I’m trying to follow the documentation for CRS2xx switches (this documentation page) but I can’t get it to work? I’m most likely missing something obvious and simple. 
First of all, `sfp-sfpplus1` is connected to another switch which carries only tagged traffic. One of these VLANs is used for management, just like in the documentation example. In my case management is VLAN 3.
I tried setting up a dhcp-client on mgmt0 after following the documentation sample but didn’t get a lease, so I tried setting up addressing and routing manually, but if I use `/tool/sniffer/quick int` I can only see the following traffic:
[admin@MikroTik] /interface/ethernet/switch> /tool/sniffer/quick
Columns: INTERFACE, TIME, NUM, DIR, SRC-MAC, DST-MAC, VLAN, SRC-ADDRESS, DST-ADDRESS, PROTOCOL, SIZE, CPU
INTERFACE TIME NUM DIR SRC-MAC DST-MAC VLAN SRC-ADDRESS DST-ADDRESS PROTOCOL SIZE CPU
sfp-sfpplus1 5.364 3 -> 4C:5E:0C:93:12:9A 01:80:C2:00:00:00 802.2 53 0
sfp-sfpplus1 7.368 4 -> 4C:5E:0C:93:12:9A 01:80:C2:00:00:00 802.2 53 0
lo 7.933 5 -> 00:00:00:00:00:00 FF:FF:FF:FF:FF:FF 127.0.0.1:5678 (discovery) 255.255.255.255:5678 (discovery) ip:udp 187 0
lo 7.933 6 <- 00:00:00:00:00:00 FF:FF:FF:FF:FF:FF 127.0.0.1:5678 (discovery) 255.255.255.255:5678 (discovery) ip:udp 187 0
sfp-sfpplus1 7.936 7 -> 4C:5E:0C:93:12:9A FF:FF:FF:FF:FF:FF 0.0.0.0:5678 (discovery) 255.255.255.255:5678 (discovery) ip:udp 207 0
sfp-sfpplus1 7.937 8 -> 4C:5E:0C:93:12:9A 01:00:0C:CC:CC:CC 802.2 121 0
sfp-sfpplus1 7.945 9 -> 4C:5E:0C:93:12:9A 01:80:C2:00:00:0E lldp 178 0
mgmt0 7.947 10 -> 4C:5E:0C:93:12:82 33:33:00:00:00:01 fe80::4e5e:cff:fe93:1282:5678 (discovery) ff02::1:5678 (discovery) ipv6:udp 220 0
bridge1 7.947 11 -> 4C:5E:0C:93:12:82 33:33:00:00:00:01 3 fe80::4e5e:cff:fe93:1282:5678 (discovery) ff02::1:5678 (discovery) ipv6:udp 224 0
sfp-sfpplus1 7.947 12 -> 4C:5E:0C:93:12:82 33:33:00:00:00:01 3 fe80::4e5e:cff:fe93:1282:5678 (discovery) ff02::1:5678 (discovery) ipv6:udp 224 0
mgmt0 7.949 13 -> 4C:5E:0C:93:12:82 FF:FF:FF:FF:FF:FF 192.168.0.6:5678 (discovery) 255.255.255.255:5678 (discovery) ip:udp 200 0
bridge1 7.949 14 -> 4C:5E:0C:93:12:82 FF:FF:FF:FF:FF:FF 3 192.168.0.6:5678 (discovery) 255.255.255.255:5678 (discovery) ip:udp 204 0
sfp-sfpplus1 7.949 15 -> 4C:5E:0C:93:12:82 FF:FF:FF:FF:FF:FF 3 192.168.0.6:5678 (discovery) 255.255.255.255:5678 (discovery) ip:udp 204 0
mgmt0 7.967 16 -> 4C:5E:0C:93:12:82 01:00:0C:CC:CC:CC 802.2 123 0
bridge1 7.967 17 -> 4C:5E:0C:93:12:82 01:00:0C:CC:CC:CC 3 802.2 127 0
sfp-sfpplus1 7.967 18 -> 4C:5E:0C:93:12:82 01:00:0C:CC:CC:CC 3 802.2 127 0
mgmt0 7.967 19 -> 4C:5E:0C:93:12:82 01:80:C2:00:00:0E lldp 170 0
bridge1 7.967 20 -> 4C:5E:0C:93:12:82 01:80:C2:00:00:0E 3 lldp 174 0
sfp-sfpplus1 7.968 21 -> 4C:5E:0C:93:12:82 01:80:C2:00:00:0E 3 lldp 174 0
sfp-sfpplus1 9.372 22 -> 4C:5E:0C:93:12:9A 01:80:C2:00:00:00 802.2 53 0
I couldn’t see any DHCP request reaching my DHCP server either.
My current configuration is based on the documentation example but expanded using ansible, I’ve just removed some VLANs to make it shorter:
/interface bridge
add name=bridge1
/interface vlan
add interface=bridge1 name=mgmt0 vlan-id=3
/interface ethernet switch
set drop-if-invalid-or-src-port-not-member-of-vlan-on-ports="ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,ether11,ether12,ether13,ether14,ether15,ether16,ether17,ether18,eth\
er19,ether20,ether21,ether22,ether23,ether24,sfp-sfpplus1,sfpplus2"
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/port
set 0 name=serial0
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=ether6
add bridge=bridge1 interface=sfp-sfpplus1
add bridge=bridge1 interface=sfpplus2
/interface ethernet switch egress-vlan-tag
add tagged-ports=sfpplus2,sfp-sfpplus1 vlan-id=5
add tagged-ports=ether6,sfpplus2,sfp-sfpplus1 vlan-id=37
add tagged-ports=sfpplus2,sfp-sfpplus1 vlan-id=19
add tagged-ports=ether6,sfpplus2,sfp-sfpplus1 vlan-id=41
add tagged-ports=sfpplus2,sfp-sfpplus1 vlan-id=143
add tagged-ports=switch1-cpu,sfpplus2,sfp-sfpplus1 vlan-id=3
add tagged-ports=sfpplus2,sfp-sfpplus1 vlan-id=46
add tagged-ports=sfpplus2,sfp-sfpplus1 vlan-id=28
/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=3 ports=ether1
add customer-vid=0 new-customer-vid=3 ports=ether2
add customer-vid=0 new-customer-vid=3 ports=ether3
add customer-vid=0 new-customer-vid=3 ports=ether4
add customer-vid=0 new-customer-vid=28 ports=ether5
/interface ethernet switch vlan
add ports=sfpplus2,sfp-sfpplus1 vlan-id=5
add ports=sfpplus2,sfp-sfpplus1 vlan-id=37
add ports=sfpplus2,sfp-sfpplus1 vlan-id=19
add ports=sfpplus2,sfp-sfpplus1 vlan-id=41
add ports=sfpplus2,sfp-sfpplus1 vlan-id=143
add ports=switch1-cpu,ether1,ether2,ether3,ether4,ether6,sfpplus2,sfp-sfpplus1 vlan-id=3
add ports=sfpplus2,sfp-sfpplus1 vlan-id=46
add ports=ether5,sfpplus2,sfp-sfpplus1 vlan-id=28
/ip address
add address=192.168.0.6/24 interface=mgmt0 network=192.168.0.0
/ip route
add dst-address=0.0.0.0/0 gateway=192.168.0.254
/system note
set show-at-login=no
I’ve started over a few times using `/system reset-configuration no-defaults=yes skip-backup=yes` and I have serial access to the machine.