Hybrid Ports

RouterOS Beginner Basics
1

Hello

I’m trying to configure hybrid ports on my CRS125

I have firewall connected to ether1, that fw send trunk vlans 5 (data) & 101 (management).
I need to set ehter2 to send tagged vlan 5 and untagged vlan 101, additional set ether 24 to be only untagged 101.

So starting with manual i get to work, and nothing works as it should be. when i removed bridge config that manual say i need that, my firewall start to see CRS125 and vice versa, but nothing on ether 2 and 24 is working, while when i write my config along with manual, nothing works :wink:
when i put hp,cisco,huawei switch everything works fine but not with mikrotik, Can you tell me what i’m doing wrong ?


Code without manual bridge setup:

/interface vlan
add interface=ether1 name=vlan5 vlan-id=5
add interface=ether1 name=vlan101 vlan-id=101

/interface ethernet switch egress-vlan-tag
add tagged-ports=ether1,ether2 vlan-id=5
add tagged-ports=ether1 vlan-id=101

/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=101 ports=ether2
add customer-vid=0 new-customer-vid=101 ports=ether24

/interface ethernet switch vlan
add ports=ether1,ether2,ether24 vlan-id=101
add ports=ether1,ether2 vlan-id=5

/ip address
add address=10.100.0.9/24 interface=vlan101 network=10.100.0.0

2

There will be no communication between ports without /interface bridge and /interface bridge port configuration.

Confusingly, depending on which type of Mikrotik you have, hardware switching with VLANs is implemented differently. For the CRS1xx/2xx devices you need a non-VLAN-aware bridge plus ethernet switch configuration. The basic setup is https://wiki.mikrotik.com/wiki/Manual:CRS1xx/2xx_series_switches_examples#Example_2_.28Trunk_and_Hybrid_ports.29 plus management access https://wiki.mikrotik.com/wiki/Manual:CRS1xx/2xx_series_switches_examples#Tagged

The examples expect no initial configuration on the device, so use the examples as a guideline on what to change. The command-line syntax is unlike HP & Cisco so Winbox may be easier to use, and you can connect via MAC address rather than IP address to a port you are not including in the configuration changes so you do not cut yourself off.

3

Ok, i got it, my error was in managment/bridge config, now it works fine. Thx for help.