Do I really have to lose a port?

RouterOS Beginner Basics
1

Hi,

I’m looking at the documentation around switch features, and the following text is there:

Switching feature allows wire speed traffic passing among a group of ports, like the ports were a regular ethernet switch. You configure this feature by setting a “master-port” property to one ore more ports in /interface ethernet menu. A ‘master’ port will be the port through which the RouterOS will communicate to all ports in the group. Interfaces for which the ‘master’ port is specified become inactive - no traffic is received on them and no traffic can be sent out.

… so I may have misunderstood this, but it reads to me that I am unable to use any “master” ports as an external port in the switch, which kind of makes sense to me from an internals point of view, but basically means my 5 port device is only usable as a four port switch if I want a master? And therefore one external port is effectively useless??

So if I want wire-speed switching, then I sacrifice a port for every switch-group I configure that needs access to the CPU?

Is that right? Surely not? Or is there a different way to doing this? VLAN’s or rules?

Thanks,

Lee.

2

I see no reason to think that the port is lost. It is still usable in ROS.
You may get a more detailed anwer/advice if you care to post more details about your task

3

Hi,

Ok to take a really simple example … I have a 5-port device, if I want it to act as a 5-port switch with wire-speed switching, then I can set ether1 as a master with ether2-5 as slaves.

According to that documentation I won’t be able to use ether1 now as it’s designated as a master, i.e. I won’t be able to plug a physical cable into that port and have it work … so it’s only really a four port switch.

Lee.

4

That just means that the traffic on ports that have master-port set is invisible to RouterOS, since its switched traffic inside of the swtich chip that never makes it to the CPU.

You can use the master-port just fine, in fact, if you want to add an IP to a switch group, you have to add it to the master-port.

Read up a bit more on how it works, you will NOT “lose” any ports for using master-port and the integrated switch.

5

I think i see the wiki example you refer to:

A ‘master’ port will be the port through which the RouterOS will communicate to all ports in the group. Interfaces for which the ‘master’ port is specified become inactive - no traffic is received on them and no traffic can be sent out.

source: http://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features

I’m not sure where that comes from, its not correct. The ports are still functional. example below of switch and then activity pulled from a functioning router

[admin@Mikrotik] > /interface ethernet print
Flags: X - disabled, R - running, S - slave 
 #    NAME        MTU MAC-ADDRESS       ARP        MASTER-PORT      SWITCH     
 0 RS ether1     1500 00:0C:42:A7:0D:8E enabled    none             switch1    
 1 RS ether2     1500 00:0C:42:A7:0D:8F enabled    none             switch2    
 2 RS ether3     1500 00:0C:42:A7:0D:90 enabled    ether2           switch2    
 3 RS ether4     1500 00:0C:42:A7:0D:91 enabled    ether2           switch2    
 4  S ether5     1500 00:0C:42:A7:0D:92 enabled    ether2           switch2    
 5  S ether6     1500 00:0C:42:A7:0D:93 enabled    ether1           switch1    
 6  S ether7     1500 00:0C:42:A7:0D:94 enabled    ether1           switch1    
 7  S ether8     1500 00:0C:42:A7:0D:95 enabled    ether1           switch1    
 8  S ether9     1500 00:0C:42:A7:0D:96 enabled    ether1           switch1 



[admin@Mikrotik] > /interface ethernet print stats       
                      name:          ether1          ether2         ether3    >
            driver-rx-byte:  57 352 573 268  22 737 095 892              0    >
          driver-rx-packet:      87 032 458      42 122 532              0    >
            driver-tx-byte:  30 766 644 366  53 374 868 289              0    >
          driver-tx-packet:      68 925 657      48 701 545              0    >
                  rx-bytes:  57 700 703 036  45 128 672 847 85 881 417 231 2 7>
              rx-too-short:               0               0              0    >
                     rx-64:       1 180 603      12 656 682     11 523 626    >
                 rx-65-127:      44 687 538      11 398 166      3 476 289    >
                rx-128-255:       2 604 806         240 997      1 147 192    >
                rx-256-511:         878 360         205 524        466 484    >
               rx-512-1023:       1 277 093         217 918      1 189 917    >
              rx-1024-1518:      36 404 731      28 566 422     55 205 786    >
               rx-1519-max:               3               0         11 989    >
               rx-too-long:               0               0              0    >
              rx-broadcast:          38 482          17 259        246 836    >
                  rx-pause:              18               0              0    >
              rx-multicast:         563 595               0      1 657 905    >
              rx-fcs-error:             659               0              0    >
            rx-align-error:               0               0              0    >
               rx-fragment:               0               0              0    >
               rx-overflow:               0               0              0    >

edit: the wording should probably be amended in the article i think. It could read something like:

A ‘master’ port will be the port through which the RouterOS will communicate to all ports in the group. Interfaces for which the ‘master’ port is specified (slave interfaces) become switched ports and all traffic must pass via the specified master port interface to get to RouterOS (CPU).

6

edit: the wording should probably be amended in the article i think. It could read something like:

A ‘master’ port will be the port through which the RouterOS will communicate to all ports in the group. Interfaces for which the ‘master’ port is specified (slave interfaces) become switched ports and
all traffic must pass via the specified master port interface to get to RouterOS (CPU)

I added the underlining in the quote above. While the suggested new text is better, it seems to me that my CRS125 switch doesn’t work that way.

If I monitor the stats on the master port while sending traffic from a slave port to ROS for routing to another device on the network, I see no
traffic showing up on the master port.

So what is meant by “all traffic must pass via the specified master port interface to get to RouterOS”?

From my little experiment, it seems that there is nothing special or master-like about the master port. Rather, it appears to me that this
is just a way indicate to the switch chip how ports are to be grouped. Calling one of the grouped ports the “master port” would seem to imply
that plugging an external device into said master port will result in some different behavior than plugging a device into a slave port. I have
been unable to see any difference in behavior between the master port and its slaves.

I wish someone from MikroTik could explain how this is supposed to work in a clear and unambiguous manner.

Normis, I am going to post a link to this thread here:
http://forum.mikrotik.com/t/crs-documentation/73703/1

7

Those descriptions are from a RouterOS-centered perspective.
You can not access a slave port directly from ROS.
You still can see individual traffic on those ports in “interfaces”, but you can not assign individual IPs, nor apply classic firewall rules to them or do routing.
So from ROS routing perspective, there is only one port, the master port which becomes a cpu port now. Anything else are switch ports, as if you have a n+1 port switch connected to the master cpu port and the cables in the remaining n ports. Coincidentally, the cpu port bares the same name as the original physical port it was attached to. And that switch is of course a L3 manageable switch (via specific switch configuration parameters, grouped under “switch” in Winbox, including filtering, mirroring, vlans et. al.). And for the switch commands, you will have the original names for the physical ports, and cpu(x) for your cpu port.

8

Hello,

It seems the description in the manual is correct. I’m facing the problem with the RB450G and its master port (ether2) does not work, it’s inactive. The switching feature is working between ether 3, 4 and 5 (which are all slaves of ether2). But when I plug in the cable on ether2 port it’s inactive and there’s no connection. I’ve configured ether1 as gateway and it’s excluded of the switching group.

Does anyone know if it’s possible to activate the ether2 master port?

NAME TYPE MTU L2MTU MAX-L2MTU

0 R ether1-gateway ether 1500 1520 1520
1 R ether2-master-local ether 1500 1520 1520
2 R ether3-slave-local ether 1500 1520 1520
3 R ether4-slave-local ether 1500 1520 1520
4 R ether5-slave-local ether 1500 1520 1520

Regards,
Peter

9

You will NOT under any cirsumstance “lose” a port.

The master port keeps functioning like any other port - if it does not, do a normal networking troubleshooting process, starting at Layer1 and moving up.

10

That sentence essentially means that the port for which a master-port has been defined will show no traffic from a RouterOS perspective, as all packets will remain within the switch chip. Indeed, the port that will show all traffic is the master-port (with Winbox, torch, etc).

I.E. if you set ether3 & ether4 as slaves of ether2, you won’t be able to put firewall rules to filter traffic among ports 3 and 4, because those packets won’t ever reach the CPU. Think of it as if you had a classic unmanaged switch with 5 ports (ether2-ether5) and a single port Mikrotik router connected to ether1: from the routers perspective you could only see the traffic if it reaches ether1.

Also, keep in mind that depending on the model of the routerboard the switch chip may not be linked to all ports:

http://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features#Introduction