Hello,

I have a CRS125-24G-1S which is offloading VLANs to the switch chip which are trunked from a central router, but I cannot figure out how to setup a management IP.

The VLAN for management is 40 (also being used for MikroTik APs and other network device management)

Any advice is appreciated!


\

feb/11/1970 18:05:53 by RouterOS 6.47

software id = 0000-0000

model = CRS125-24G-1S

serial number = 000000000000

/interface bridge
add admin-mac=00:00:00:00:00:00 auto-mac=no comment=defconf name=bridge
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface bridge port
add bridge=bridge comment=defconf interface=ether1
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=ether10
add bridge=bridge comment=defconf interface=ether11
add bridge=bridge comment=defconf interface=ether12
add bridge=bridge comment=defconf interface=ether13
add bridge=bridge comment=defconf interface=ether14
add bridge=bridge comment=defconf interface=ether15
add bridge=bridge comment=defconf interface=ether16
add bridge=bridge comment=defconf interface=ether17
add bridge=bridge comment=defconf interface=ether18
add bridge=bridge comment=defconf interface=ether19
add bridge=bridge comment=defconf interface=ether20
add bridge=bridge comment=defconf interface=ether21
add bridge=bridge comment=defconf interface=ether22
add bridge=bridge comment=defconf interface=ether23
add bridge=bridge comment=defconf interface=ether24
add bridge=bridge comment=defconf interface=sfp1
/interface ethernet switch egress-vlan-tag
add tagged-ports=ether2,ether8,ether10,ether20 vlan-id=30
add tagged-ports=ether2,ether8,ether10,ether20 vlan-id=50
add tagged-ports=ether2,ether4,ether20 vlan-id=20
add tagged-ports=ether2,ether8,ether10,ether20 vlan-id=40
add tagged-ports=ether2,ether8,ether10,ether20 vlan-id=60
add tagged-ports=ether2,ether4,ether20 vlan-id=10
/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=30 ports=ether18,ether13,ether22
add customer-vid=0 new-customer-vid=50 ports=ether16
/interface ethernet switch vlan
add ports=ether2,ether8,ether10,ether13,ether18,ether20,ether22 vlan-id=30
add ports=ether2,ether8,ether10,ether16,ether20 vlan-id=50
add ports=ether2,ether4,ether20 vlan-id=20
add ports=ether2,ether8,ether10,ether20 vlan-id=40
add ports=ether2,ether8,ether10,ether20 vlan-id=60
add ports=ether2,ether4,ether20 vlan-id=10
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=
192.168.88.0

Delete the IP address from the bridge and add something like:

/interface vlan add interface=bridge name=vlan40 vlan-id=40
/ip address add address=192.168.88.1/24 interface=vlan40

I also add the equivalent of this (presuming ether2,4,8,10,20 are trunk ports):

/interface ethernet switch set drop-if-invalid-or-src-port-not-member-of-vlan-on-ports=ether2,ether4,ether8,ether10,ether20 forward-unknown-vlan=no unknown-vlan-lookup-mode=ivl

Make sure you do that one in Safe mode though, as it’s easy to lock yourself out!

Thanks for the reply - however this is not working.

The reason for hardware offload is that the CRS cannot handle 1Gbps tagging/untagging without it. Adding a VLAN to the bridge, so far as I know, will cause all hardware offloading to be disabled.

What is not working? And what does “not working” mean anyway?

The reason for hardware offload is that the CRS cannot handle 1Gbps tagging/untagging without it.

Indeed.

Adding a VLAN to the bridge, so far as I know, will cause all hardware offloading to be disabled.

You know wrong then. Have you actually tried it? I have one of these in service with multiple VLANs going through the switch chip, with hardware offload, and a management IP address on one of the VLANs done exactly as I showed above.

Enabling bridge VLAN filtering does, not adding VLAN interface on top of the bridge.

In addition to creating interface vlan, switch1-cpu has to be added as a tagged member of management vlan:
both in
/interface ethernet switch vlan
and
/interface ethernet switch egress-vlan-tag
sections.