CRS port based vlan question

kbuska · June 6, 2015, 12:20am

I have followed the CRS examples and was successful in setting up tagged vlan management of the switch or the port based vlan setup but not both. Once I enter the commands to make my access ports slave to my SFP uplink, I lose management access to the switch and my port based vlan traffic starts flowing.

also I noticed while performing a wireshark i’m seeing vlan 200 traffic on the vlan 300 access port. Not sure how to fix that.

below is the my current export config I’m using;

# jan/01/2002 01:41:03 by RouterOS 6.29.1
#
/interface vlan
add interface=sfp-sfpplus1 l2mtu=1584 name=vlan100 vlan-id=100
/interface ethernet switch
set drop-if-invalid-or-src-port-not-member-of-vlan-on-ports=ether1,ether2,sfp-sfpplus1
/port
set 0 name=serial0
/tool user-manager customer
set admin access=own-routers,own-users,own-profiles,own-limits,config-payment-gw
/interface ethernet switch egress-vlan-tag
add tagged-ports=switch1-cpu vlan-id=100
add tagged-ports=sfp-sfpplus1 vlan-id=200
add tagged-ports=sfp-sfpplus1 vlan-id=300
/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=200 ports=ether1 sa-learning=yes
add customer-vid=0 new-customer-vid=300 ports=ether2 sa-learning=yes
/interface ethernet switch vlan
add ports=ether1,sfp-sfpplus1 vlan-id=200
add ports=ether2,sfp-sfpplus1 vlan-id=300
/ip address
add address=10.100.30.3/24 interface=vlan100 network=10.100.30.0
/tool romon port
add disabled=no
/tool user-manager database
set db-path=user-manager

When I add the following, I loose management access;

/interface ethernet 
set ether1 master-port=sfp-sfpplus1
set ether2 master-port=sfp-sfpplus1

chechito · June 6, 2015, 4:50am

try managing switch from a port without master port (out of switching) to avoid lost management when changing switching settings, when you are done you can add this port to switching setting proper master port

use winbox connecting by mac

kbuska · June 6, 2015, 4:57am

Thank you for your reply. I have console access as well and I cannot connect to it via winbox in either IP or mac. Should I be following the intervlan example instead?

chechito · June 6, 2015, 5:21am

config.jpg

kbuska · June 6, 2015, 5:34am

Thanks again. My intent is to manage this from a remote location via the sfp port (its optical uplink) trunk. We will manage and access the switch via tagged 100, serve customer X on port 1 (untagged vlan 200) and serve customer Y on port 2 (untagged vlan 300). Because we wont be managing this switch from an access port, I don’t wish to setup a separate managent port.

Thanks

chechito · June 6, 2015, 5:44am

i think the first thigh to do is to add all the ports intended to be switching to be slaves of some (the same) master port.

then start to testing

if ports are not slave of some master port then your are not doing switching

from router perspective master port will be the connection to switch

from switch perspective the switch-cpu port will be the connection to router

i thing you have to add the uplink port to be tagged on management vlan (vlan 100)