Hi there

I have a lot of experience with Juniper, Cisco and Dell and some with SwOS and SwOS Lite.
I have a newly purchased CRS310-1G-5S-4S+ that I intend on using as a switch. There’s no SwOS release for it so I’ll have to use RouterOS which is fine. With SwOS I know how to attach an in-band management IP so that I can manage the switch.
I did it the way that I know (on other vendors) but it’s not working for me. I created a VLAN interface vlan30 attached to bridge with VLAN ID 30. Then I went to Addresses and created an IP on interface vlan30.
After this I added some VLAN config in the bridge so that VLAN30 was tagged on the uplink port to the rest of my network. I cannot ping or reach the IP on vlan30 from another host in the same subnet.
Is there a firewall rule or something else that I need to add or am I doing this wrong?

Thanks in advance!

Can you show your config?

Did you enable VLAN filtering on the bridge?

/interface/bridge/ set vlan-filtering=yes 0

Thanks for the pointer, I didn’t enable filtering as I thought that it was for filtering only, not to allow it. It didn’t seem to help after I added it now though.
Here’s my config.
/interface bridge
add admin-mac=48:A9:8A:xx:xx:xx auto-mac=no comment=defconf name=bridge vlan-filtering=yes
/interface ethernet
set [ find default-name=sfp4 ] auto-negotiation=no
set [ find default-name=sfp5 ] auto-negotiation=no
/interface vlan
add comment=Mgmt interface=bridge name=vlan30 vlan-id=30
/port
set 0 name=serial0
/interface bridge port
add bridge=bridge comment=defconf interface=ether1
add bridge=bridge comment=defconf interface=sfp-sfpplus1
add bridge=bridge comment=defconf interface=sfp-sfpplus2
add bridge=bridge comment=defconf interface=sfp-sfpplus3
add bridge=bridge comment=defconf interface=sfp-sfpplus4
add bridge=bridge comment=defconf interface=sfp1
add bridge=bridge comment=defconf interface=sfp2
add bridge=bridge comment=defconf interface=sfp3
add bridge=bridge comment=defconf interface=sfp4
add bridge=bridge comment=defconf interface=sfp5
/interface bridge vlan
add bridge=bridge comment=LAN tagged=sfp5,sfp-sfpplus4,sfp-sfpplus3 untagged=sfp4 vlan-ids=30
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0
add address=192.168.1.5/24 comment=Mgmt interface=vlan30 network=192.168.1.0

Tag the bridge with VLAN30 too:

/interface bridge vlan
add bridge=bridge comment=LAN tagged=bridge,sfp5,sfp-sfpplus4,sfp-sfpplus3 untagged=sfp4 vlan-ids=30

Thanks but it didn't help.
I tried with a trunk port in sfp5 and an access port in sfp4.
[admin@MikroTik] /interface/bridge/vlan> print
Flags: D - DYNAMIC
Columns: BRIDGE, VLAN-IDS, CURRENT-TAGGED, CURRENT-UNTAGGED

BRIDGE VLAN-IDS CURRENT-TAGGED CURRENT-UNTAGGED

;;; LAN
0 bridge 30 bridge
sfp5
1 D bridge 1 bridge
ether1
sfp5

[admin@MikroTik] /interface/bridge/vlan> print
Flags: D - DYNAMIC
Columns: BRIDGE, VLAN-IDS, CURRENT-TAGGED, CURRENT-UNTAGGED

BRIDGE VLAN-IDS CURRENT-TAGGED CURRENT-UNTAGGED

;;; LAN
0 bridge 30 bridge sfp4
1 D bridge 1 bridge
ether1
sfp4

After some fiddling around I think I've fixed it. Not sure if this is the right way to do it but I can reach the switch from my computer via a VLAN tagged interface on vlan 30.
I changed the IP assigned to the bridge to match the IP on vlan30. Then I deleted the default IP on the bridge (192.168.88.1) and it continues to work so it looks like the device doesn't like having both IP's configured.
[admin@MikroTik] /ip/address> print
Columns: ADDRESS, NETWORK, INTERFACE

ADDRESS NETWORK INTERFACE

0 192.168.1.5/24 192.168.1.0 vlan30

Can you post your complete config?

This is the current config that I can reach the router via vlan30.

[admin@MikroTik] > export compact

2023-07-22 19:51:10 by RouterOS 7.10.2

software id = 4PS8-WQH0

model = CRS310-1G-5S-4S+

serial number = HE108xxxxxx

/interface bridge
add admin-mac=48:A9:8A:xx:xx:xx auto-mac=no comment=defconf ingress-filtering=no name=bridge priority=0x4000 vlan-filtering=yes
/interface ethernet
set [ find default-name=sfp4 ] auto-negotiation=no
set [ find default-name=sfp5 ] auto-negotiation=no
/interface vlan
add comment=Mgmt interface=bridge name=vlan30 vlan-id=30
/interface ethernet switch
set 0 l3-hw-offloading=yes
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/port
set 0 name=serial0
/interface bridge port
add bridge=bridge comment=defconf interface=ether1
add bridge=bridge comment=defconf interface=sfp-sfpplus1
add bridge=bridge comment=defconf interface=sfp-sfpplus2
add bridge=bridge comment=defconf interface=sfp-sfpplus3
add bridge=bridge comment=defconf frame-types=admit-only-vlan-tagged interface=sfp-sfpplus4
add bridge=bridge comment=defconf interface=sfp1
add bridge=bridge comment=defconf interface=sfp2
add bridge=bridge comment=defconf interface=sfp3
add bridge=bridge comment=defconf interface=sfp4
add bridge=bridge comment=defconf frame-types=admit-only-vlan-tagged interface=sfp5
/interface bridge settings
set use-ip-firewall-for-vlan=yes
/interface bridge vlan
add bridge=bridge comment=LAN tagged=sfp5,sfp-sfpplus4,sfp-sfpplus3,bridge untagged=sfp4 vlan-ids=30
add bridge=bridge tagged=bridge,sfp-sfpplus4,sfp-sfpplus3,sfp5 untagged=sfp1 vlan-ids=40
add bridge=bridge tagged=bridge,sfp5,sfp-sfpplus4,sfp-sfpplus3 vlan-ids=60
add bridge=bridge tagged=bridge,sfp5,sfp-sfpplus4,sfp-sfpplus3 vlan-ids=10
add bridge=bridge tagged=bridge,sfp5,sfp-sfpplus4,sfp-sfpplus3 vlan-ids=50
/ip address
add address=192.168.1.5/24 interface=vlan30 network=192.168.1.0
/ip dns
set servers=192.168.1.1
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp client servers
add address=192.168.1.1
/system routerboard settings
set boot-os=router-os enter-setup-on=delete-key

Take a look at this

Management access configuration

https://help.mikrotik.com/docs/display/ROS/Bridging+and+Switching#BridgingandSwitching-Managementaccessconfiguration

Thank you, that’s the instructions I was looking for.
It looks like I did the same in a round-about way so at least I was on the right track