So, buddy of mine is a network guru and setup my gear at home for me and I understand it for the most part. However, I would consider some of it to be complex for someone like me who is more of a systems admin vs. network admin. He went poof about a year ago and I have no idea what happened to him, that is a different topic of discussion.
Now to the topic at hand:
Current setup
1x RB4011iGS+ (Router)
1x CRS326-24G-2S+RM (Switch 24 port)
1x HP ProCurve 24 Port switch
1x Netgear ProSafe 24 Port switch
1x cAP AP and 3 Ubiquiti AP’s
3x ESXi hosts (1x Dell R910 / 2x R620)
2x SAN’s (1x Dell R330 and 1x Supermicro home build)
1x 1U APC Battery Backup Unit
I have multiple VLAN’s
10 - Management
11 - Client (DHCP)
12 - Guest (DHCP)
13 - Eoip over VPN (not setup by me so I don’t have a clue how to manage it)
15 - Storage (ESXi hosts → SANs for iSCSI)
16 - Family (Kids network using different DNS hosts etc. and is more restricted)
17 - IoT devices
20 - Voice for PBX phones
I could keep going on the entire setup but I think that gives enough background to begin this conversation.
I am adding a second CRS326-24G-2S+RM and removing the HP ProCurve. I am taking the Netgear switch and putting it where the ProCurve is (second floor of the house).
I installed the second switch and plugged in a 10G DAC cable, seems to be functioning correctly as I am seeing movement on the interface on Switch #1. I tried duplicating the setup from Switch #1 to Switch #2 but lost connectivity after setting the “bridge1” bridge the same as Switch #1. I wasn’t sure what would happen if I did that but lost complete and total connectivity resulting in a reset.
Bridge1 setting that resulted in total connectivity loss:
Confirmation of traffic and bridge1 interface snippet:
I have read that you can basically add the second switch and leverage the existing setup on the first switch but I don’t see any information on how that is done. I imagine an export of my config is required so decided to post here but wanted to see if anyone has any links or information they can share to help me out and before I post the config (sanitized).
Before you enable VLAN filtering on bridge, you have to set up the rest of VLAN settings:
VLANs on trunk port (connecting towards core of network)
vlan interface for management
set IP address on vlan interface for management
And only then enable VLAN filtering.
Could be that MAC connectivity remains working after you (prematurely) enable VLAN filtering, try to connect to switch using winbox - if winbox shows switch, then click its MAC address.
Step 1 - take a port of the bridge to use for configuration purposes give it an IP address liek 192.168.55.1/24 and add it to a management interface list, give your laptop an iPV4 address such as 192.168.55.5 and you are in. That way smooth sailing during bridge and vlan changes!! https://forum.mikrotik.com/viewtopic.php?t=181718
One bridge ( and no dhcp or anything else for bridge )
VLANs Use separate management vlan to tie all smart devices downstream with an IP address on this VLAN
(neighbours discovery etc. )
Yeah I did all of that before enabling filtering and I also was connected to the MAC instead of the IP. Even then I was still unable to connect after enabling filtering.
Why the LAG construct??? I dont know what is the correct way to approach bridge and vlans.???
Why not just push the vlans on a single trunk port to a switch…
In any case these /interface bridge vlan entries dont do anything… add bridge=bridge1 comment=“VLAN 16 - FAMILY” vlan-ids=16
add bridge=bridge1 comment=“VLAN 15 - STORAGE” vlan-ids=15
If you recall in the OP, I did not set this up. You seem very aggressive in your comments as well. I would appreciate some direction, more of a step by step “this is how you accomplish what you are looking to do” approach rather than to take stabs at a config I did not setup.
I need working VLAN’s and the second switch setup to work like the first. If making changes to get that done is what I need to do, then do be it but like I said, I need step by step. I am no network guru, I am here for help. Thank you.
Also, to comment on those not doing anything. Yes I added those a couple of days ago trying to get a Ubiquiti switch connected which I ended up sending back and buying this second Mikrotik switch instead. I WAS going to replace all of my Mikrotik switches with Ubiquiti switches but decided against it due to the lack of features on Ubiquiti. Anyways, totally different topic. All I want to do is get this all working with my router and 2 switches where it makes the most sense configuration wise. Need my VLAN’s working and wanted to add LAG’s for my 3 vCenter hosts and 2 SAN’s.
As stated I would modify the config to a more standard vlan setup until I was comfortable how LAGs and vlans worked and then that would be stage 2.
YOu have big learning curve and no one here is going to spoon feed the answers so you will have to learn.
If willing then help will be here.
The first thing you should post is a decent network diagram to provide the context!!!
Most homeowners dont have half the stuff you have, 2 port LAG though is common with NAS stuff.
Do you know what the EOIP is for ?
In Summary, adding a switch to a network you dont have a clue about is the wrong course of action.
Thats down the line for now.
I 100% appreciate your stance on the overall topic. I do have a general understanding on networking and VLAN’s its more of the how does RouterOS do it the right way. (I will do some reading but would like to have a dummies summary instead of an in-depth read, regardless I will look it over - thank you).
Second, I already have the sw02 in place and plugged in. I was able to get it on the network last night talking over VLAN10 (MGMT) but nothing else works at the moment. I do believe I am at the stage where I need to tick that box on the bridge to enable vlan filtering but didn’t want to do it just yet in fear of loosing communication again. I will use Safe Mode but still and hesitant at the moment. I believe the EOIP was setup as a test by my buddy to see if I was able to obtain IP’s from a DHCP network in a remote DC which is connected over VPN. It works but I have no use for it besides maybe as a backup/recovery method if something goes wrong with one of the VM’s that I am backing up from that DC to my home lab. Could be useful in that scenario. LAG’s I understand, not overly complicated to setup and not 100% necessary since 1G is 1G. I eventually will be upgrading to 10G. I think my mindset of what a LAG does and what it actually does in a vCenter/VMware environment isn’t what I initially thought. As for the NAS it would have a better application over VMWare.
Thanks for the response, I will keep posting and updating as I think of more and learn more.
Understood especially the trepidation about engaging vlan-filtering=yes.
My work around is to avoid configuring from the bridge.
Take an empty port assign it an IP address ONLY, 192.68.55.1/24 network 192.168.55.0 interface=etherX
Ensure you add ether5 to the appropriate interface list and/or rule on input chain to ensure it has “admin access”
Then easy peasy, connect laptop to etherX put in for example 192.168.55.5 as ipv4 setting on the nic card settings and you will be
able to config the router but safely off the bridge. STILL USE SAFE MODE for all changes.
(Safe mode: invoke, make changes, wait 15 seconds, if no hiccups, un-select to make changes permanent and re-select for next set of changes)
