CRS226 untagged vlan challange

RouterOS General
1

I have a tricky issue with trying to get a CRS configured with a functioning untagged vlan port, but I keep getting all the packets returned tagged instead of untagged.

model: CRS226-24G-2S+
os version: 6.37.1
firmware-type: qca8513
current-firmware: 3.22

Config:

/interface ethernet
set [ find default-name=ether3 ] master-port=ether24-vlan-trunk name=ether3-vlan-700
set [ find default-name=ether4 ] master-port=ether24-vlan-trunk name=ether4-vlan-700
set [ find default-name=ether24 ] name=ether24-vlan-trunk

/interface ethernet switch port
set 3 dscp-based-qos-dscp-to-dscp-mapping=no
set 4 dscp-based-qos-dscp-to-dscp-mapping=no
set 24 dscp-based-qos-dscp-to-dscp-mapping=no

/interface ethernet switch vlan
add ports=ether3,ether4,ether24 vlan-id=700

/interface ethernet switch egress-vlan-tag
add tagged-ports=ether24 vlan-id=700

/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=700 ports=ether3-vlan-700 sa-learning=yes
add customer-vid=0 new-customer-vid=700 ports=ether4-vlan-700 sa-learning=yes

/interface vlan
add interface=ether24-vlan-trunk name=vlan700 vlan-id=700

/ip address
add address=10.8.7.254/24 interface=vlan700 network=10.8.7.0

Additional context:

  • There is a router on ether24 with a tagged interface.
  • The remote router has a IP of 10.8.7.1.
  • The remote router is responsible for routing, DHCP, etc. The switch is just responsible for L2 transit.
  • Ping works between the switch on 10.8.7.254 and the router on 10.8.7.1 successfully.


    So the issue I have is that any returning traffic coming out of ether3 or ether4 is still tagged with the vlan ID of 700.

For example, attempting to ping either the router or the switch, results in an ARP request coming back to the client which is encapsulated in 802.1Q, which naturally the client can’t handle.

There must be some misconfiguration somewhere with the port configuration, I just want an untagged port (nothing fancy) and have reviewed the examples at http://wiki.mikrotik.com/wiki/Manual:CRS_examples#Port_Based_VLAN, but not seeing anything obvious.

I’ve spent a number of hours tinkering with the switch options and port options in the CRS, including experimenting with /interface ethernet switch egress-vlan-translation (this seems to be implied, but couldn’t find a clear guide?), but with no result. I expect something I’m doing wrong in respect to the specific switch chip in the CRS series.

Any pointers greatly appreciated.