CRS125 VLAN problem

RouterOS Beginner Basics
1

Hello

Requirements:

  1. Ports 1-6 isolated - switching the public net - goes to the routers/phones
  2. ports 7-24 isolated - switching and trunking links to other switches - I need several networks here, in order to use 2+ wires for the trunks

Problem:
I create manually the VLAN 99 containing the ports 1-6 and create the “In. VLAN Tran.” with the ports 1-6, for requirement 1 and
VLAN 20,30,40 and “Eg. VLAN tag” for the trunks and “In. VLAN Tran.” for the non-tagged ports, for the requirement 2,
NOTHING WORKS; no traffic is going on the VLAN 99, or VLAN 20 or 30 or 40
I have all ports in switching with master port 1.

Not a solution but currently working:
On ports 2-6 master port 1
On ports 8-24 master port 7.
Router automatically creates VLAN 409x for the first requirement and “In. VLAN Tran.” - this is exactly how I create them manually but with different VLAN (99)
Router automatically creates VLAN 409x for the second requirement and “In. VLAN Tran.” - I can only uplink one network
In this situation I have to use different wires to do the links between switches.

I cannot understand why if I create the settings manually it just refuses to work… Someone may have an insight into this?

2

Hard to say why it is not working without your config, have you checked following:

http://wiki.mikrotik.com/wiki/Manual:CRS_examples
http://wiki.mikrotik.com/wiki/Manual:CRS_features
http://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features

3

Yes, I used this:
http://wiki.mikrotik.com/wiki/Manual:CRS_examples#Port_Based_VLAN
For the first requirement I don’t need the tagged vlan so I didn’t put that in.

Also, the switch chip page does not apply to CRS series.

4

actually I configure my CRS in this way and it works fine.

/interface ethernet switch vlan
add ports=“ether1,ether2,ether3,ether4,ether5,ether6,ether9,ether10,ether11,ether12,ether13” vlan-id=11
add ports=ether1,ether3,ether4,ether5,ether6,ether17,ether18,ether19,ether20 vlan-id=21
/interface ethernet switch egress-vlan-tag
add tagged-ports=ether1,ether2,ether3,ether4,ether5,ether6 vlan-id=21
add tagged-ports=ether1,ether2,ether3,ether4,ether5,ether6 vlan-id=11

/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=11 ports=ether9,ether10,ether11,ether12,ether13
add customer-vid=0 new-customer-vid=21 ports=ether17,ether18,ether19,ether20

/interface ethernet switch egress-vlan-translation
add customer-vid=11 customer-vlan-format=untagged-or-tagged new-customer-vid=0 ports=ether9,ether10,ether11,ether12,ether13 service-vlan-format=untagged-or-tagged
add customer-vid=21 customer-vlan-format=untagged-or-tagged new-customer-vid=0 ports=ether17,ether18,ether19,ether20 service-vlan-format=untagged-or-tagged
/interface vlan
add interface=ether1 name=VLAN21 vlan-id=21
add interface=ether1 name=VLAN11 vlan-id=11
5

Hey 0012nish

I have the same config without “egress-vlan-translation” and the example pages don’t specify that it’s required.
A friend of mine has only “egress-vlan-tag” and “ingress-vlan-translation” and it works.

Can you help me out with a couple of questions:

  1. On which ROS version did you configured the switch?
  2. Do you have all ports in the same switch?
  3. Did you tried switch trunks and VLANs?
6

Hey mariuslazar
I didn’t have a very simple project in my CRS :slight_smile: it has many VLAN 1 Hybrid port (1 untagg and 8 tagg) and 2 port trunk (tagg only) the other ports are access port. All vlan are in the same switch, I putt them in unused port becouse I have tow internet sources from tow ISP and I need to have a hybrid port with all vlan, thats why I needed to make all ports slave to unused port. I have updated the switch to the 6.37.1 and it didn’t work without “ingress-vlan-translation” even if it looks like it works but if you have another manegment switch connected you shall notify that it dosn’t realy work without “ingress-vlan-translation”.

7

I recreated the configs this Saturday and it doesn’t work on 6.37.1 - vlan9 and vlan40
Vlan9 it’s the WAN side and it worked in 6.34.2 (minimum version that I could use), and as soon as I upgraded it didn’t work any more, no traffic between member ports. Also if I don’t have the tag on spf1 it does not work at all

/interface ethernet switch trunk
add member-ports=ether13-gw,ether14-gw name=trunk-gw
add member-ports=ether11-ap,ether12-ap name=trunk-sw-ap
add member-ports=ether9-ovi,ether10-ovi name=trunk-ovi

/interface ethernet switch egress-vlan-tag
[b]add tagged-ports=sfp1 vlan-id=9[/b]
add tagged-ports=trunk-sw-ap,sfp1,switch1-cpu vlan-id=20
add tagged-ports=trunk-sw-ap,sfp1 vlan-id=40
add tagged-ports=trunk-sw-ap,sfp1 vlan-id=30

/interface ethernet switch ingress-vlan-translation
[b]add customer-vid=0 new-customer-vid=9 ports=ether1,ether2,ether3,ether4,ether5,ether6[/b]
add customer-vid=0 new-customer-vid=20 ports=trunk-gw,ether22,ether8-centrala,trunk-ovi
add customer-vid=0 new-customer-vid=30 ports=ether15-tel
add customer-vid=0 new-customer-vid=40 ports=ether16-guest

/interface ethernet switch vlan
[b]add comment=wan ports=ether1,ether2,ether3,ether4,ether5,ether6 vlan-id=9[/b]
add comment=LAN ports=trunk-gw,trunk-sw-ap,trunk-ovi,ether8-centrala,sfp1,switch1-cpu vlan-id=20
add comment=guest ports=trunk-sw-ap,ether16-guest,sfp1 vlan-id=40
add comment=tel ports=trunk-sw-ap,ether15-tel,sfp1 vlan-id=30

/interface vlan
add interface=sfp1 name=vlan20 vlan-id=20
add interface=sfp1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan40 vlan-id=40

On interface vlan20 I get IP from dhcp, but on interface vlan40 - no IP is received.

The second switch - with AP:

/interface ethernet switch trunk
add member-ports=ether15-srv,ether16-srv name=trunk-srv
add member-ports=ether13-recup,ether14-recup name=trunk-recup

/interface ethernet switch egress-vlan-tag
add tagged-ports=trunk-srv,sfp1,switch1-cpu vlan-id=20
add tagged-ports=trunk-srv,sfp1 vlan-id=30
add tagged-ports=trunk-srv,sfp1 vlan-id=40

/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=20 ports="ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,ether11,ether12" sa-learning=no
add customer-vid=0 new-customer-vid=30 ports=ether17,ether18,ether19,ether20,ether21,ether22 sa-learning=no
add customer-vid=0 new-customer-vid=40 ports=ether23-guest,ether1 sa-learning=no

/interface ethernet switch vlan
add ports="trunk-srv,trunk-recup,ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,ether11,ether12,sfp1,switch1-cpu" vlan-id=20
add ports=trunk-srv,ether17,ether18,ether19,ether20,ether21,ether22,sfp1 vlan-id=30
add ports=trunk-srv,ether1,ether23-guest,sfp1 vlan-id=40

/interface vlan
add interface=sfp1 name=vlan20-lan vlan-id=20
add interface=sfp1 name=vlan30-tel vlan-id=30
add interface=sfp1 name=vlan40-guests vlan-id=40

/interface bridge
add name=bridge-lan
add name=bridge-guest

/interface bridge port
add bridge=bridge-lan interface=wlan1
add bridge=bridge-guest interface=ap-guest
add bridge=bridge-lan interface=vlan20-lan
add bridge=bridge-guest interface=vlan40-guests

In this switch the only bridge that works is bridge-lan. I’ve put ether1 on vlan40 and it goes OK, IP received by PC, traffic OK, but on bridge-guests no IP is received, and no traffic goes to the ap-guest - virtual ap.

Can anyone help me?