Hello together,
I hope to solve my problem with your help. I’m really confused about my configuration and don’t know where to find my solution.
First things: I’m using a CRS125, a wAP ac and a wAP. Internet is solved by FTTH and 200mbit Up-/Downlink. In the configuration, shown below, isn’t any firewall at the moment. Will be solved after my first problem
Now my problem. I made the configuration, shown below, with 7 vlans, 6 dhcp-server, 7 dhcp-pools. Capsman isn’t integrated in the first step to my vlan-setup. My problem is, that I cannot access to Internet or to other vlans. Getting access to other vlans I solved by integrating a roule in my routes, but this was extremly slow, so I don’t think this was the right way. I made all steps with the wiki CRS:Examples.
First I would be very happy, if I getting access to Internet from Vlan10 and Routing between Vlan10 and Vlan20.
Maybe someone can help me?!
[Oberwichtel@MikroTik] > /ip export
# dec/04/2017 19:40:18 by RouterOS 6.41rc56
# software id = XXXX-XXXX
#
# model = CRS125-24G-1S
# serial number = XXXXXXXXXXXX
/ip pool
add name=pool_vlan99 ranges=10.0.0.2-10.0.0.20
add name=pool_vlan10 ranges=10.0.10.100-10.0.10.200
add name=pool_vlan20 ranges=10.0.20.100-10.0.20.110
add name=pool_vlan30 ranges=10.0.30.100-10.0.30.110
add name=pool_vlan40 ranges=10.0.40.100-10.0.40.150
add name=pool_vlan50 ranges=10.0.50.100-10.0.50.150
add name=pool_vlan60 ranges=10.0.60.100-10.0.60.150
/ip dhcp-server
add address-pool=pool_vlan99 always-broadcast=yes disabled=no interface=vlan99 lease-time=1w3d name=dhcp_vlan99
add address-pool=pool_vlan99 disabled=no interface=br1 lease-time=1w3d name=dhcp_br1
add address-pool=pool_vlan10 disabled=no interface=vlan10 lease-time=1w3d name=dhcp_vlan10
add address-pool=pool_vlan20 disabled=no interface=vlan20 lease-time=1w3d name=dhcp_vlan20
add address-pool=pool_vlan30 disabled=no interface=vlan30 lease-time=1w3d name=dhcp_vlan30
add address-pool=pool_vlan40 disabled=no interface=vlan40 lease-time=1w3d name=dhcp_vlan40
add address-pool=pool_vlan50 disabled=no interface=vlan50 lease-time=1w3d name=dhcp_vlan50
add address-pool=pool_vlan60 disabled=no interface=vlan60 lease-time=1w3d name=dhcp_vlan60
/ip address
add address=10.0.0.1/24 interface=br1 network=10.0.0.0
add address=10.0.0.1/24 interface=vlan99 network=10.0.0.0
add address=10.0.10.1/24 interface=vlan10 network=10.0.10.0
add address=10.0.20.1/24 interface=vlan20 network=10.0.20.0
add address=10.0.30.1/24 interface=vlan30 network=10.0.30.0
add address=10.0.40.1/24 interface=vlan40 network=10.0.40.0
add address=10.0.50.1/24 interface=vlan50 network=10.0.50.0
add address=10.0.60.1/24 interface=vlan60 network=10.0.60.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=eth1_wan use-peer-dns=no use-peer-ntp=no
/ip dhcp-server network
add address=10.0.0.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=10.0.0.1
add address=10.0.10.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=10.0.10.1
add address=10.0.20.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=10.0.20.1
add address=10.0.30.0/24 gateway=10.0.30.1
add address=10.0.40.0/24 gateway=10.0.40.1
add address=10.0.50.0/24 gateway=10.0.50.1
add address=10.0.60.0/24 gateway=10.0.60.1
/ip dns
set allow-remote-requests=yes cache-size=4096KiB servers=8.8.8.8,8.8.4.4
/ip firewall nat
add action=masquerade chain=srcnat out-interface=eth1_wan
kamillo
December 5, 2017, 10:52am
2
Hi,
Can you show your interfaces, bridges and vlans config?
Janncsi
December 5, 2017, 11:04am
3
I’ll do this in the afternoon, 'cause at the moment I’m not @home .
But for the moment in “Interfaces” are shown the bridge “br1”, all vlans on the bridge “br1” and the physical ports…so nothing special I think
kamillo
December 5, 2017, 11:27am
4
Don’t use bridges on CRS125. Bridging is done in software therefore uses CPU which is very weak on CRS125. Use switch vlan.
https://wiki.mikrotik.com/wiki/Manual:CRS_examples#VLAN
The above comment doesn’t apply if you are using 6.41RCxx of the RouterOS, they have change how bridges work but this version is Release candidate.
Janncsi
December 5, 2017, 11:50am
5
See in my code above, I’m using 6.41rc56, so I’m using bridge with hw-offload
I’ve got the same problem by using the old way…
So, now you can see below my interfaces…
[Oberwichtel@MikroTik] /interface> export
# dec/04/2017 16:52:45 by RouterOS 6.41rc56
# software id = XXXX-XXXX
#
# model = CRS125-24G-1S
# serial number = XXXXXXXXXXXX
/interface bridge
add name=br1 protocol-mode=none
/interface ethernet
set [ find default-name=ether1 ] name=eth1_wan
set [ find default-name=ether2 ] name=eth2_nas
set [ find default-name=ether3 ] name=eth3_wap_unten
set [ find default-name=ether4 ] name=eth4_dmz
set [ find default-name=ether5 ] name=eth5_wap_oben
set [ find default-name=ether6 ] name=eth6_av_receiver
set [ find default-name=ether7 ] name=eth7_wap_outdoor
set [ find default-name=ether8 ] name=eth8_leer
set [ find default-name=ether9 ] name=eth9_leer
set [ find default-name=ether10 ] name=eth10_printer
set [ find default-name=ether11 ] name=eth11_kwl
set [ find default-name=ether12 ] name=eth12_fritzbox
set [ find default-name=ether13 ] name=eth13_schlafzimmer_tv
set [ find default-name=ether14 ] name=eth14_schlafzimmer_bett
set [ find default-name=ether15 ] name=eth15_knx
set [ find default-name=ether16 ] name=eth16_satreceiver
set [ find default-name=ether17 ] name=eth17_edomi
set [ find default-name=ether18 ] name=eth18_heos_link
set [ find default-name=ether19 ] name=eth19_heos_jonathan
set [ find default-name=ether20 ] name=eth20_heos_leonie
set [ find default-name=ether21 ] name=eth21_kueche
set [ find default-name=ether22 ] name=eth22_wohnzimmer_couch
set [ find default-name=ether23 ] disabled=yes name=eth23_wohnzimmer_tv
set [ find default-name=ether24 ] name=eth24_management
/interface vlan
add interface=br1 name=vlan10 vlan-id=10
add interface=br1 name=vlan20 vlan-id=20
add interface=br1 name=vlan30 vlan-id=30
add interface=br1 name=vlan40 vlan-id=40
add interface=br1 name=vlan50 vlan-id=50
add interface=br1 name=vlan60 vlan-id=60
add interface=br1 name=vlan99 vlan-id=99
/interface bridge port
add bridge=br1 interface=eth2_nas
add bridge=br1 interface=eth3_wap_unten
add bridge=br1 interface=eth4_dmz
add bridge=br1 interface=eth5_wap_oben
add bridge=br1 interface=eth6_av_receiver
add bridge=br1 interface=eth7_wap_outdoor
add bridge=br1 interface=eth8_leer
add bridge=br1 interface=eth9_leer
add bridge=br1 interface=eth10_printer
add bridge=br1 interface=eth11_kwl
add bridge=br1 interface=eth12_fritzbox
add bridge=br1 interface=eth13_schlafzimmer_tv
add bridge=br1 interface=eth14_schlafzimmer_bett
add bridge=br1 interface=eth15_knx
add bridge=br1 interface=eth16_satreceiver
add bridge=br1 interface=eth17_edomi
add bridge=br1 interface=eth18_heos_link
add bridge=br1 interface=eth19_heos_jonathan
add bridge=br1 interface=eth20_heos_leonie
add bridge=br1 interface=eth21_kueche
add bridge=br1 interface=eth22_wohnzimmer_couch
add bridge=br1 interface=eth23_wohnzimmer_tv
add bridge=br1 interface=eth24_management
add bridge=br1 interface=cap1
add bridge=br1 interface=cap2
/interface ethernet switch egress-vlan-tag
add tagged-ports=eth24_management,switch1-cpu vlan-id=99
add tagged-ports=eth3_wap_unten,eth5_wap_oben,switch1-cpu vlan-id=10
add tagged-ports=switch1-cpu vlan-id=20
add tagged-ports=switch1-cpu vlan-id=30
add tagged-ports=switch1-cpu vlan-id=40
add tagged-ports=switch1-cpu vlan-id=50
add tagged-ports=switch1-cpu vlan-id=60
/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=10 ports=eth2_nas,eth10_printer,eth14_schlafzimmer_bett,eth22_wohnzimmer_couch,eth21_kueche
add customer-vid=0 new-customer-vid=99 ports=eth3_wap_unten,eth5_wap_oben,eth7_wap_outdoor,eth24_management
add customer-vid=0 new-customer-vid=30 ports=eth12_fritzbox
add customer-vid=0 new-customer-vid=40 ports=eth6_av_receiver,eth13_schlafzimmer_tv,eth16_satreceiver,eth23_wohnzimmer_tv
add customer-vid=0 new-customer-vid=50 ports=eth18_heos_link,eth19_heos_jonathan,eth20_heos_leonie
add customer-vid=0 new-customer-vid=20 ports=eth11_kwl,eth15_knx,eth17_edomi
/interface ethernet switch vlan
add ports=eth2_nas,eth10_printer,eth14_schlafzimmer_bett,eth21_kueche,eth22_wohnzimmer_couch,switch1-cpu vlan-id=10
add ports=eth11_kwl,eth15_knx,eth17_edomi,switch1-cpu vlan-id=20
add ports=eth12_fritzbox,switch1-cpu vlan-id=30
add ports=eth6_av_receiver,eth13_schlafzimmer_tv,eth16_satreceiver,eth23_wohnzimmer_tv,switch1-cpu vlan-id=40
add ports=eth18_heos_link,eth19_heos_jonathan,eth20_heos_leonie,switch1-cpu vlan-id=50
add ports=eth3_wap_unten,eth5_wap_oben,eth24_management,switch1-cpu vlan-id=99
Don’t use bridges on CRS125. Bridging is done in software therefore uses CPU which is very weak on CRS125. Use switch vlan.
https://wiki.mikrotik.com/wiki/Manual:CRS_examples#VLAN
The above comment doesn’t apply if you are using 6.41RCxx of the RouterOS, they have change how bridges work but this version is Release candidate.
As soon as you enable VLAN filtering on the bridge, you lose hardware offload.
Okay, understand, but please have a look to my config, I already used the switch. Everything is done like the Wiki…
Hello together,
I still have the problem, that I cannot make any intervlan-routing or getting access to the eth1_wan
I know, that the CRS isn’t the perfect performance center, but if I try anything to open, CPU-Usage on the CRS is maximum 12%, so isn’t my bottleneck…
Nobody has an idea?
At the moment I use my Internet with a bridge, ohne DHCP-Server and a simple firewall, so I don’t have to be worry at the moment 