Hi,
I have a RouterBOARD CRS326-24G-2S+ and I’m trying to configure some VLANs, but I’m having problems.
What I need is to have two ports (ether17 and ether23) which are untagged on VLAN1 (LAN) and tagged on VLAN78 (VLAN_IOT).
I followed the guide at https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#VLAN_Example_.231_.28Trunk_and_Access_Ports.29.
All 24 ports are bridged in the Switch_LAN bridge which have VLAN filtering enabled:
[admin@switch1] /interface bridge> print detail
Flags: X - disabled, R - running
0 R ;;; defconf
name="Switch_LAN" mtu=auto actual-mtu=1500 l2mtu=1592 arp=enabled arp-timeout=auto mac-address=48:8F:5A:87:AB:B5 protocol-mode=rstp
fast-forward=yes igmp-snooping=no auto-mac=no admin-mac=48:8F:5A:87:AB:B5 ageing-time=5m priority=0x8000 max-message-age=20s
forward-delay=15s transmit-hold-count=6 vlan-filtering=yes ether-type=0x8100 pvid=1 frame-types=admit-all ingress-filtering=no
dhcp-snooping=no
I created the VLAN 78 interface (VLAN_IOT):
[admin@switch1] /interface vlan> print detail
Flags: X - disabled, R - running
0 R name="VLAN_IOT" mtu=1500 l2mtu=1588 mac-address=48:8F:5A:87:AB:B5 arp=enabled arp-timeout=auto loop-protect=default
loop-protect-status=off loop-protect-send-interval=5s loop-protect-disable-time=5m vlan-id=78 interface=Switch_LAN
use-service-tag=no
Ports 17 and 23 are added to the Switch_LAN bridge with PVID=1:
[admin@switch1] /interface bridge port> print detail
Flags: X - disabled, I - inactive, D - dynamic, H - hw-offload
[...]
12 H ;;; defconf
interface=ether17 bridge=Switch_LAN priority=0x80 path-cost=10 internal-path-cost=10 edge=auto point-to-point=auto learn=auto
horizon=none hw=yes auto-isolate=no restricted-role=no restricted-tcn=no pvid=1 frame-types=admit-all ingress-filtering=no
unknown-unicast-flood=yes unknown-multicast-flood=yes broadcast-flood=yes tag-stacking=no bpdu-guard=no trusted=no
multicast-router=temporary-query fast-leave=no
[...]
18 H ;;; defconf
interface=ether23_WiFi-AP bridge=Switch_LAN priority=0x80 path-cost=10 internal-path-cost=10 edge=auto point-to-point=auto
learn=auto horizon=none hw=yes auto-isolate=no restricted-role=no restricted-tcn=no pvid=1 frame-types=admit-all
ingress-filtering=no unknown-unicast-flood=yes unknown-multicast-flood=yes broadcast-flood=yes tag-stacking=no bpdu-guard=no
trusted=no multicast-router=temporary-query fast-leave=no
Ports 17 and 23 are added in the bridge VLAN configuration as tagged ports in the VLAN78:
[admin@switch1] /interface bridge vlan> print detail
Flags: X - disabled, D - dynamic
0 bridge=Switch_LAN vlan-ids=78 tagged=ether23_WiFi-AP,ether17 untagged="" current-tagged=ether17,ether23_WiFi-AP current-untagged=""
1 D bridge=Switch_LAN vlan-ids=1 tagged="" untagged="" current-tagged=""
current-untagged=Switch_LAN,ether10,ether14,ether23_WiFi-AP,sfp-sfpplus1,LAG_Nas,LAG_NasBackup,ether17
The RouterBOARD has a IP address configured on the VLAN_IOT interface (192.168.78.254):
[admin@switch1] /ip address> print detail
Flags: X - disabled, I - invalid, D - dynamic
[...]
3 ;;; IOT Network IP Address (Default Gateway)
address=192.168.78.254/24 network=192.168.78.0 interface=VLAN_IOT actual-interface=VLAN_IOT
[...]
If I connect a wired laptop to the port 17, configure its ethernet interface with VLAN tag 78 and configure a manual IP address on it (192.168.78.200/24) I cannot ping the RouterBOARD IP address 192.168.78.254.
Could you help me to understand where I’m wrong, please?
Thank you very much!
Bye