I cant even manage to make a simple switch config with 2 trunkports and some accessports in different vlans.
It works but I can access the switch only from tagged ports. I cant access it from a untagged port. Mikrotik Support cant help.
I see cdp-packets of switch on untagged ports but no mac-ping/ip-ping works.
This was added as MT-Support wanted to, but did not solve the problem:
“/interface vlan add interface=bridge1 name=vlan44 vlan-id=44”
I have a similar setup that works really well doing this.
Create your “main” bridge and add your vlans onto it with relevant tagging etc.
Add the ethernet interfaces to the bridge you want to be trunk ports.
Create a second bridge, make one of your vlans a member of this bridge
Add an interface you want to be an access port for this vlan
Apologies if that doesn’t read well, I’m not near a router for a while to get you some code form of that but if should get you I need the right direction.
Thanks for your help. This does not work as with CRS317 only one bridge gets HW acceleration. A second bridge would be a SW bridge which is very slow on this switch.
I talked to MT Support meanwhile. They recognized my problem as SW Problem and promised a fix soon.
I think this should be doable, I had it working in the lab 2 days ago, I’ll see if I can look at this closer later today. Off the top of my head, from skimming this thread, I’ll say:
Use only one bridge – only one bridge will get HW acceleration!
The end goal should be to have one bridge with vlan filtering = yes
Think of the bridge/switch chip as a separate box and things get a lot easier.
The “cable” or “port” from the switch chip to the RouterBoard is named as the name of the bridge. So it’s totally normal to have a /interface bridge vlan that lists a config like “tagged=bridge1,ether1,ether2”.
Edit: The only thing that looks different from what I remember is the:
frame-types=admit-only-vlan-tagged ingress-filtering=yes
stuff. Does taking that off work? If so, maybe setting a PVID on those ports just in case something isn’t tagged is good enough?
You only really need a single bridge instance (stop thinking in CCR ways when it comes to a switch).
Under /bridge/ports, set the PVID (under the VLAN tab) for the ports you want in “Access mode” in the vlan you require.
Then, under /bridge/vlan set the ports you want to be “trunked” to have the vlan you desire as “tagged”.
It’s quite a big departure from the old switch chip settings, but I like the fact that Mikrotik is trying to merge everything into RouterOS. It does make sense once you get your head around it.
Some tips (from notes I made)
switch notes
/interface bridge bridge1, enable mstp (multiple spanning tree instances)
/interface bridge bridge1, enable vlan filtering
/interface bridge /port set pvid (under the vlan tab) for a port to put it in "access mode" in that vlan,e.g. 200
and set frame types to : admit only untagged and priority tagged
/interface bridge /vlans set tagged ports for specific vlan in what you consider a "trunk" port
Thanks. I have it running now. There was a bug in the beta’s. After an upgrade it works. Now I have some problems with SFP+ 10G Ethernet module. I wait for a few rcs more until playing again … The ShowStopper where some rcs might kill the device with the next update make me wait until it settles somehow.
Here, you haven’t mentioned, what kind of problem you have, but please, take into account, that according to SFP module compatibility table you can only use a maximum of 14 S+RJ10 modules because of the power controller of the switch (as each S+RJ10 module can consume as high as 2.4W of power!).
If your problem is not related to the number of modules, then sorry
I have less then this in the switch. Problems: It shows a flapping link with no cable connected and does not link up with a longer (<100m) installed cable we currently use with 1Gbps. Looks like the SW is not done yet.
Is this a Copper Cable (or is it fiber)? Just wondering because I’ve using all DACs so far, but was assuming it worked just fine with 10G SM fiber optics…
