I want to use my CRS125-24G-15-RM as a plain flat L2 switch w/o any routing and/or firewalling features with the SFP1 port as uplink to my router/cable modem and the 24 eth ports as L2 switch ports. How can I achieve this?
My first idea was to:
Define eth1 as Master
Make eth2-24 Slave to eth1
Create a Bridge between sfp1 and eth1
Remove all L3 features (IP Addresses, DHCP,…)
However, I’m afraid by doing this I will loose my connection with the device, so it might be needed to have one port “reserved” for maintenance (make it a separate master) and have e.g. 192.168.88.1 assigned to it.
Furthermore I suspect the above config will have all traffic going to/from the router (via sfp1) processed by the CPU as it is bridged with eth1, which may be suboptimal as far as throughput is concerned…
So it might be better not to create a Bridge between sfp1 and eth1, use eth1 as the uplink to my router/cable modem and use sfp1 as a maintenance port (with 192.168.88.1 assigned to it).
Indeed, that worked just fine! This way I was able to strip the Cloud Switch to the bare essential. I removed:
IP Adresses
DHCP Client and server settings
ALL Firewall filters
ALL NAT settings
Pools
whatever I forgot…
And just kept one Master port (ether1) en made all other ethernet ports (ether2 torough ether24) slave to ether1 and it works great as a plane and simple L2 switch with sfp1 bridged to ether1 (but not used for the time being <= I don’t have a sfp module at this time)
Just assign a IP to the master port (static or DHCP). Assuming you want to setup a separate mgmt VLAN you could create a VLAN interface with the appropriate VLAN ID on the master port as well. If you want to keep the switch from forwarding L3 traffic turn off IP forwarding under the IP->Settings menu.
Why the bridge between the SFP port and eth1? Can it not just be a slave like the other ports?
In CRS125 just make SFP1 slave of whichever master-port you had defined and all switching will be done in the switch-chip without using the CPU. Don’t use bridge.
We all need to learn that CRS must be setup in a different way than the previous routerboards: it has a powerfull switch chip which can do lots of things without using the RB’s CPU. Indeed, I like to think that they are a switch plus an independent, single port, routerOS device connected to a special port called switch1-cpu, all in a single box.
Thanks for the suggestions! I don’t need a separate mgmt VLAN in my very simple home network setup, I just need to be able to access the switch and this seems to be perfectly possible using the MAC address of the port I connect to.
I’ll check the IP forwarding setting later, but I think I stripped mest of the L3 features/services already
I assumed the SFP1 port was not connected to the switch chip as is the case for many of the older Mikrotik models (where you have to bridge them), but if that’s not correct (as it seems from the various replies I received thus far) I’ll make it a slave to ether1 (or make the SFP1 master and all ether ports slave). I checked the block diagram and this seems to be correct.
Thank you all for helping me out! I’m becoming a true Mikrotik believer!
Personally I would still set a IP address on the master port for managing. Its much more reliable to use IP management over MAC address based management I have found.
