I’ve been attempting to set up a new network based on three CRS226-24G-2S+RM switches. The test architecture is very simple: one core switch, and a satellite switch.
Very simply, I have connected the core switch (fl-core-sw1) to the satellite switch (fl-east-sw1) with a two-port trunk. This is connected between core ports 1 and 2, and satellite ports 21 and 22. I have configured both switches according to the examples (with newer hardware offloading), management interface on VLAN 99 and so on. I also have a PC connected to port 24 on both switches, which I intend to be a management VLAN access port.
Using this configuration, I am able to access the local switch via the VLAN access port, but not the remote switch. This is the same whichever way around I try it. Additionally, the switches are unable to ping each other. I am also unable to ping the two machines connected to the management access port from each other.
If I disconnect one leg of the two-port trunk, I am able to access everything (switches and PCs) as expected. I’m very confused. Why isn’t the trunk working in this configuration? I’m sure it’ll be very obvious to someone who’s configured these before, but I just can’t spot it. Any pointers gratefully received… Thanks for reading!
fl-core-sw1:
/interface bridge
add admin-mac=4C:5E:0C:9C:A1:A5 auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether1 ] comment="fl-east-sw1 trunk"
set [ find default-name=ether2 ] comment="fl-east-sw1 trunk"
set [ find default-name=ether3 ] comment="fl-west-sw1 trunk"
set [ find default-name=ether4 ] comment="fl-west-sw1 trunk"
set [ find default-name=ether5 ] comment="fl-office-sw1 switch"
set [ find default-name=ether6 ] comment="fl-office-sw2 switch"
set [ find default-name=ether7 ] comment="fl-office-sw3 switch"
set [ find default-name=ether14 ] comment=workspace
set [ find default-name=ether15 ] comment=cctv-nvr1
set [ find default-name=ether16 ] comment=cctv-nvr2
set [ find default-name=ether17 ] comment=ringo
set [ find default-name=ether18 ] comment=camserver
set [ find default-name=ether19 ] comment=pabx
set [ find default-name=ether20 ] comment=mail
set [ find default-name=ether23 ] comment=fl-core-router
set [ find default-name=ether24 ] comment="Admin access"
/interface vlan
add interface=bridge name=mgmt-vlan99 vlan-id=99
/interface ethernet switch
set drop-if-invalid-or-src-port-not-member-of-vlan-on-ports="ether1,ether2,ether3,ether4,ether5,ether6,ether7,ethe\
r8,ether9,ether10,ether11,ether12,ether13,ether14,ether15,ether16,ether17,ether18,ether19,ether20,ether21,ethe\
r22,ether23,ether24,sfp-sfpplus1,sfpplus2"
/interface ethernet switch trunk
add member-ports=ether1,ether2 name=trunk-east-sw1
add member-ports=ether3,ether4 name=trunk-west-sw1
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface bridge port
add bridge=bridge comment=defconf interface=ether1
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=ether10
add bridge=bridge comment=defconf interface=ether11
add bridge=bridge comment=defconf interface=ether12
add bridge=bridge comment=defconf interface=ether13
add bridge=bridge comment=defconf interface=ether14
add bridge=bridge comment=defconf interface=ether15
add bridge=bridge comment=defconf interface=ether16
add bridge=bridge comment=defconf interface=ether17
add bridge=bridge comment=defconf interface=ether18
add bridge=bridge comment=defconf interface=ether19
add bridge=bridge comment=defconf interface=ether20
add bridge=bridge comment=defconf interface=ether21
add bridge=bridge comment=defconf interface=ether22
add bridge=bridge comment=defconf interface=ether23
add bridge=bridge comment=defconf interface=ether24
add bridge=bridge comment=defconf interface=sfp-sfpplus1
add bridge=bridge comment=defconf interface=sfpplus2
/interface ethernet switch egress-vlan-tag
add comment="Office machines" tagged-ports=ether5,ether6,ether7,ether23 vlan-id=2
add comment="Warehouse machines" tagged-ports=trunk-east-sw1,trunk-west-sw1,ether23 vlan-id=3
add comment=Telephones tagged-ports=trunk-east-sw1,trunk-west-sw1,ether6,ether19,ether23 vlan-id=4
add comment=Administration tagged-ports=trunk-east-sw1,trunk-west-sw1,switch1-cpu,ether5,ether6,ether7,ether23 \
vlan-id=99
add comment="CCTV cameras" tagged-ports=trunk-east-sw1,trunk-west-sw1,ether23 vlan-id=5
add comment="Staff devices" tagged-ports=trunk-east-sw1,trunk-west-sw1,ether7,ether23 vlan-id=6
add comment="Guest internet access" tagged-ports=trunk-east-sw1,trunk-west-sw1,ether7,ether23 vlan-id=7
add comment="Special projects" tagged-ports=trunk-east-sw1,trunk-west-sw1,ether23 vlan-id=9
add comment=Servers tagged-ports=ether19,ether20,ether23 vlan-id=10
add comment=DMZ tagged-ports=ether19,ether20,ether23 vlan-id=100
/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=10 ports=ether14,ether17,ether18
add customer-vid=0 new-customer-vid=5 ports=ether15,ether16
add customer-vid=0 new-customer-vid=99 ports=ether24
/interface ethernet switch vlan
add comment=Administration ports=trunk-east-sw1,trunk-west-sw1,switch1-cpu,ether5,ether6,ether7,ether23,ether24 \
vlan-id=99
add comment="Office machines" ports=ether5,ether6,ether7,ether23 vlan-id=2
add comment="Warehouse machines" ports=trunk-east-sw1,trunk-west-sw1,ether23 vlan-id=3
add comment=Telephones ports=trunk-east-sw1,trunk-west-sw1,ether6,ether19,ether23 vlan-id=4
add comment="CCTV cameras" ports=trunk-east-sw1,trunk-west-sw1,ether6,ether13,ether15,ether16 vlan-id=5
add comment="Staff devices" ports=trunk-east-sw1,trunk-west-sw1,ether7,ether23 vlan-id=6
add comment="Guest internet access" ports=trunk-east-sw1,trunk-west-sw1,ether7,ether23 vlan-id=7
add comment="Building control" ports=ether23 vlan-id=8
add comment="Special projects" ports=trunk-east-sw1,trunk-west-sw1,ether23 vlan-id=9
add comment=Servers ports=ether14,ether17,ether18,ether19,ether20,ether23 vlan-id=10
add comment=DMZ ports=ether19,ether20,ether23 vlan-id=100
/ip address
add address=10.192.99.2/24 interface=mgmt-vlan99 network=10.192.99.0
/ip dns
set servers=10.192.99.1
/ip route
add distance=1 gateway=10.192.99.1
/system identity
set name=fl-core-sw1
fl-east-sw1:
/interface bridge
add admin-mac=4C:5E:0C:9D:2C:4A auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether21 ] comment="fl-core-sw1 trunk"
set [ find default-name=ether22 ] comment="fl-core-sw1 trunk"
set [ find default-name=ether23 ] comment="fl-east-sw2 switch"
set [ find default-name=ether24 ] comment="Admin access"
/interface vlan
add interface=bridge name=mgmt-vlan99 vlan-id=99
/interface ethernet switch
set drop-if-invalid-or-src-port-not-member-of-vlan-on-ports="ether1,ether2,ether3,ether4,ether5,ether6,ether7,ethe\
r8,ether9,ether10,ether11,ether12,ether13,ether14,ether15,ether16,ether17,ether18,ether19,ether20,ether21,ethe\
r22,ether23,ether24,sfp-sfpplus1,sfpplus2"
/interface ethernet switch trunk
add member-ports=ether21,ether22 name=trunk-core-sw1
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface bridge port
add bridge=bridge comment=defconf interface=ether1
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=ether10
add bridge=bridge comment=defconf interface=ether11
add bridge=bridge comment=defconf interface=ether12
add bridge=bridge comment=defconf interface=ether13
add bridge=bridge comment=defconf interface=ether14
add bridge=bridge comment=defconf interface=ether15
add bridge=bridge comment=defconf interface=ether16
add bridge=bridge comment=defconf interface=ether17
add bridge=bridge comment=defconf interface=ether18
add bridge=bridge comment=defconf interface=ether19
add bridge=bridge comment=defconf interface=ether20
add bridge=bridge comment=defconf interface=ether21
add bridge=bridge comment=defconf interface=ether22
add bridge=bridge comment=defconf interface=ether23
add bridge=bridge comment=defconf interface=ether24
add bridge=bridge comment=defconf interface=sfp-sfpplus1
add bridge=bridge comment=defconf interface=sfpplus2
/interface ethernet switch egress-vlan-tag
add comment="Warehouse machines" tagged-ports=trunk-core-sw1,ether23 vlan-id=3
add comment=Telephones tagged-ports=trunk-core-sw1,ether23 vlan-id=4
add comment=Administration tagged-ports=trunk-core-sw1,switch1-cpu,ether23 vlan-id=99
add comment="CCTV cameras" tagged-ports=trunk-core-sw1,ether23 vlan-id=5
add comment="Staff devices" tagged-ports=trunk-core-sw1 vlan-id=6
add comment="Guest internet access" tagged-ports=trunk-core-sw1 vlan-id=7
add comment="Special projects" tagged-ports=trunk-core-sw1 vlan-id=9
/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=99 ports=ether24
/interface ethernet switch vlan
add comment=Administration ports=trunk-core-sw1,switch1-cpu,ether23,ether24 vlan-id=99
add comment="Warehouse machines" ports=trunk-core-sw1,ether23 vlan-id=3
add comment=Telephones ports=trunk-core-sw1,ether23 vlan-id=4
add comment="CCTV cameras" ports=trunk-core-sw1,ether23 vlan-id=5
add comment="Staff devices" ports=trunk-core-sw1 vlan-id=6
add comment="Guest internet access" ports=trunk-core-sw1 vlan-id=7
add comment="Special projects" ports=trunk-core-sw1 vlan-id=9
/ip address
add address=10.192.99.3/24 interface=mgmt-vlan99 network=10.192.99.0
/ip dns
set servers=10.192.99.1
/ip route
add distance=1 gateway=10.192.99.1
/system identity
set name=fl-east-sw1