crs317 vlan questions

RouterOS Beginner Basics
1

Hello,

I’m playing arround with an CRS317 and did not get VLAN’s working with hardware offloading.

What i was expecting that would work:
/interface bridge
add name=NameBridge
/interface bridge vlan
add bridge=NameBridge tagged=sfp-02,sfp-03,sfp-04 untagged=sfp05 vlan-id=2

So alle the traffic tagged on port 02,03,04 and untagged 05 are in VLAN id 2.

Looking in WinBox in the VLAN the Current Untagged and Current Tagged is not filled in and dont have any traffic on VLAN2 so its not working.
I dont have vlan filtering on the bridge, when i do that its also not working.

What is working is:

/interface bridge
add name=NameBridge

/interface vlan
add vlan-id=2 interface=sfp-02 name=sfp-02-vlan2
add vlan-id=2 interface=sfp-03 name=sfp-03-vlan2
add vlan-id=2 interface=sfp-04 name=sfp-04-vlan2


/interface bridge
port add bridge=NameBridge interface=sfp-02-vlan2
port add bridge=NameBridge interface=sfp-03-vlan2
port add bridge=NameBridge interface=sfp-04-vlan2
port add bridge=NameBridge interface=sfp-05

The mikrotik is in RouterBroad mode because i also got an second network that is using router functions, what i need above is only switching so no NAT of other Router/Queues functions.
What I’m i doing wrong? The second config is working but its look like to much work and traffic is going trough the cpu (i guess)

2

Probably your configuration is screwy.

Just checking but it appears you only have one VLAN.

  1. Your VLAN definitions must use the interface name of the bridge!! (“NameBridge”

  2. Your port configurations are partially correct in the part where you identify the physical interface but this is not where you assign VLANs and thus return the PVIDs to 1,

  3. I am confused about ethernet port 5. Why is this on the same bridge as your VLANs??
    This connects your VLANS and the network on port 5 at layer 2 ???

  4. I am confused as to why ethernet port 5 is untagged on your Bridge VLAN settings ( I would remove it).

  5. You need to enter the bridgename itself as a TAGGED entiity here.

  6. When all is done the you select VLAN filtering

BY THE WAY DO THE ABOVE with SAFE MODE selected.

3

Thank you for the reply.

This is an example, I got like the above like 10 vlans configured.

  1. Your VLAN definitions must use the interface name of the bridge!! (“NameBridge”

Yes, i understand. And i;m doing that.

  1. Your port configurations are partially correct in the part where you identify the physical interface but this is not where you assign VLANs and thus return the PVIDs to 1,

  2. I am confused about ethernet port 5. Why is this on the same bridge as your VLANs??
    This connects your VLANS and the network on port 5 at layer 2 ???

So port 5 is for untagged traffic, it an uplink port. And for every VLAN i currently got an bridge. As I understand that’s not correct (but working).

  1. I am confused as to why ethernet port 5 is untagged on your Bridge VLAN settings ( I would remove it).

See above, every vlan got an unique bridge. Some got an untagged uplink (some an tagged uplink).

  1. You need to enter the bridgename itself as a TAGGED entiity here.

  2. When all is done the you select VLAN filtering

BY THE WAY DO THE ABOVE with SAFE MODE selected.

As i understand you just put all the ethernet ports on 1 vlan.
Enable vlan filtering and make sure if you need untagged vlan that the ethernet itself got the right untagged vlan pvid.
Correct?

4

I am far from a switch expert, I cant even get the 260GS working for me and having better luck with Dstink and Netgit switches. :frowning:

I see that my ether2 (my lan) is also on the switch but all my vlans run on ether2 as well so thats why I probably dont understand your ether5 settings.
if that works for you great. ! I just would have expected you to have identified eth5 as a port on the bridge and thats all that is needed. However since i dont really understand the need, I would ignore my advice on this part LOL.

5

CRS3xx is a slightly different beast than the rest of routerboards when it comes to switch functionality. While I don’t have any of them, the manual seems comprehensive …

6

Hello,

Yesterday created an new bridge with the ethernet ports and recreated the vlans
Almost everything is working, thank you

7

Working sample config for CRS317 with hardware offloading, see below:

# Backbone switch
# RouterOS 6.43.4
# model = CRS317-1G-16S+
/interface bridge
add name=bridge igmp-snooping=yes vlan-filtering=yes
/interface ethernet
set sfp-sfpplus1 comment=router
set sfp-sfpplus2 comment=hapac
set sfp-sfpplus3 comment=computer
/interface bridge port
# pvid specifies which VLAN the untagged ingress traffic is assigned to
add bridge=bridge comment="vlan trunk port" interface=sfp-sfpplus1
add bridge=bridge comment="vlan trunk port" interface=sfp-sfpplus2
add bridge=bridge comment="vlan access port" interface=sfp-sfpplus3 pvid=5
/interface bridge vlan
# untagged = interface list with a VLAN tag removing action in egress
# tagged = interface list with a VLAN tag adding action in egress
add bridge=bridge untagged=sfp-sfpplus3 vlan-ids=5
add bridge=bridge tagged="bridge,sfp-sfpplus1,sfp-sfpplus2" vlan-ids=3,4,5,6
/interface vlan
add interface=bridge name=MGMT vlan-id=3
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=MGMT

sfp-sfpplus1, sfp-sfpplus2 switch all vlans 3, 4, 5, 6 from and to the backbone switch
sfp-sfpplus3 is access port for a computer that is switched to vlan 5
switch is managed through vlan 3 subnet (not accessible from the computer connected to sfp-sfpplus3)