I have bought a CRS to extend my network, but i have found myself deeply frustrated when trying to accomplish what i thought was a simple thing - config the vlans in equipment ports.
I have read some tutorials and posts on this forum, but i failed to understand the meaning of the solutions people are giving. The help wiki was not very helpful too (maybe i am too dumb).
I have a router (ubiquiti edgemax er-lite) that is connected to an hp-48 port managed switch (v1905). The edgemax is configured to manage the vlans (50, 100 and 200). The HP switch is configured so i have a few trunks with my vlans (3 of them: 50, 100 and 200 - very easy to setup). The wireless router are connected to the trunks and configured to connect devices to different vlans according to network ssid - this all work fine.
What i am trying to accomplish is to connect my CRS125-24G-1S to one of the trunks ports of my hp switch, enable a few trunks on CRS (so I can connect more wireless routers), and configure ports with vlan so that connected devices will be correctly assigned to the network associated with the vlan of the connected port.
I have been reading and I am very confused with things like: bridge mode, router mode, vlan-bridge-interface-port, make a bridge, use switch, use cpu, do not use cpu, master port, slave port, ingress vlan, egress vlan, customer vlan, service vlan… and so on…
Can anyone help me see the light and explain me what i need to do to accomplish just that? (or maybe direct me to a “routeros for dumbs” help page…)
You can do vlans either on the switch or on the CPU.
The usual way of doing it in the CPU and creating vlan interfaces is not recommended. If you check the block diagram you’ll see the CPU has only 1Gbit. So by using the CPU you’re actually limiting the switch to a slow device.
Its far better to use the switch chip to handle the traffic for the vlans. In that case you can still achieve wirespeed througput. The CPU should only be used for light traffic and management protocols.
My first impressions about the CRS: ‘this is a b*tch to configure…’. Never used the switch chip before, usually only adding interfaces on the same switch chip as slave and using external switches.
From the Ethernet menu you want all ports in the same switch group, meaning all ports will have Ether1 (excpet Ether1 itself) set as their master-port. (Should be default configuration).
Some basics of the switch menu:
/interface ethernet switch egress-vlan-tag — this is for trunked ports, if a vlan is to be tagged out an interface needs to be here, otherwise tag get’s stripped going out.
/interface ethernet switch ingress-vlan-translation — untagged ports need to have their vlan id set here
/interface ethernet switch vlan — all vlans should be in here, tagged or untagged, otherwise packets get dropped once next command is set.
/interface ethernet switch set forward-unknown-vlan=no – should be done last, will secure vlans, but will lock you out if not set up right
A new port will also show up in the switch menus called “switch1-cpu”, this will corespond to the “master-port” set up in the /interface ethernet menu and the rest of RouterOS. This port only needs access if you are going to route, or set up a management ip. In your case only one VLAN should be setup, because someone else is doing all the routing, but you’ll probably still want management ip access.
I know this is quite a bit, but incomplete. See if this gets you started better.