Configure CRS328-24P-4S+RM Initial config?

RouterOS Beginner Basics
1

Hi,

I want to replace my Cisco and HP switch with this CRS328-24P-4S+RM switch. I’ve already bought it. It’s connected to my Fortigate 60e appliance, where I’ve already configured the VLAN IPs, networks etc.. (Essentially, most of the networking is done at a firewall level, and it’s just static routes)

I have WiFi APs, where I need them to be in “trunk” or “tagged” mode, and allow other VLANs too , given it allows multiple SSIDs on different VLANs. They’d need to have DHCP being allowed out too, as well as to be able to route out to the firewall

sfp-sfpplus1 would be my uplink

Would the following work for me?

/interface bridge
add name=bridge1
/interface bridge port
add bridge=bridge1 interface=ether1 hw=yes (WiFI)
add bridge=bridge1 interface=ether2 hw=yes (WiFi)
add bridge=bridge1 interface=ether3 hw=yes (WiFi)
add bridge=bridge1 interface=ether4 hw=yes pvid=10 (NAS)
add bridge=bridge1 interface=ether5 hw=yes pvid=50 (Telephony)
add bridge=bridge1 interface=ether6 hw=yes pvid=60 (Sky Q box)
add bridge=bridge1 interface=ether7 hw=yes pvid=30 (IP Cameras)
add bridge=bridge1 interface=ether8 hw=yes pvid=30 (IP Cameras)
add bridge=bridge1 interface=ether9 hw=yes pvid=30 (IP Cameras)
/interface bridge vlan
add bridge=bridge1 tagged=sfp-sfpplus1 tagged=ether1 vlan-ids=10 (WiFI)
add bridge=bridge1 tagged=sfp-sfpplus1 tagged=ether2 vlan-ids=10 (WiFi)
add bridge=bridge1 tagged=sfp-sfpplus1 tagged=ether3 vlan-ids=10 (WiFi)
add bridge=bridge1 tagged=sfp-sfpplus1 untagged=ether4 vlan-ids=10 (NAS)
add bridge=bridge1 tagged=sfp-sfpplus1 untagged=ether5 vlan-ids=50
add bridge=bridge1 tagged=sfp-sfpplus1 untagged=ether6 vlan-ids=60 (Yealink Telephony)
add bridge=bridge1 tagged=sfp-sfpplus1 untagged=ether7 vlan-ids=30 (IP Cameras)
add bridge=bridge1 tagged=sfp-sfpplus1 untagged=ether8 vlan-ids=30 (IP Cameras)
add bridge=bridge1 tagged=sfp-sfpplus1 untagged=ether9 vlan-ids=30 (IP Cameras)
add bridge=bridge1 tagged=sfp-sfpplus1,bridge1 vlan-ids=40 (Uplink)
/interface vlan
add interface=bridge1 vlan-id=10 name=LAN
add interface=bridge1 vlan-id=20 name=iOT
add interface=bridge1 vlan-id=30 name=IP_Cameras
add interface=bridge1 vlan-id=40 name=Management
add interface=bridge1 vlan-id=50 name=Telephone
add interface=bridge1 vlan-id=60 name=Guest
add interface=bridge1 vlan-id=70 name=DMZ
/ip address
add address=10.10.40.2/24 interface=Management
/interface bridge
set bridge1 vlan-filtering=yes

The IP of the firewall in the same VLAN range is 10.10.40.1

2

Almost. The syntax of your /interface bridge vlan section is not correct - you can only specify a vlan-ids= value once and the tagged= / untagged= entries expect a list rather than being repeated, also if you wish to comment entries the syntax is comment=“some text”, so:

/interface bridge vlan
add bridge=bridge1 tagged=sfp-sfpplus1,ether1,ether2,ether3 vlan-ids=10
add bridge=bridge1 tagged=sfp-sfpplus1 vlan-ids=30
add bridge=bridge1 tagged=sfp-sfpplus1,bridge1 vlan-ids=40
add bridge=bridge1 tagged=sfp-sfpplus1 vlan-ids=50
add bridge=bridge1 tagged=sfp-sfpplus1 vlan-ids=60

Note I prefer to leave out the untagged= entries under /interface bridge vlan as they will be dynamically added to match the pvid= settings under /interface bridge port so as not to accidentally end up with a mismatch. If you look in Winbox or use /interface bridge vlan print you can see the current membership, inactive (i.e. down / not running) interfaces do not appear.

You may wish to drop unexpected VLAN ingress as by default all are accepted, add ingress-filtering=yes to the /interface bridge port entries, also on a pure trunk add frame-types=admit-only-vlan-tagged otherwise there will always be an untagged VLAN membeship dynamically added matching the PVID.

Currently ether1-3 only have VLAN 10 tagged for the APs, add these interfaces as tagged members of other VLAN IDs as required.

You only need /interface vlan entries for the VLANs which are accessing services on the CRS, not those passing through the bridge, so it reduces to:
/interface vlan
add interface=bridge1 vlan-id=40 name=Management

If you wish to access the CRS from subnets other than 10.10.40.0/24 you need a default route for the return traffic:
/ip route
add distance=1 gateway=10.10.40.1

3

THank you!! Sorry for not replying earlier. I visited my sister

Would it be like this then?

/interface bridge
add name=bridge1
/interface bridge port
add bridge=bridge1 interface=ether1 hw=yes,comment=WiFi
add bridge=bridge1 interface=ether2 hw=yes,comment=WiFi
add bridge=bridge1 interface=ether3 hw=yes,comment=WiFi
add bridge=bridge1 interface=ether4 hw=yes pvid=10,comment=NAS
add bridge=bridge1 interface=ether5 hw=yes pvid=50,comment=Telephony
add bridge=bridge1 interface=ether6 hw=yes pvid=60,comment=Guest
add bridge=bridge1 interface=ether7 hw=yes pvid=30,comment=IP_Cameras
add bridge=bridge1 interface=ether8 hw=yes pvid=30,comment=IP_Cameras
add bridge=bridge1 interface=ether9 hw=yes pvid=30,comment=IP_Cameras
set bridge1 vlan-filtering=yes
ingress-filtering=yes 
/interface bridge vlan
add bridge=bridge1 tagged=sfp-sfpplus1,ether1,ether2,ether3 vlan-ids=10
add bridge=bridge1 tagged=sfp-sfpplus1 vlan-ids=20
add bridge=bridge1 tagged=sfp-sfpplus1 vlan-ids=30
add bridge=bridge1 tagged=sfp-sfpplus1,bridge1 vlan-ids=40
add bridge=bridge1 tagged=sfp-sfpplus1 vlan-ids=50
add bridge=bridge1 tagged=sfp-sfpplus1 vlan-ids=60
add bridge=bridge1 tagged=sfp-sfpplus1 vlan-ids=70
/interface vlan
add interface=bridge1 vlan-id=40 name=Management
/ip address
add address=10.10.40.2/24 interface=Management
/ip route
add distance=1 gateway=10.10.40.1

I should also mention that currently, on my WiFi I have it configured as following on the Cisco switch

interface ran GigabitEthernet0/1-3
 description WiFi
 switchport access vlan 10
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 10
 switchport trunk allowed vlan 10,20,60
 switchport mode trunk

Would I need to amend the config to say

/interface bridge
add name=bridge1
/interface bridge port
add bridge=bridge1 interface=ether1 hw=yes,comment=WiFi
add bridge=bridge1 interface=ether2 hw=yes,comment=WiFi
add bridge=bridge1 interface=ether3 hw=yes,comment=WiFi
add bridge=bridge1 interface=ether4 hw=yes pvid=10,comment=NAS
add bridge=bridge1 interface=ether5 hw=yes pvid=50,comment=Telephony
add bridge=bridge1 interface=ether6 hw=yes pvid=60,comment=Guest
add bridge=bridge1 interface=ether7 hw=yes pvid=30,comment=IP_Cameras
add bridge=bridge1 interface=ether8 hw=yes pvid=30,comment=IP_Cameras
add bridge=bridge1 interface=ether9 hw=yes pvid=30,comment=IP_Cameras
set bridge1 vlan-filtering=yes
ingress-filtering=yes 
/interface bridge vlan
add bridge=bridge1 tagged=sfp-sfpplus1,ether1,ether2,ether3 vlan-ids=10
[b]add bridge=bridge1 untagged= ether1,ether2,ether3 vlan-ids=10
add bridge=bridge1 untagged= ether1,ether2,ether3 vlan-ids=20
add bridge=bridge1 untagged= ether1,ether2,ether3 vlan-ids=60[/b]
add bridge=bridge1 tagged=sfp-sfpplus1 vlan-ids=20
add bridge=bridge1 tagged=sfp-sfpplus1 vlan-ids=30
add bridge=bridge1 tagged=sfp-sfpplus1,bridge1 vlan-ids=40
add bridge=bridge1 tagged=sfp-sfpplus1 vlan-ids=50
add bridge=bridge1 tagged=sfp-sfpplus1 vlan-ids=60
add bridge=bridge1 tagged=sfp-sfpplus1 vlan-ids=70

/interface vlan
add interface=bridge1 vlan-id=40 name=Management
/ip address
add address=10.10.40.2/24 interface=Management
/ip route
add distance=1 gateway=10.10.40.1

How would the switch know what the PVID is, if I don’t actually define said VLANs on the switch? THey are configured on my firewall however

4

There should be no comma before the comment=


How would the switch know what the PVID is, if I don’t actually define said VLANs on the switch?

The VLANs and untagged membership are dynamically generated from the pvid= entries under /interface bridge port if they have not been made explicitly.

Your Mikrotik configuration doesn’t match that on the Cisco for the WiFi AP interfaces.
interface PORT
switchport trunk encapsulation dot1q
switchport trunk native vlan R
switchport trunk allowed vlan R,S,T
switchport mode trunk
translates to
/interface bridge port
add bridge=bridge1 interface=PORT hw=yes pvid=R
/interface bridge vlan
add bridge=bridge1 tagged=…,PORT,… vlan-ids=S
add bridge=bridge1 tagged=…,PORT,… vlan-ids=T

So, the switchport trunk native vlan 10 becomes:
/interface bridge port
add bridge=bridge1 interface=ether1 hw=yes pvid=10 comment=WiFi
add bridge=bridge1 interface=ether2 hw=yes pvid=10 comment=WiFi
add bridge=bridge1 interface=ether3 hw=yes pvid=10 comment=WiFi

As I mentioned previously you can’t have the same vlan-ids= appear more than once under /interface bridge vlan, so:
/interface bridge vlan
add bridge=bridge1 tagged=sfp-sfpplus1 vlan-ids=10
add bridge=bridge1 tagged=sfp-sfpplus1,ether1,ether2,ether3 vlan-ids=20
add bridge=bridge1 tagged=sfp-sfpplus1 vlan-ids=30
add bridge=bridge1 tagged=sfp-sfpplus1,bridge1 vlan-ids=40
add bridge=bridge1 tagged=sfp-sfpplus1 vlan-ids=50
add bridge=bridge1 tagged=sfp-sfpplus1,ether1,ether2,ether3 vlan-ids=60
add bridge=bridge1 tagged=sfp-sfpplus1 vlan-ids=70

5

Thanks. I think I’ve got it now (with your help)? The following should therefore work?

/interface bridge
add name=bridge1
/interface bridge port
add bridge=bridge1 interface=ether1 hw=yes comment=WiFi
add bridge=bridge1 interface=ether2 hw=yes comment=WiFi
add bridge=bridge1 interface=ether3 hw=yes comment=WiFi
add bridge=bridge1 interface=ether4 hw=yes pvid=10 comment=NAS
add bridge=bridge1 interface=ether5 hw=yes pvid=50 comment=Telephony
add bridge=bridge1 interface=ether6 hw=yes pvid=60 comment=Guest
add bridge=bridge1 interface=ether7 hw=yes pvid=30 comment=IP_Cameras
add bridge=bridge1 interface=ether8 hw=yes pvid=30 comment=IP_Cameras
add bridge=bridge1 interface=ether9 hw=yes pvid=30 comment=IP_Cameras
set bridge1 vlan-filtering=yes
ingress-filtering=yes 
/interface bridge vlan
add bridge=bridge1 tagged=sfp-sfpplus1 vlan-ids=10
add bridge=bridge1 tagged=sfp-sfpplus1,ether1,ether2,ether3 vlan-ids=20
add bridge=bridge1 tagged=sfp-sfpplus1 vlan-ids=30
add bridge=bridge1 tagged=sfp-sfpplus1,bridge1 vlan-ids=40
add bridge=bridge1 tagged=sfp-sfpplus1 vlan-ids=50
add bridge=bridge1 tagged=sfp-sfpplus1,ether1,ether2,ether3 vlan-ids=60
add bridge=bridge1 tagged=sfp-sfpplus1 vlan-ids=70
/interface bridge port
add bridge=bridge1 interface=ether1 hw=yes pvid=10 comment=WiFi
add bridge=bridge1 interface=ether2 hw=yes pvid=10 comment=WiFi
add bridge=bridge1 interface=ether3 hw=yes pvid=10 comment=WiFi
/interface vlan
add interface=bridge1 vlan-id=40 name=Management
/ip address
add address=10.10.40.2/24 interface=Management
/ip route
add distance=1 gateway=10.10.40.1

Is there a reason why the first bit is like this?

/interface bridge port
add bridge=bridge1 interface=ether1 hw=yes comment=WiFi
add bridge=bridge1 interface=ether2 hw=yes comment=WiFi
add bridge=bridge1 interface=ether3 hw=yes comment=WiFi
add bridge=bridge1 interface=ether4 hw=yes pvid=10 comment=NAS

and doesn’t say

add bridge=bridge1 interface=ether1 hw=yes pvid=10 comment=WiFi
add bridge=bridge1 interface=ether2 hw=yes pvid=10 comment=WiFi
add bridge=bridge1 interface=ether3 hw=yes pvid=10 comment=WiFi
add bridge=bridge1 interface=ether4 hw=yes pvid=10 comment=NAS[/code]

Is this because the WiFi requires said native VLAN and trunking?

6

You have created a second /interface vlan port section rather than updating the original one with the correct settings. This will fail when the statements in the second section attempt to add ports which have already been added by statements in the first section - merge the two together.

7

Hi,

I have one that says “interface vlan” and one that says “Interface bridge vlan” I can’t see where I’ve entered it twice?

8

You have
/interface bridge port
add bridge=bridge1 interface=ether1 hw=yes comment=WiFi
add bridge=bridge1 interface=ether2 hw=yes comment=WiFi
add bridge=bridge1 interface=ether3 hw=yes comment=WiFi
add bridge=bridge1 interface=ether4 hw=yes pvid=10 comment=NAS
add bridge=bridge1 interface=ether5 hw=yes pvid=50 comment=Telephony
add bridge=bridge1 interface=ether6 hw=yes pvid=60 comment=Guest
add bridge=bridge1 interface=ether7 hw=yes pvid=30 comment=IP_Cameras
add bridge=bridge1 interface=ether8 hw=yes pvid=30 comment=IP_Cameras
add bridge=bridge1 interface=ether9 hw=yes pvid=30 comment=IP_Cameras

and further on

/interface bridge port
add bridge=bridge1 interface=ether1 hw=yes pvid=10 comment=WiFi
add bridge=bridge1 interface=ether2 hw=yes pvid=10 comment=WiFi
add bridge=bridge1 interface=ether3 hw=yes pvid=10 comment=WiFi

9

Ah apologies. So it should be like this?

/interface bridge
add name=bridge1
/interface bridge port
add bridge=bridge1 interface=ether1 hw=yes comment=WiFi
add bridge=bridge1 interface=ether2 hw=yes comment=WiFi
add bridge=bridge1 interface=ether3 hw=yes comment=WiFi
add bridge=bridge1 interface=ether4 hw=yes pvid=10 comment=NAS
add bridge=bridge1 interface=ether5 hw=yes pvid=50 comment=Telephony
add bridge=bridge1 interface=ether6 hw=yes pvid=60 comment=Guest
add bridge=bridge1 interface=ether7 hw=yes pvid=30 comment=IP_Cameras
add bridge=bridge1 interface=ether8 hw=yes pvid=30 comment=IP_Cameras
add bridge=bridge1 interface=ether9 hw=yes pvid=30 comment=IP_Cameras
add bridge=bridge1 interface=ether1 hw=yes pvid=10 comment=WiFi
add bridge=bridge1 interface=ether2 hw=yes pvid=10 comment=WiFi
add bridge=bridge1 interface=ether3 hw=yes pvid=10 comment=WiFi
set bridge1 vlan-filtering=yes
ingress-filtering=yes 
/interface bridge vlan
add bridge=bridge1 tagged=sfp-sfpplus1 vlan-ids=10
add bridge=bridge1 tagged=sfp-sfpplus1,ether1,ether2,ether3 vlan-ids=20
add bridge=bridge1 tagged=sfp-sfpplus1 vlan-ids=30
add bridge=bridge1 tagged=sfp-sfpplus1,bridge1 vlan-ids=40
add bridge=bridge1 tagged=sfp-sfpplus1 vlan-ids=50
add bridge=bridge1 tagged=sfp-sfpplus1,ether1,ether2,ether3 vlan-ids=60
add bridge=bridge1 tagged=sfp-sfpplus1 vlan-ids=70
/interface vlan
add interface=bridge1 vlan-id=40 name=Management
/ip address
add address=10.10.40.2/24 interface=Management
/ip route
add distance=1 gateway=10.10.40.1
10

No, it should be like this:

/interface bridge port
add bridge=bridge1 interface=ether1 hw=yes pvid=10 comment=WiFi
add bridge=bridge1 interface=ether2 hw=yes pvid=10 comment=WiFi
add bridge=bridge1 interface=ether3 hw=yes pvid=10 comment=WiFi
add bridge=bridge1 interface=ether4 hw=yes pvid=10 comment=NAS
add bridge=bridge1 interface=ether5 hw=yes pvid=50 comment=Telephony
add bridge=bridge1 interface=ether6 hw=yes pvid=60 comment=Guest
add bridge=bridge1 interface=ether7 hw=yes pvid=30 comment=IP_Cameras
add bridge=bridge1 interface=ether8 hw=yes pvid=30 comment=IP_Cameras
add bridge=bridge1 interface=ether9 hw=yes pvid=30 comment=IP_Cameras

Surely this is not too difficult to infer?

11

Apologies. I did query why the config for WiFI didn’t say “pvid=10” above

So it should be like this then?

/interface bridge
add name=bridge1
/interface bridge port
add bridge=bridge1 interface=ether1 hw=yes pvid=10 comment=WiFi
add bridge=bridge1 interface=ether2 hw=yes pvid=10 comment=WiFi
add bridge=bridge1 interface=ether3 hw=yes pvid=10 comment=WiFi
add bridge=bridge1 interface=ether4 hw=yes pvid=10 comment=NAS
add bridge=bridge1 interface=ether5 hw=yes pvid=50 comment=Telephony
add bridge=bridge1 interface=ether6 hw=yes pvid=60 comment=Guest
add bridge=bridge1 interface=ether7 hw=yes pvid=30 comment=IP_Cameras
add bridge=bridge1 interface=ether8 hw=yes pvid=30 comment=IP_Cameras
add bridge=bridge1 interface=ether9 hw=yes pvid=30 comment=IP_Cameras
set bridge1 vlan-filtering=yes
ingress-filtering=yes 
/interface bridge vlan
add bridge=bridge1 tagged=sfp-sfpplus1 vlan-ids=10
add bridge=bridge1 tagged=sfp-sfpplus1,ether1,ether2,ether3 vlan-ids=20
add bridge=bridge1 tagged=sfp-sfpplus1 vlan-ids=30
add bridge=bridge1 tagged=sfp-sfpplus1,bridge1 vlan-ids=40
add bridge=bridge1 tagged=sfp-sfpplus1 vlan-ids=50
add bridge=bridge1 tagged=sfp-sfpplus1,ether1,ether2,ether3 vlan-ids=60
add bridge=bridge1 tagged=sfp-sfpplus1 vlan-ids=70
/interface vlan
add interface=bridge1 vlan-id=40 name=Management
/ip address
add address=10.10.40.2/24 interface=Management
/ip route
12

I’ve forgotten to add “add distance=1 gateway=10.10.40.1” after /iproute on my other post

I imagine that should work?

Thanks

13

Hi,

When i went to make a change it said

"[admin@MikroTik] /interface bridge port>> add bridge=bridge1 interface=ether1 hw
es pvid=10 comment=WiFi
failure: device already added as bridge port
[admin@MikroTik] /interface bridge port>
"

By default, it appears Mikrotik has added every single port to the “bridge” that’s defined as “bridge” instead of “bridge1” I’ve tried to “remove” this, but it has a syntax issue. I’m not sure what else is needed?

When I’ve physically removed ether1, and added it back “hw.offload” is not ticked in the GUI?

14

Hi,

What I’ve since done is:

/interface bridge
add name=bridge
/interface bridge port
/interface bridge port
set [ find interface=ether1 ] hw=yes pvid=10 comment="WiFi"
set [ find interface=ether2 ] hw=yes pvid=10 comment="WiFi"
set [ find interface=ether3 ] hw=yes pvid=10 comment="WiFi"
set [ find interface=ether4 ] hw=yes pvid=10 comment="NAS"
set [ find interface=ether5 ] hw=yes pvid=50 comment="Telephony"
set [ find interface=ether6 ] hw=yes pvid=60 comment="Guest"
set [ find interface=ether7 ] hw=yes pvid=30 comment="IP Cameras"
set [ find interface=ether8 ] hw=yes pvid=30 comment="IP Cameras"
set [ find interface=ether9 ] hw=yes pvid=30 comment="IP Cameras"
add bridge=bridge comment=defconf interface=sfp-sfpplus1
set bridge1 vlan-filtering=yes
ingress-filtering=yes 
/interface bridge vlan
add bridge=bridge comment="tagged sfp-plus1" tagged=sfp-sfpplus1 vlan-ids=10
add bridge=bridge comment="tagged sfp-sfpplus1,ether1-3,trunk VL20" tagged=\
    sfp-sfpplus1,ether1,ether2,ether3 vlan-ids=20
add bridge=bridge comment="tagged sfp-sfpplus1, trunk VL30" tagged=sfp-sfpplus1 \
    vlan-ids=30
add bridge=bridge comment="tagged sfp-sfpplus1, trunk VL40" tagged=sfp-sfpplus1 \
    vlan-ids=40
add bridge=bridge comment="tagged sfp-sfpplus1, trunk VL50" tagged=sfp-sfpplus1 \
    vlan-ids=50
add bridge=bridge comment="tagged sfp-sfpplus1,ether1-3,trunk VL60" tagged=\
    sfp-sfpplus1,ether1,ether2,ether3 vlan-ids=60
add bridge=bridge comment="tagged sfp-sfpplus1, trunk VL70" tagged=sfp-sfpplus1 \
    vlan-ids=70
/interface vlan
add interface=bridge name=Management vlan-id=40
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
    192.168.88.0
add address=10.10.40.2/24 interface=Management network=10.10.40.0
/ip route
add distance=1 gateway=10.10.40.1
15

So the following config absolutely works for this switch
edge=yes is essentially “rootguard” as far as I know. Initially, another switch was becoming the root, and that’s a dumb £10 switch. Not a good idea!

/interface bridge
vlan-filtering=yes
ingress-filtering=yes
/interface vlan
add interface=bridge name=Management vlan-id=40
/interface bridge port
set [ find interface=ether1 ] hw=yes pvid=10 comment="WiFi"
set [ find interface=ether2 ] hw=yes pvid=10 comment="WiFi"
set [ find interface=ether3 ] hw=yes pvid=10 comment="WiFi"
set [ find interface=ether4 ] hw=yes pvid=10 comment="NAS"
set [ find interface=ether5 ] hw=yes pvid=50 comment="Telephony"
set [ find interface=ether6 ] hw=yes pvid=60 edge=yes comment="Guest"
set [ find interface=ether7 ] hw=yes pvid=30 comment="IP Cameras"
set [ find interface=ether8 ] hw=yes pvid=30 comment="IP Cameras"
set [ find interface=ether9 ] hw=yes pvid=30 comment="IP Cameras"
/interface bridge vlan
add bridge=bridge comment="tagged sfp-plus1" tagged=sfp-sfpplus1,bridge vlan-ids=10
add bridge=bridge comment="tagged sfp-sfpplus1,ether1-3,trunk VL20" tagged=sfp-sfpplus1,ether1,ether2,ether3,bridge vlan-ids=20
add bridge=bridge comment="tagged sfp-sfpplus1,trunk VL30" tagged=sfp-sfpplus1,bridge vlan-ids=30
add bridge=bridge comment="tagged sfp-sfpplus1,trunk VL40" tagged=sfp-sfpplus1,bridge vlan-ids=40
add bridge=bridge comment="tagged sfp-sfpplus1,trunk VL50" tagged=sfp-sfpplus1,bridge vlan-ids=50
add bridge=bridge comment="tagged sfp-sfpplus1,ether1-3,trunk VL60" tagged=sfp-sfpplus1,ether1,ether2,ether3,bridge vlan-ids=60
add bridge=bridge comment="tagged sfp-sfpplus1,trunk VL70" tagged=sfp-sfpplus1,bridge vlan-ids=70
/ip address
add address=10.10.40.4/24 interface=Management network=10.10.40.0
/ip dns
set servers=0.0.0.0
/ip route
add distance=1 gateway=10.10.40.1
/system clock
set time-zone-name=Europe/London
/system ntp client
set enabled=yes primary-ntp=10.10.40.1
/system routerboard settings
set boot-os=router-os
[admin@MikroTik] >