CRS212-1G-10S and VLAN

davzar · November 3, 2018, 9:37am

Hi to all,
i need to configure my CRS212 with this VLANs scenario:

VLAN100
members sfp1,sfp2,sfp3
sfp1 tagged
sfp2,sfp3 untagged

VLAN110
members sfp1,sfp4
sfp1 tagged
sfp4 untagged

VLAN200
members sfp5,sfp6
sfp5 tagged
sfp6 untagged

VLAN210
members sfp5,sfp7
sfp5 tagged
sfp6 untagged.

This configuration is with post-6.41 RouterOS

Should i create 2 separate bridges, or only one bridge?
I’d like to achieve wire speed connection and low CPU usage.

At the moment i’m testing with 2 separate bridges,
one for VLAN 1xx and other for VLAN2xx
but when i push traffic the switch CPU reaches high levels of usage.

Any suggestion is appreciated

mkx · November 3, 2018, 2:09pm

You should use single bridge. If you want to have wire-speed data transfers without CRS’ CPU burning out (e.g. to do it in switch chip rather than in software), then stick to /interface ethernet switch section when configuring it. This is a post-6.41 type of configuration despites some users around here claiming otherwise.

davzar · November 6, 2018, 9:51am

Hi mkx, thanks for your answer.
So, i have to create one single bridge, then handle the VLANs using the /interface ethernet switch VLAN section, correct?
can you please post a little example.

mkx · November 6, 2018, 9:12pm

I don’t have any CRS2xx so I can’t give you an example … when it comes to /interface ethernet switch, devices speak a few dialects. I’m sure some other fellow forum user with CRS2xx will jump in.

davzar · November 7, 2018, 10:22am

Hi everyone,
following mkx advices i’ve made this configuration, is that correct?

/interface bridge
add fast-forward=no name=bridge1 protocol-mode=none
/interface ethernet
set [ find default-name=ether1 ] speed=100Mbps
set [ find default-name=sfp1 ] advertise=
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=
sfp1-RB3011-1xx-Ingress
set [ find default-name=sfp2 ] advertise=
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=
sfp2-VLAN100-egress
set [ find default-name=sfp3 ] advertise=
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=
sfp3-VLAN101-Egress
set [ find default-name=sfp4 ] advertise=
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=
sfp4-RIP1
set [ find default-name=sfp5 ] advertise=
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=
sfp5-RIP2
set [ find default-name=sfp6 ] advertise=
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=
sfp6-RIP3
set [ find default-name=sfp7 ] advertise=
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=
sfp7-RIP4
set [ find default-name=sfp8 ] advertise=
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=
sfp8-VLAN201-Egress
set [ find default-name=sfp9 ] advertise=
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=
sfp9-CCR-2xx-Ingress
set [ find default-name=sfp10 ] advertise=
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=
sfp10-VLAN200-Egress
set [ find default-name=sfpplus1 ] advertise=
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
/interface vlan
add interface=sfpplus1 name=vlan102 vlan-id=102
/interface ethernet switch
set drop-if-invalid-or-src-port-not-member-of-vlan-on-ports="sfp1-RB3011-1xx-I
ngress,sfp2-VLAN100-egress,sfp3-VLAN101-Egress,sfp8-VLAN201-Egress,sfp9-CC
R-2xx-Ingress,sfp10-VLAN200-Egress,sfp4-RIP1,sfp5-RIP2,sfp6-RIP3,sfp7-RIP4
"
/interface bridge port
add bridge=bridge1 interface=sfp1-RB3011-1xx-Ingress
add bridge=bridge1 interface=sfp10-VLAN200-Egress
add bridge=bridge1 interface=sfp9-CCR-2xx-Ingress
add bridge=bridge1 interface=sfp8-VLAN201-Egress
add bridge=bridge1 interface=sfp7-RIP4
add bridge=bridge1 interface=sfp6-RIP3
add bridge=bridge1 interface=sfp5-RIP2
add bridge=bridge1 interface=sfp4-RIP1
add bridge=bridge1 interface=sfp3-VLAN101-Egress
add bridge=bridge1 interface=sfp2-VLAN100-egress
/interface ethernet switch egress-vlan-tag
add tagged-ports=sfp1-RB3011-1xx-Ingress vlan-id=100
add tagged-ports=sfp1-RB3011-1xx-Ingress vlan-id=101
add tagged-ports=sfp9-CCR-2xx-Ingress vlan-id=200
add tagged-ports=sfp9-CCR-2xx-Ingress vlan-id=201
/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=100 ports=sfp2-VLAN100-egress
add customer-vid=0 new-customer-vid=101 ports=sfp3-VLAN101-Egress
add customer-vid=0 new-customer-vid=201 ports=sfp8-VLAN201-Egress
add customer-vid=0 new-customer-vid=200 ports=sfp10-VLAN200-Egress
/interface ethernet switch vlan
add ports=sfp2-VLAN100-egress,sfp1-RB3011-1xx-Ingress vlan-id=100
add ports=sfp1-RB3011-1xx-Ingress,sfp3-VLAN101-Egress vlan-id=101
add ports=“switch1-cpu,sfp1-RB3011-1xx-Ingress,sfp4-RIP1,sfp6-RIP3,sfp5-RIP2,s
fp7-RIP4” vlan-id=0
add ports=sfp10-VLAN200-Egress,sfp9-CCR-2xx-Ingress vlan-id=200
add ports=sfp8-VLAN201-Egress,sfp10-VLAN200-Egress vlan-id=201
/ip address
add address=192.168.78.100/24 interface=bridge1 network=192.168.78.0
/ip route
add distance=1 gateway=192.168.78.1

davzar · November 8, 2018, 11:46am

A little update:
i’ve tried the configuration above in a test environment in my lab
and it works, i can achive wire-speed with CPU that stays always under 20% while pushing traffic.