Hi,
I just bought two CRS210-8G-2S+IN.
They configured exactly the same:
Ports ether1 to ether4 are access ports for VLAN 100.
Ports ether5 to ether8 are access ports for VLAN 200.
Port sfp-sfplus1 is the trunk port.
I followed https://wiki.mikrotik.com/wiki/Manual:CRS_examples#Port_Based_VLAN to do that.
I’m going nuts to be honest: At first, the VLAN trunking didn’t work at all. After several reboots without changing the configuration it suddenly worked. “/interface ethernet switch unicast-fdb flush” didn’t help (I think I got this from the wiki).
Out of the blue, it started working. I added a management IP. By the way, the wiki lacks mentioning to add “switch1-cpu” to the vlan, creating a VLAN interface as described in the wiki din’t work either.
Okay, today I did
/interface ethernet switch set drop-if-invalid-or-src-port-not-member-of-vlan-on-ports=ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,sfp-sfpplus1
Switch was switching the two VLANs, but I lost connectivity to the management IP.
I removed the “drop-inf-invalid…” setting but access to management IP didn’t come back.
I rebooted the switch: Same situation.
I did a cold reboot: Access on management IP came back.
I would really appreciate it if someone could point me in the right direction.
I’m struggeling to determine if it’s a configuration error or a bad device.
Please find below the configuration of the switch. Thank you very much!
Regards,
Ape
[admin@SW-02] > /export
/interface ethernet
set [ find default-name=ether1 ] master-port=sfp-sfpplus1
set [ find default-name=ether2 ] master-port=sfp-sfpplus1
set [ find default-name=ether3 ] master-port=sfp-sfpplus1
set [ find default-name=ether4 ] master-port=sfp-sfpplus1
set [ find default-name=ether5 ] master-port=sfp-sfpplus1
set [ find default-name=ether6 ] master-port=sfp-sfpplus1
set [ find default-name=ether7 ] master-port=sfp-sfpplus1
set [ find default-name=ether8 ] master-port=sfp-sfpplus1
/ip firewall connection tracking
set enabled=no
/interface ethernet switch egress-vlan-tag
add tagged-ports=sfp-sfpplus1 vlan-id=100
add tagged-ports=sfp-sfpplus1 vlan-id=200
/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=100 ports=ether1,ether2,ether3,ether4
add customer-vid=0 new-customer-vid=200 ports=ether5,ether6,ether7,ether8
/interface ethernet switch vlan
add ports=switch1-cpu,ether1,ether2,ether3,ether4,sfp-sfpplus1 vlan-id=100
add ports=ether5,ether6,ether7,ether8,sfp-sfpplus1 vlan-id=200
/ip address
add address=10.10.1.4/24 interface=sfp-sfpplus1 network=10.10.1.0
/ip route
add distance=1 gateway=10.10.1.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name=SW-02
/tool bandwidth-server
set enabled=no