I’ve mostly worked with Mikrotik LTE devices so this is my first step into doing layer 2 and 3 stuff with the CRS range.
I’ve a CRS125 and I’m looking for, what I would say is a fairly basic setup
Ether1 - in its own VLAN with an IP address. I plan to connect an ISP router to this port. So ISP router is for example 192.168.1.1, Mikrotik is .2 default route on Mikrotik is the ISP router which will do NAT etc.
Ether24 - in another vlan for management with an IP of say 192.168.99.1. This will be used for administration
Remainder of the ports in 2x other VLANS with IP addresses say servers and clients.
The default gateway in devices connected to the Mikrotik will be the address assigned to the mikrotik vlan, so it’ll do inter vlan routing and hand off to the ISP router as the gateway for anything not local.
I’m ending up down rabbit holes when it comes to what part bridges play, and how ports are configured as what I would call untagged or access ports.
I’m adept in the Cisco world so not a complete newbie, I’m just getting lost with the Mikrotik way of doing things.
Don’t let the initial paragraphs mislead you, these devices don’t have powerfull CPUs according to todays’ standards, so inter-VLAN routing won’t be anything near wirespeed.
These two documents should allow you to configure ports to any role you wish (access/untagged, hybrid or trunk/tagged).
Ad nomenclature: bridge is something like a switch, but can span any type of L2 interfaces (not only ethernet). Since ROS 6.42 it is VLAN aware, but in your case I don’t think this is relevant. Bridge is also (implicitly) interface which allows ROS to interact with the rest of network … if there’s a subnet, spanning multiple ethernet ports (which are bridged together), you then build L3 setup on top of bridge (when you use VLANs, you create a vlan interface on top of bridge).
Since same ROS version it also allows you to perform “switch partitioning” … only using switch chip you would do it by using a few VLANs only internally and setting all ports in the group as access ports. With bridge(s) you don’t have to play with VLANs, you can simply create two (or more) bridges and attach ports to one of them as desired, traffic then gets switched only between ports members of same bridge. However: only one bridge gets offloaded to hardware, the rest are handled entirely in software which severely impacts performance (so in reality one would still segment switch using VLAN method).