interfaces, which would be the best thing to do.
RB951G-150611115818.png
I’m assuming that you want to use this as an access point as well, so you’re still going to need a bridge for that to work properly.
On the ethernet interfaces, set ether1’s master-port=none, and set ether2 - ether5 to use master-port = ether1.
Put the management IP on the bridge-local (or whatever your bridge’s name is), or put dhcp-client on bridge-local if you just want it to be assigned by DHCP, but finding the AP’s management IP might be more of a pain if it’s dynamic, so I’d recommend to just put a static IP address and default GW.
Then in the bridge menu, ports tab, add interfaces ether1 and wlan1 to the bridge-local bridge.
That’s all you have to do.
Any traffic between devices on the physical ethernet interfaces will be switched by the switch chip at wire speed, including traffic to/from the Internet. For these devices, your Mikrotik will be just a “dumb switch” and nothing more. For wireless clients, the traffic will be bridged by the CPU between the wlan and the switch chip, which will finish forwarding the packets to the proper interface, whether it’s ether1 for the Internet, or ether3 for your printer, for instance…
So with your explanation my config as below is wrong ?
I used eth2 as a master port for the switch and eth1 port is connected
to my isp modem.
I also dont know which static IP i should choose , since i dont want to interfere with the isp.
/interface bridge
add name="My bridge"
/interface ethernet
set [ find default-name=ether1 ] name=ether1-To-modem
set [ find default-name=ether3 ] master-port=ether2
set [ find default-name=ether4 ] master-port=ether2
set [ find default-name=ether5 ] master-port=ether2
/interface bridge port
add bridge="My bridge" interface=ether1-To-modem
add bridge="My bridge" interface=ether2
Remove ether1-to-modem from the bridge, and set its master port to be ether2.
(the master doesn’t have to be the first port - that’s just a convention)
As for IP address - whatever IP range your ISP modem assigns to things is what you should use on the AP.
If your computers and devices are getting 192.168.1.x, then make the IP 192.168.1.x.
Usually, devices will have a small range of addresses that are set aside for static assignments… in other words, DHCP starts assigning at .32 or .100 or something, and everything lower than that is never assigned in DHCP. Just pick a number from that range.
(you might want to log into your ISP router to see if it tells you anything about its DHCP)
As far as the interfering with the ISP modem concern - as long as nothing is set to use the 951G’s IP as a default gateway, and the 951G isn’t also running a DHCP server, then it won’t be a problem.
the modem hands out public addresses not private addresses.
I get max 4 public addresses from ISP
Then your goal is unclear to me. A switch has nothing to do with IP. You really need a router, so I’d suggest:
reset the 951G to factory defaults (in the /system reset configuration menu, there’s a checkbox “no defaults” - make sure that is NOT checked)
Then if your public IP addresses are assigned by DHCP, put dhcp-client on ether1-gateway. If they’re just static, then set the IP address manually (the Quick Set tool is quite useful for this) and set the default gateway address.
By default, ports 2-5 and the wireless are a single LAN. Just disable the wlan1 interface if you don’t want wireless. Then all of your hosts will be “behind” your 951G as a router. If you want another public IP address to map through to one of your servers, create a NAT rule to do that, and add the additional IP address to your WAN interface.
I already have a router which is configured as lan and AP.
I really just need this one configured as switch to go to my other router , digicorder and rpi server.
See manual cad 
network01FEB2016.jpg
lol @ manual cad.
Ok - then the big question is - do you intend for the devices you’re attaching to the RAS (routerboard-as-switch) to be “outside” your network and have public IP addresses on them directly? I’m assuming so - Therefore, follow my earlier advice (all 5 ether ports with ether1 = master, no bridge, wlan1 interface disabled), and you’ll just need to either burn a public IP address for the management, or else you could put a private IP address on it (pick whatever you want) and put a second IP on the WAN interface of the routing-mikrotik. Whatever IP you pick, put it on the master ethernet interface.
So say 192.168.200.1 = RAS and 192.168.200.2 = RAR (routerboard-as-router)
Put the 192.168.200.2/24 IP on the WAN interface of the RAR. This will work without interfering with the public IP network, and will be reachable from your LAN, even if you don’t bother to turn off NAT for the 192.168.200.2 target…
BUT - if you want to be slick and make the switch have an IP address “inside” your LAN, you can do this -
Create a new VLAN interface, name it mgmt, set the vlan-id to something, say 10, and put it on the master ethernet interface.
Put a free IP address from your LAN on the mgmt vlan interface of the RAS. Set the default GW to be the same as your LAN.
Now on the RAR, create a vlan interface “mgmt” and the same vlan-id (10) and attach it to the WAN interface of the RAR.
Then in the RAR’s local-bridge, add the VLAN interface to the bridge.
Now your switch will be managed as a LAN device, but won’t do any routing of any kind.