Correct configuration for VLAN trunks ports

lunixperu · December 24, 2019, 1:26pm

Hello guys

I need your support with this topic, as the graphic I have 3 CCR1009 unit through fiber optic to a CCS 328-4C, I need to implement Vlan Trunk, on the CCR side the configuration is basic of Vlan by Software, as I must configure in the CCRS side for a vlan communication across the network, have I followed the wiki manuals and don’t give me results?

mkx · December 24, 2019, 2:47pm

Post config of one of CCRs and of CRS … run command /export hide-sensitive file=myexport.rsc, fetch resulting files and copy-paste contents here in [__code] [/code] environment.

lunixperu · December 24, 2019, 9:02pm

# dec/24/2019 15:36:22 by RouterOS 6.46
# software id = TCX5-9555
#
# model = CCR1009-7G-1C-1S+
# serial number = 79AE06C93F0B
/interface bridge
add name="Bridge - 200"
add name="Bridge - 300"
add name="Bridge - 400"
/interface ethernet
set [ find default-name=ether1 ] name="Ether1PC1"
set [ find default-name=ether2 ] name="Ether2PCADMIN"
set [ find default-name=ether3 ] name="Ether3PCCAM"
set [ find default-name=ether4 ] name="Ether4"
set [ find default-name=ether5 ] name="Ether5"
set [ find default-name=ether6 ] name="Ether6"
set [ find default-name=ether7 ] name="Ether7"
set [ find default-name=combo1 ] combo-mode=sfp name="TRUNK"
/interface vlan
add interface="TRUNK" name="VLAN 200" vlan-id=200
add interface="TRUNK" name="VLAN 300" vlan-id=300
add interface="TRUNK" name="VLAN 400" vlan-id=400
/interface bridge port
add bridge="Bridge - 200" interface="VLAN 200" unknown-multicast-flood=no
add bridge="Bridge - 200" interface="Ether1PC1" unknown-multicast-flood=no
add bridge="Bridge - 300" interface="VLAN 300" unknown-multicast-flood=no
add bridge="Bridge - 300" interface="Ether2PCADMIN" unknown-multicast-flood=no
add bridge="Bridge - 400" interface="VLAN 400" unknown-multicast-flood=no
add bridge="Bridge - 400" interface="Ether3PCCAM" unknown-multicast-flood=no
/ip address
add address=10.10.0.1/24 interface="Bridge - 400" network=10.10.0.0
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes

-------------------------------------------------------------------------------------
# dec/24/2019 15:52:38 by RouterOS 6.46
# software id = YITZ-WQ08
#
# model = CRS328-4C-20S-4S+
# serial number = 82524E48CC49
/interface bridge
add name="Bridge - 200"
add name="Bridge - 300"
add name="Bridge - 400"
/interface ethernet
set [ find default-name=combo1 ] name="Ether1F"
set [ find default-name=combo2 ] name="Ether2F"
set [ find default-name=combo3 ] name="Ether3T"
set [ find default-name=combo4 ] name="Ether4T"
set [ find default-name=sfp-sfpplus1 ] name=Sfp-Plus1
set [ find default-name=sfp-sfpplus2 ] name=Sfp-Plus2
set [ find default-name=sfp-sfpplus3 ] name=Sfp-Plus3
set [ find default-name=sfp-sfpplus4 ] name=Sfp-Plus4
set [ find default-name=sfp1 ] advertise=1000M-full name="Sfp1TRUNK"
set [ find default-name=sfp2 ] advertise=1000M-full name="Sfp2TRUNK"
set [ find default-name=sfp3 ] advertise=1000M-full name="Sfp3TRUNK"
set [ find default-name=sfp4 ] advertise="" name="Sfp4"
set [ find default-name=sfp5 ] advertise="" name="Sfp5"
set [ find default-name=sfp6 ] advertise="" name="Sfp6"
set [ find default-name=sfp7 ] advertise="" name="Sfp7"
set [ find default-name=sfp8 ] advertise="" name="Sfp8"
set [ find default-name=sfp9 ] advertise="" name="Sfp9"
set [ find default-name=sfp10 ] advertise="" name="Sfp10"
set [ find default-name=sfp11 ] advertise="" name="Sfp11"
set [ find default-name=sfp12 ] advertise="" name="Sfp12"
set [ find default-name=sfp13 ] advertise="" name="Sfp13"
set [ find default-name=sfp14 ] advertise="" name="Sfp14"
set [ find default-name=sfp15 ] advertise="" name="Sfp15"
set [ find default-name=sfp16 ] advertise="" name="Sfp16"
set [ find default-name=sfp17 ] advertise="" name="Sfp17"
set [ find default-name=sfp18 ] advertise="" name="Sfp18"
set [ find default-name=sfp19 ] advertise="" name="Sfp19"
set [ find default-name=sfp20 ] advertise="" name="Sfp20"
/interface vlan
add interface="Sfp1TRUNK" name="VLAN1 200" vlan-id=200
add interface="Sfp1TRUNK" name="VLAN1 300" vlan-id=300
add interface="Sfp1TRUNK" name="VLAN1 400" vlan-id=400
add interface="Sfp2TRUNK" name="VLAN2 200" vlan-id=200
add interface="Sfp2TRUNK" name="VLAN2 300" vlan-id=300
add interface="Sfp2TRUNK" name="VLAN2 400" vlan-id=400
add interface="Sfp3TRUNK" name="VLAN3 200" vlan-id=200
add interface="Sfp3TRUNK" name="VLAN3 300" vlan-id=300
add interface="Sfp3TRUNK" name="VLAN3 400" vlan-id=400
/interface bridge port
add bridge="Bridge - 200" interface="VLAN1 200" unknown-multicast-flood=no
add bridge="Bridge - 200" interface="VLAN2 200" unknown-multicast-flood=no
add bridge="Bridge - 200" interface="VLAN3 200" unknown-multicast-flood=no
add bridge="Bridge - 300" interface="VLAN1 300" unknown-multicast-flood=no
add bridge="Bridge - 300" interface="VLAN2 300" unknown-multicast-flood=no
add bridge="Bridge - 300" interface="VLAN3 300" unknown-multicast-flood=no
add bridge="Bridge - 400" interface="VLAN1 400" unknown-multicast-flood=no
add bridge="Bridge - 400" interface="VLAN2 400" unknown-multicast-flood=no
add bridge="Bridge - 400" interface="VLAN3 400" unknown-multicast-flood=no
/ip address
add address=10.10.0.2/24 interface="Bridge - 400" network=10.10.0.0
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes

mkx · December 24, 2019, 10:08pm

The way you’re configuring VLANs (one bridge per VLAN) is old school. While it might be OK for CCR (because it doesn’t have any hardware dedicated to switching) it’s definitely a no-no for CRS (which is capable of doing VLANs in switching hardware if configured properly).

I suggest you to read through this fine tutorial. The way VLANs are configured there is the proper way of doing it on CRS3xx and it’s also a good way of doing it on CCR.
One reason to do it like that also on CCR is that IMHO it’s much easier to read and understand the config.