CRS125 Vlan Trunk Question

Kampfwurst · May 3, 2014, 12:25pm

I have some Question about Routing and Vlan.

There is my Network at Home.
I need to build a trunk between the RB750GL and the CRS125. But I need full wirespeed on the VLAN 100 because of my Fileserver on the ESXi. The Firewall (VLAN 200) need to be routet on the CRS125.(about 30Mbit) This can go through the CPU.

My Question is this possible? I dont understand whow tho splitt Vlan over the Switch Chip (VLAN 100) and the CPU (VLAN 200)

Maybe someone can explain that to me.

Kampfwurst · May 5, 2014, 12:56pm

push

athaynes · May 7, 2014, 2:33pm

I think see what you are asking and I finally have this working for my situation, BUT you will want to upgrade your CRS125 to 6.13rc13 because your switch will hang on a reboot once you have this configured. I got it all working with 6.12 only to find out that my switch would not reboot. I am new to RouterOS and I don’t have the RB750GL, but I assume they all work the same.

On your router, create your VLAN interfaces 100,200 and add your address/networks. The switch trunk in this example would be plugged into ether2 on the router

/interface vlan
add name=vlan100 interface=ether2 vlan-id=100
add name=vlan200 interface=ether2 vlan-id=200

/ip address
add address=192.168.0.1/24 interface=vlan100 network=192.168.0.0
add address=192.168.10.1/24 interface=vlan200 network=192.168.10.0

Now on your switch set up the vlan tagging by adding ports to a master port (ether1) and configure your in/out rules. ether1 on the switch is plugged into the router (ether2)

/interface ethernet
set ether2 master-port=ether1
set ether3 master-port=ether1

/interface ethernet switch egress-vlan-tag
add tagged-ports=ether1 vlan-id=100
add tagged-ports=ether1 vlan-id=200

/interface ethernet switch ingress-vlan-translation
add ports=ether2 new-customer-vid=100 sa-learning=yes
add ports=ether3 new-customer-vid=200 sa-learning=yes

The one thing that I am hitting now is that if I try to do an actual trunk (bond) in the switch chip (vs ROS), it causes all the links in that trunk to fail. I can leave it configured, but only have one physical connection and the link comes right back up. It is possible that I have something configured wrong, but this is still true in 6.13rc13.

Hopefully I did not misunderstand your ask and this helps.

Kampfwurst · May 9, 2014, 5:09am

thanks for your help.

I hope that a Vlan trunk will work on the switch chip on the final ROS 6.13.

I need full wirespeed to the File Server ,-)

Kampfwurst · May 10, 2014, 6:23am

today I got my 750GL and a 951G-2HnD

I still have problem to build 2 Vlan. One Vlan (VLAN 200) must be routet for the Internet and on the other Vlan (VLAN 100) I need full wirespeed.

There is my config

750GL  PORT 3 as Trunk

/interface vlan
add name=VLAN100 vlan-id=100 interface=ether1 disabled=no
add name=VLAN200 vlan-id=200 interface=ether2 disabled=no

/ip address
add address=192.168.0.254/24 interface=VLAN100
add address=192.168.10.254/24 interface=VLAN200

/interface vlan
add name=Trunk100 vlan-id=100 interface=ether3 disabled=no
add name=Trunk200 vlan-id=200 interface=ether3 disabled=no

CRS 125  PORT 16 as Trunk

/interface ethernet switch egress-vlan-tag
add tagged-ports=ether16 vlan-id=100
add tagged-ports=ether16 vlan-id=200

add ports=ether14 new-customer-vid=100 sa-learning=yes
add ports=ether14 new-customer-vid=200 sa-learning=yes

/ip address
add address=192.168.0.253/24 interface=VLAN100
add address=192.168.10.253/24 interface=VLAN200

But with a trunk on the Switch Chip I have problem

/interface ethernet
set ether2 master-port=ether1
set ether3 master-port=ether1
set ether4 master-port=ether1

/interface ethernet switch port
set ether2 vlan-mode=secure vlan-header=always-strip default-vlan-id=100
set ether3 vlan-mode=secure vlan-header=always-strip default-vlan-id=200
set ether1 vlan-mode=secure vlan-header=add-if-missing

/interface ethernet switch vlan
add ports=ether2,ether1 switch=switch1 vlan-id=100
add ports=ether3,ether1 switch=switch1 vlan-id=200

/interface ethernet switch port
set switch1-cpu vlan-mode=secure vlan-header=leave-as-is

/interface ethernet switch vlan
add ports=ether1 switch=switch1 vlan-id=1

/interface vlan
add name=vlan1 vlan-id=1 interface=ether5
/ip address
add address=192.168.0.254/24 interface=vlan1 network=192.168.0.0

I use 6.13rc18

slvnet · May 12, 2014, 9:46am

Hello

I have the same - hang on reboot.
Where can I get 6.13rcXX ROS ?

Thanks

p.s.
got it
http://forum.mikrotik.com/t/problem-w-hard-reset-of-crs-125-24g-1s-running-ros-6-12-6-13/76946/1