CRS1XX Management VLAN Interface Issue

RouterOS Beginner Basics
1

Hi there,

Given a CRS112-8G-4S switch with one access (ether2, VLAN: 90) and one trunk port (sfp12, VLAN: 1,10,20,30,90) configured. So far so good.

My goal is to set up a VLAN interface and manage the switch (remotely) in VLAN 90.

The VLAN inteface in VLAN 90 is not working. I don’t know what’s missing.

[admin@MikroTik] > /export
# jan/02/1970 00:31:00 by RouterOS 6.49.13
# software id = 65E9-AUQV
#
# model = CRS112-8G-4S
# serial number = <edited>
/interface bridge
add name=bridge1
/interface vlan
add interface=bridge1 name=mgmt vlan-id=90
/interface ethernet switch
set drop-if-invalid-or-src-port-not-member-of-vlan-on-ports=ether2,sfp12
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=sfp12
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface ethernet switch egress-vlan-tag
add tagged-ports=sfp12 vlan-id=1
add tagged-ports=sfp12 vlan-id=10
add tagged-ports=sfp12 vlan-id=20
add tagged-ports=sfp12 vlan-id=30
add tagged-ports=sfp12 vlan-id=90
/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=90 ports=ether2
/interface ethernet switch vlan
add ports=ether2,sfp12 vlan-id=90
add ports=sfp12 vlan-id=1
add ports=sfp12 vlan-id=10
add ports=sfp12 vlan-id=20
add ports=sfp12 vlan-id=30
/ip address
add address=10.0.90.3/24 interface=mgmt network=10.0.90.0

Some evidence here…

admin@MikroTik] > ping 10.0.90.3
  SEQ HOST                                     SIZE TTL TIME  STATUS
    0 10.0.90.3                                  56  64 2ms
    1 10.0.90.3                                  56  64 1ms
    sent=2 received=2 packet-loss=0% min-rtt=1ms avg-rtt=1ms max-rtt=2ms

[admin@MikroTik] > ping 10.0.90.100
  SEQ HOST                                     SIZE TTL TIME  STATUS
    0 10.0.90.100                                             timeout
    1 10.0.90.100                                             timeout
    sent=2 received=0 packet-loss=100%
    
[admin@MikroTik] > ping 10.0.90.101
  SEQ HOST                                     SIZE TTL TIME  STATUS
    0 10.0.90.101                                             timeout
    1 10.0.90.101                                             timeout
    sent=2 received=0 packet-loss=100%
    
[admin@MikroTik] > ip arp print
Flags: X - disabled, I - invalid, H - DHCP, D - dynamic, P - published, C - complete
 #    ADDRESS         MAC-ADDRESS       INTERFACE
 0 D  10.0.90.100                       mgmt
 1 D  10.0.90.101                       mgmt
 2 D  10.0.90.1                         mgmt

I appreciate any help you can provide. Thank you!

2

I’m still trying hard…

I’ve added my VLAN (mgmt) interface to bridge1

/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=sfp12
add bridge=bridge1 interface=mgmt

No luck.

Also tried to add VLAN tags on switch1-cpu…

[admin@MikroTik] > /interface ethernet switch egress-vlan-tag add tagged-ports=switch1-cpu vlan-id=90
failure: already have such switch egress vlan tag entry

No luck.

Tried to add switch1-cpu to VLAN90…

[admin@MikroTik] > /interface ethernet switch vlan add ports=switch1-cpu vlan-id=90
failure: already have such switch vlan entry

No luck.


Took inspiration from here: http://forum.mikrotik.com/t/need-help-with-crs112-switch-configuring-ip-addresses-on-vlans/150127/1

What am I missing?

3

Settings under /interface/ethernet/switch/egress-vlan-tag (and switch/vlan) are filling up a table which has one row per VLAN ID. In your case it already has a row with VID 90 before you trying to execute commands from your last post, hence failure.

Instead you have to manipulate existing rows using command

/interface ethernet switch egress-vlan-tag
set [find vlan-id=90] tagged-ports=switch1-cpu,sfp12 
/interface ethernet switch vlan
set [find vlan-id=90] ports=switch1-cpu,sfp12,ether2

And, by all means, remove mgmt vlan interface from being bridge port (under /interface bridge port), setting it as one is an error.

4

It works like a charm.

Thank you, mkx, for taking the time to help. I don’t know how I could have missed this.