I need help configuering my betwork regarding VLAN between the switches.
Network devices: RB3011 → CSSR326 → RB260.
VLANs (VLAN ID): Management (1), home (10), house (20), office (30), IoT (80) and guest (100)
My requests:
Port 1 and 2 from CSS326 shell be trunk ports.
Port 2 is trunk connection to RB260 SFP port.
All other ports of CSS326 are in VLAN 10.
SFP port of RB260 is a R-J01 module.
RB260 port 1 to 3 shell be VLAN 10.
RB260 port 4 shell be VLAN 20.
RB260 port 5 shell be VLAN 30.
What is the right configuration in both switches?
Please find attached my actual configuration of the switches. The VLAN ID is not correct - I have to change it to the above values.
RB260 screenshots
CSS326 screenshots
Your help is appreciated. Thank you very much in advance.
Don’t use VLAN1 tagged … many vendors (Mikrotik included) use it as kind of “native” VLAN (configuration has it as implicit default all over) and if you intend to use it as tagged, then one has to be really careful not to forget something to set properly. Or else things will misbehave in random ways. If one forgets to set things up with other VLAN IDs, then things simply won’t work.
Since you’re asking about configuration in SwOS, you should post question in appropriate forum section.
If you’re asking about settings on RB3011, then ask what specifically you want to know …
Since all the vlans are created on the router, including firewall rules affecting them, best to include its config as well.
/export hide-sensitive file=anynameyouwish
As for the 260S, recommendations based on my settings:
Under VLANS
a. (FIRST ROW) VLANID1 is the default setting should be set to (left as)
LEAVE AS IS - for all trunk ports
NOT A MEMBER - for all access ports
b. (OTHER ROWS) all other vlans
Set to LEAVE AS IS - for all trunk ports (if carrying that particular vlanID)
Set to NOT a member - for all access ports (if that port is not meant for that particular vlanID)
Set to LEAVE AS IS - for all access ports where that port is intended to carry that vlan (untagged when exiting, and tagged when traffic enters the port)
Rule of thumb when looking at the columns vertically, any PORT that is an access port will ONLY have one entry for ‘Leave as Is’, the rest will be ‘not a member’
None of the access port columns will have a “Leave as Is” in the same row as another access port.
Typically trunk ports will have leave as is for every vlan, but that is specific to your setup as perhaps some trunk ports do not carry all vlans.
2. UNDER VLAN settings.
a. VLAN MODE
ENABLED for trunk ports
STRICT for access ports
b. VLAN RECEIVE
ANY for trunk ports
ONLY UNTAGGED for access ports.
Note: I suppose one could use only tagged for Trunk ports, but mine works as is and have simply not adjusted it.
c. DEFAULT VLAN ID
SET to 1 for trunk ports
SET to vlanID of access port
Force vlan entry left blank not touched
d. EGRESS
SET To LEAVE AS IS for trunk ports
SET TO always strip for access ports.
