Hi All,

I have a bit of a problem with setting up management on the CRS switches on a network I'm taking over.

The setup:

Single CRS328 connecting to RB2011 (port 1 on CRS, ether2 on RB2011)
RB2011 acting as gateway for all VLAN's and breakout router
VLAN 100 : Data VLAN (Untagged)
VLAN 48 : Voice VLAN (tagged)

Now if I create a new VLAN for management and tag it back to the switch, let's call it VLAN99, and assign an IP on that as per the documentation, that all works fine.
The customer branches have been running with HP and Cisco switches until now. The IP on those switches on VLAN100 was used for management. Due to the fact that backups and monitoring are configured to point to that IP, they are not open to a new range on VLAN99 per branch due to the effort of reconfiguring backups and monitoring.

Is there a way that I can put an IP on VLAN100? And manage the switch like that? Config (important bits) below.

RB2011:

[rudi@xx-RB2011] > ip add print
Flags: X - disabled, I - invalid, D - dynamic

ADDRESS NETWORK INTERFACE

2 192.168.159.1/24 192.168.159.0 vlan100
5 10.168.159.1/24 10.168.159.0 vlan99_switch_mgmt

CRS328:

/interface bridge
add name=bridge1 vlan-filtering=yes
/interface vlan
add interface=bridge1 name=MGMT vlan-id=99
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether2 pvid=100
add bridge=bridge1 interface=ether3 pvid=100
add bridge=bridge1 interface=ether4 pvid=100
add bridge=bridge1 interface=ether5 pvid=100
add bridge=bridge1 interface=ether6 pvid=100
add bridge=bridge1 interface=ether7 pvid=100
add bridge=bridge1 interface=ether8 pvid=100
add bridge=bridge1 interface=ether9 pvid=100
add bridge=bridge1 interface=ether10 pvid=100
add bridge=bridge1 interface=ether11 pvid=100
add bridge=bridge1 interface=ether12 pvid=100
add bridge=bridge1 interface=ether13 pvid=100
add bridge=bridge1 interface=ether14 pvid=100
add bridge=bridge1 interface=ether15 pvid=100
add bridge=bridge1 interface=ether16 pvid=100
add bridge=bridge1 interface=ether17 pvid=100
add bridge=bridge1 interface=ether18 pvid=100
add bridge=bridge1 interface=ether19 pvid=100
add bridge=bridge1 interface=ether20 pvid=100
add bridge=bridge1 interface=ether21 pvid=100
add bridge=bridge1 interface=ether22 pvid=100
add bridge=bridge1 interface=ether23 pvid=100
add bridge=bridge1 interface=ether24 pvid=100
/interface bridge vlan
add bridge=bridge1 tagged=bridge1,ether1 vlan-ids=99
add bridge=bridge1 tagged=
ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,ether11,ether12,ether13,ether14,ether15,ether16,ether17,ether18,ether19,ether20,ether21,ether22,ether23,ether24
vlan-ids=48
add bridge=bridge1 tagged=ether1 untagged=
ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,ether11,ether12,ether13,ether14,ether15,ether16,ether17,ether18,ether19,ether20,ether21,ether22,ether23,ether24 vlan-ids=100
/ip address
add address=10.168.159.250/24 interface=MGMT network=10.168.159.0
/ip route
add distance=1 gateway=10.168.159.1

Thanks in advance,

Hi

Have you considered dst-nat for the ip in question?

Put ip(s) on the routers interface (so multi-homed, simplest solution here) and dst-nat any traffic to these ip’s to new target ip’s on vlan99.

Do you know what, I haven’t considered it but it’s a brilliant idea. If I don’t find a way to set an IP for management on the data VLAN, I’m going to go down this route.

Update:

/u/zeyore from /r/mikrotik solved this for me. The solution was actually very simple. He said.

"Yes.

Add bridge1 as a tagged interface for vlan100, then create a vlan in /interface vlan that uses vlanid100 and interface=bridge1
Then assign an ip address to that vlan you created

Looks kind of like this

/interface bridge vlan add tagged=bridge1,etc,etc vlan-ids=100 bridge=bridge1
/interface vlan add name=blah vlan-id=100 interface=bridge1
/ip address add address=blah interface=bridge1
"

Thanks

Good for you. I had a different understanding of your request.