Hi,
I’m a first time user of RouterOS and having some issues with configuration of VLANs and inter-VLAN routing.
The CRS 317-1G-16S+ is running RouterOS 7.15.3.
For my current usage I need to use the ethernet port as an uplink to our pfsense gateway, but in the future (hardware approval pending) there will be a 2x SFP+ LAG to the router on ports SFP+ 15 and 16. Both uplinks have been configured in the config below, but I’m only testing with the ethernet at the moment.
From the switch I cannot ping 10.1.0.254 on VLAN1 (this is the IP address of the test router). I also cannot ping anything on the 10.250.0.0/24 network on VLAN250 (except 10.250.0.1 which is configured on the Mikrotik itself). The 10.250.0.0/24 network is hanging off of an Aruba switch (configured with IP 10.1.0.11 and pingable from the Mikrotik) connected from the Mikrotik on port SFP+14. The Aruba is configured correctly, and to insure it wasn’t that switch causing the issues, I directly connected another SFP+ client to the Mikrotik on SFP+16 (with LACP enabled on the client) and still could not ping it.
Here’s my config from an /export
# 2024-08-21 12:20:50 by RouterOS 7.15.3
# software id = Q61C-XX5L
#
# model = CRS317-1G-16S+
# serial number = HFB09EQKDNE
/interface bridge
add admin-mac=78:9A:18:A5:D5:A0 arp-timeout=5m auto-mac=no comment="Main bridge" igmp-snooping=yes ingress-filtering=no mtu=1500 \
multicast-querier=yes name=Bridge port-cost-mode=short protocol-mode=none vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] comment="Ethernet uplink" name=Ethernet1
set [ find default-name=sfp-sfpplus1 ] comment="Downlink to Filer [Filer LAG #0, vSphere network]" l2mtu=10218 mtu=9000 name=SFP+1
set [ find default-name=sfp-sfpplus2 ] comment="Downlink to Filer [Filer LAG #1, vSphere network]" l2mtu=10218 mtu=9000 name=SFP+2
set [ find default-name=sfp-sfpplus3 ] comment="Downlink to vSphere hypervisor #0 [vSphere network]" l2mtu=10218 mtu=9000 name=SFP+3
set [ find default-name=sfp-sfpplus4 ] comment="Downlink to vSphere hypervisor #1 [vSphere network]" l2mtu=10218 mtu=9000 name=SFP+4
set [ find default-name=sfp-sfpplus5 ] comment="Downlink to vSphere hypervisor #2 [vSphere network]" l2mtu=10218 mtu=9000 name=SFP+5
set [ find default-name=sfp-sfpplus6 ] comment="Downlink to vSphere hypervisor #3 [vSphere network]" l2mtu=10218 mtu=9000 name=SFP+6
set [ find default-name=sfp-sfpplus7 ] comment="(Spare) [vSphere network]" l2mtu=10218 mtu=9000 name=SFP+7
set [ find default-name=sfp-sfpplus8 ] comment="Downlink to metrics-sw0.core.coventry" name=SFP+8
set [ find default-name=sfp-sfpplus9 ] comment="Downlink to access-sw1.core.coventry" name=SFP+9
set [ find default-name=sfp-sfpplus10 ] comment="Downlink to access-sw0.core.coventry" name=SFP+10
set [ find default-name=sfp-sfpplus11 ] comment="(Spare)" name=SFP+11
set [ find default-name=sfp-sfpplus12 ] comment="Downlink to sw3.core.coventry" name=SFP+12
set [ find default-name=sfp-sfpplus13 ] comment="Downlink to sw2.core.coventry" name=SFP+13
set [ find default-name=sfp-sfpplus14 ] comment="Downlink to sw1.core.coventry" name=SFP+14
set [ find default-name=sfp-sfpplus15 ] comment="Uplink to gateway [Uplink LAG #0]" name=SFP+15
set [ find default-name=sfp-sfpplus16 ] comment="Uplink to gateway [Uplink LAG #1]" name=SFP+16
/interface vlan
add comment="Core infrastructure/Management VLAN" interface=Bridge name=VLAN1 vlan-id=1
add comment="Servers' VLAN" interface=Bridge name=VLAN250 vlan-id=250
/interface bonding
add comment="Downlink LAG to Filer [vSphere network]" mode=802.3ad mtu=9000 name="Filer LAG" slaves=SFP+1,SFP+2 transmit-hash-policy=\
layer-2-and-3
add comment="Uplink LAG to gateway" mode=802.3ad name="Uplink LAG" slaves=SFP+15,SFP+16 transmit-hash-policy=layer-2-and-3
/interface list
add name="vSphere Interfaces"
add name=LAN
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip smb users
set [ find default=yes ] disabled=yes
/port
set 0 name=serial0
/routing bgp template
set default disabled=no output.network=bgp-networks
/routing ospf instance
add disabled=no name=default-v2
/routing ospf area
add disabled=yes instance=default-v2 name=backbone-v2
/snmp community
set [ find default=yes ] addresses=::/0,0.0.0.0/0 name=REDACTED
/interface bridge port
add bridge=Bridge comment="Uplink to gw.core.coventry (Temporary)" edge=yes-discover ingress-filtering=no interface=Ethernet1 \
internal-path-cost=10 path-cost=10
add bridge=Bridge comment="Downlink to vSphere hypervisor #0 [vSphere network]" edge=no-discover interface=SFP+3 internal-path-cost=10 \
path-cost=10
add bridge=Bridge comment="Downlink to vSphere hypervisor #1 [vSphere network]" edge=no-discover interface=SFP+4 internal-path-cost=10 \
path-cost=10
add bridge=Bridge comment="Downlink to vSphere hypervisor #2 [vSphere network]" edge=no-discover interface=SFP+5 internal-path-cost=10 \
path-cost=10
add bridge=Bridge comment="Downlink to vSphere hypervisor #3 [vSphere network]" edge=no-discover interface=SFP+6 internal-path-cost=10 \
path-cost=10
add bridge=Bridge comment="(Spare) [vSphere network]" edge=no-discover interface=SFP+7 internal-path-cost=10 path-cost=10
add bridge=Bridge comment="Downlink to metrics-sw0.core.coventry" edge=no interface=SFP+8 internal-path-cost=10 path-cost=10
add bridge=Bridge comment="Downlink to access-sw1.core.coventry" edge=no interface=SFP+9 internal-path-cost=10 path-cost=10
add bridge=Bridge comment="Downlink to access-sw0.core.coventry" edge=no interface=SFP+10 internal-path-cost=10 path-cost=10
add bridge=Bridge comment="(Spare)" interface=SFP+11 internal-path-cost=10 path-cost=10
add bridge=Bridge comment="Downlink to sw3.core.coventry" edge=no interface=SFP+12 internal-path-cost=10 path-cost=10
add bridge=Bridge comment="Downlink to sw2.core.coventry" edge=no interface=SFP+13 internal-path-cost=10 path-cost=10
add bridge=Bridge comment="Downlink to sw1.core.coventry" edge=no interface=SFP+14 internal-path-cost=10 path-cost=10
add bridge=Bridge comment="Uplink to gw.core.coventry (Unused)" edge=yes-discover interface="Uplink LAG" internal-path-cost=10 path-cost=10
add bridge=Bridge comment="Connection to filer.serv.coventry" edge=yes-discover interface="Filer LAG" internal-path-cost=10 path-cost=\
10 pvid=3249
/interface ethernet switch l3hw-settings
set autorestart=yes
/ip firewall connection tracking
set udp-timeout=10s
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface bridge vlan
add bridge=Bridge comment="Core infrastructure/Management VLAN" tagged=Bridge,SFP+8,SFP+9,SFP+10,SFP+12,SFP+13,SFP+14 untagged=\
"Uplink LAG,Ethernet1" vlan-ids=1
add bridge=Bridge comment="vSphere network VLAN" tagged="Bridge,Filer LAG,SFP+3,SFP+4,SFP+5,SFP+6,SFP+7" vlan-ids=3249
add bridge=Bridge comment="Servers' VLAN" tagged=Bridge,SFP+12,SFP+13,SFP+14 untagged="Ethernet1,Uplink LAG" vlan-ids=250
/interface ethernet switch
set 0 l3-hw-offloading=yes name=sw0
/interface list member
add interface=Ethernet1 list=LAN
add interface="Filer LAG" list="vSphere Interfaces"
add interface="Uplink LAG" list=LAN
add interface=VLAN1 list=LAN
add interface=VLAN250 list=LAN
add interface=VLAN3249 list="vSphere Interfaces"
add interface=Bridge list=LAN
add interface=SFP+1 list=LAN
add interface=SFP+2 list=LAN
add interface=SFP+3 list=LAN
add interface=SFP+4 list=LAN
add interface=SFP+5 list=LAN
add interface=SFP+6 list=LAN
add interface=SFP+7 list=LAN
add interface=SFP+8 list=LAN
add interface=SFP+9 list=LAN
add interface=SFP+10 list=LAN
add interface=SFP+11 list=LAN
add interface=SFP+12 list=LAN
add interface=SFP+13 list=LAN
add interface=SFP+14 list=LAN
add interface=SFP+15 list=LAN
add interface=SFP+16 list=LAN
/interface ovpn-server server
set auth=sha1,md5
/ip address
add address=10.1.0.1/24 comment="Default gateway for core infrastructure network" interface=VLAN1 network=10.1.0.0
add address=10.250.0.1/24 comment="Default gateway for servers' network" interface=VLAN250 network=10.250.0.0
/ip dhcp-client
add disabled=yes interface=Bridge
/ip dns
set servers=8.8.8.8
/ip route
add dst-address=0.0.0.0/0 gateway=10.1.0.254
/ip smb shares
set [ find default=yes ] directory=/flash/pub
/ip ssh
set always-allow-password-login=yes host-key-size=4096 host-key-type=ed25519
/routing bfd configuration
add disabled=no interfaces=all min-rx=200ms min-tx=200ms multiplier=5
/snmp
set contact=NOC enabled=yes location="Main Rack"
/system clock
set time-zone-name=Europe/London
/system identity
set name=sw0-core-coventry
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp client servers
add address=10.1.0.254
add address=0.pool.ntp.org
/system routerboard settings
set boot-os=router-os
Can anyone advise on what I’m doing wrong to get Layer 3 inter-VLAN routing working?
Thanks for any help 
