I’m hoping someone can point me to a good starting point for my Mikrotik journey. Up until now I’ve only used ASUS consumer products so I’m a bit out of my element. I recently upgraded to 2gig internet service, so I decided to take the plunge and purchased a RB5009UPr+S+IN and CRS310-8G+2S+IN. I’ve had the CRS310-8G+2S+IN a few weeks now and It’s plugged into my ASUS router. I haven’t done much with it except update the routerOS, create a single bridge, and assign all the interfaces to the bridge. Somehow I figured out how to get DHCP configured. It’s working but at a rudimentary level.
Next step is to swap my ASUS router for the RB5009 along and a couple Ubiquiti U7 access points. I already messed up and ordered the RB5009 version with full POE not catching that only one port was 2.5gb and the rest were 1gb. I’ll have to get a couple POE injectors and run the access points off the CRS310 2.5gb ports.
Hardware wise it’s relatively simple:
Fiber ONT 2.5gb–>RB5009 2.5GB~RB5009 SFP–>CRS310 SFP
CRS310 2.5gb ports–>POE injector–>Ubiquiti U7 access points. I also have a few PC’s with 2.5gb NIC and a NAS with SFP that will be plugged into the CRS310.
Is there some kind of guide or Video that can help me put this together? Where to start?
If you want to learn more on how to configure Mikrotik devices I can recommend you youtube channels The network berg, official Mikrotik channel, Mikrotik indonesia etc.
RB5009 comes with default configuration so you are good to go. I can’t remember if SFP+ port is in the bridge or is it configured as WAN port so somebody else should confirm that.
Regarding CRS310 you should export your configuration so we can check if everything is done correctly on that device.
It is part of the bridge, and internet is supposed to be connected to ether1 in the default configuration, a recent thread where the ports were swapped, as reference: Routing internet from SFP to ethernet ports (RB5009UG)
that case is for when the router is directly attached to the fiber, so there is a VLAN on top of the sfp-sfpplus1, but the general ideas are the same, basically:
remove the sfp-sfpplus1 port from bridge
categorize it as WAN
add a dhcp client to it
add (optionally) the ether1 to bridge together with the other ports
EDIT: I've previously mistaken that your ONT is a SFP module. Now that I re-read the first post. I can now see that it appears to simply have a 2.5GbE RJ45 port? If that's the case, then ignore my previous post, and just use the default configuration that comes with the RB5009 instead! No port swap needed. But you should still do the Update - Then - Reset Configuration steps first.
To be ignored - I misread the first post!
As others in this thread has mentioned, the default configuration of the RB5009 comes with ether2-ether8 and sfp-sfpplus1 in the default bridge, while ether1 is standalone and has the DHCP client active on it. If your ISP also uses DHCP and not PPPoE you can proceed like this to make the configuration you want in the opening post working:
First, plug your PC or laptop into ether2 and plug ether1 into the existing ASUS router, as client.
Boot the RB5009, use WinBox to connect to the RB5009 (you can use either IP or MAC address mode).
The QuickSet window will popup, don't change anything for now, but click on "Check For Updates" and upgrade the RB5009 to the latest stable version (7.22.3 at the moment).
Once the router has rebooted after the update, go to QuickSet again and click on the Reset Configuration button. Confirm and reboot the router again.
The router will once again reboot and come back up with the up-to-date default configuration (defconf).
Now close the QuickSet window in WinBox. Open the Terminal and run the command:
/export show-sensitive file=defconf
Go to Files and download this defconf.rsc file to your computer and keep it as a reference.
Go to Bridge -> Ports, select the entry with sfp-sfpplus1 and remove (delete) or disable it (1).
Go to Interfaces -> Interface Lists, double-click the current entry with list WAN and interface ether1. Edit this entry and change the interface from ether1 to sfp-sfpplus1 (2).
Go to IP -> DHCP Client, double-click on the existing entry, and change the interface from ether1 to sfp-sfpplus1 (3).
Now we can add the ether1 port to the bridge, go to Bridge -> Ports again and add a new entry with Bridge set to bridge and interface set to ether1 (4).
That should do it. You can go to the Terminal again, and create a new export of the configuration:
/export show-sensitive file=current
And download current.rsc to your computer. You can use any file compare (diff) program, for example WinMerge if using Windows, to compare defconf.rsc and current.rsc, that's one way of learning RouterOS
Now you can plug your switch to ether1 and the ONT to sfp-sfpplus1.
Equivalent CLI commands for the above:
(1)
/interface bridge port disable [find bridge=bridge interface=sfp-sfpplus1]
(2)
/interface list member set [find list=WAN interface=ether1] interface=sfp-sfpplus1
(3)
/ip dhcp-client set [find interface=ether1] interface=sfp-sfpplus1
(4)
/interface bridge port add bridge=bridge interface=ether1
Once you have familiarized yourself with RouterOS, especially with VLAN, you might consider switching your network to this:
RB5009 ether1->Ubiquiti U7 access point (if there are not enough ports on CRS310)
All ports on the RB5009 are in the single bridge with Bridge VLAN Filtering. The RB5009 will be in router-on-a-stick configuration with a 10G trunk link to the CRS310. sfp-sfpplus1 of the CRS will be an access port of a VLAN (for example VLAN 1000) and this VLAN 1000 will be tagged on the link between CRS310's sfp-sfpplus2 and RB5009's sfp-sfpplus1, among the other tagged VLANs. With this, inter-VLAN routing will not be bottle-necked by the 2.5Gbps ether1 port of the RB5009 and can reach near 10Gbps (aggregated of course, because you only have 2.5Gbps ports to clients) with Fasttrack enabled.
Here is the export from my CRS310-8G+2S+ Hopefully redacted correctly.
sfpplus2 is connected to my Unraid server
Step 1 is to get things up and functional so I can pull the ASUS equipment.
Step 2 would be to be to add some VLAN enhancements. For example: get all the smart home devices segregated from PC's, Servers, and phones.
If sfp-sfpplus2 is already used for your Unraid server then unfortunately there are not enough ports for the "router-on-a-stick" configuration I mentioned above, unless you use a converter for the ONT connection.
Thanks for the information. I do have an Unraid server (work in progress) that has a 10gb SFP card. It's connected to sfpplus2 on the CRS310-8G+2S+ with a DAC cable.
What I would do is
a. connect ONT to 2.5gig port on CRS310, lets say ether1
b. keep connection 10gig to Unraid Server on CRS310 (sfpplus2)
c. Use other 10gig port to RBG5009 (sfpplus1)
Use specific vlan for internet into ether1 assuming ISP uses vlan35 for example.
Vlan then goes out sfp+1 to router. (if no vlan from ISP, then we then simply tag it with vlan35, and the only difference is the ether1 becomes an access port vice trunk port with pvid35 and frametypes of priority and untagged.
Also travelling through the sfp+ port on CRS are all other vlans including the management vlan.
ON router, sfp+ port hosts all the same vlans.
Do the configuration from the offbridge setup detailed below…….. attach laptop to ether8, change ipv4 settings to 192.168.77.2 and with username and password, config the router.
+++++++++++++++++++++
lets say management vlan is vlan10-mgmt with subnet 192.168.50.0/24 ( and .2 assigned to switch)
model = CRS310-8G+2S+
serial number =
/interface ethernet
set [ find default-name=ether8 ] name=OffBridge8 comment=”emergency access and optimal config location avoids getting locked out for any bridge issues”
/interface vlan
add interface=bridge1 name=vlan10-mgmt vlan-id=10 \
comment=”only management vlan needs to be identified”
/interface bridge
add name=bridge1
/interface list
add name=MGMT
/interface bridge port
add bridge=bridge1 frame-types=admit-only-vlan-tagged interface=ether1 \
comment=”trunk to ISP”
add bridge=bridge1 frame-types{as required} interface=ether2 {pvid=if required}
add bridge=bridge1 frame-types{as required} interface=ether3 {pvid=if required}
add bridge=bridge1 frame-types{as required} interface=ether4 {pvid=if required}
add bridge=bridge1 frame-types{as required} interface=ether5 {pvid=if required}
add bridge=bridge1 frame-types{as required} interface=ether6 {pvid=if required}
add bridge=bridge1 frame-types{as required} interface=ether7 {pvid=if required}
add bridge=bridge1 frame-types=admit-only-vlan-tagged interface=sfp-sfpplus1 \
comment=”Trunk to ROUTER”
add bridge=bridge1 frame-types=admit-only-vlan-tagged interface=sfp-sfpplus2 \
comment=”Trunk to UNRAID server”
/ip neighbor discovery-settings
set discover-interface-list=MGMT
/interface detect-internet
set detect-interface-list=none
/interface list member
add interface=OffBridge8 list=MGMT
add interface=vlan10-mgmt list=MGMT
/interface bridge vlan
add bridge=bridge tagged=ether1,sfpplus1 vlan-id=35
add bridge=bridge tagged=bridge,ether1,sfpplus1,??? vlan-id=10 \
comment=”management vlan needs to go to all smart devices”
add bridge=bridge tagged=ether1,sfpplus1 vlan-id=??? \
comment=”add all the vlans required to be passed between router and switch”
/ip dhcp-client
add interface=bridge1 name=client1 DISABLED=YES
/ip address
add address=192.168.50.2/34 interface=vlan10-mgmt network=192.168.50.0
add address=192.168.77.1/30 interface=OffBridge8 network=192.168.77.0
/ip dns
set servers=192.168.50.1
/ip route
add dst-address=0.0.0.0/0 gateway=192.168.50.1
/system clock
set time-zone-name=America/Chicago
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=MGMT
That is a lot of information! Assuming I am an idiot with this stuff (and I am). What does moving the ONT connection from the 2.5gig port of the RB5009 to a 2.5gig port on the CRS310 do for me? Just a more direct pipe from the ONT to the 2.5gig ports (including access points) of the CRS310?
Let's see if we can compare the possible topologies.
Schematically:
Internet -> ONT -> 2.5 Gb ethernet ->RB5009 (ether1) ->10G SFP-PLUS->CRS310 (SFP-PLUS1)
NAS->10G SFP-PLUS->CRS310 (SFP-PLUS2)
Clients connected to other ethernet ports of the RB5009 will have 1 Gb connectivity (7 ports available)
Clients connected to any port of the CRS310 will have up to 2.5 Gb connectivity
No real need for any VLAN (unless it is wanted for other reasons).
vs:
Internet -> ONT -> 2.5 Gb ethernet ->CRS310 (ether1)->10G SFP-PLUS->RB5009 (SFP-PLUS1)
NAS->10G SFP-PLUS->CRS310 (SFP-PLUS2)
Clients connected to RB5009 will have 8 ports, of which 1 2.5 Gb and 7 1 Gb
Clients connected to CRS310 will have 7 ports, all 2.5Gb
BUT you will likely need VLAN(s), AND in this case you should have an offbridge port (ideally on both devices) so you will loose one port on the RB5009 and one on the CRS310.
I cannot see any meaningful differences in speed/bandwidth/performance using the one or the other?
In both topologies one might (I guess it depends on the ISP and on the way it provides the internet) get rid of the ONT and use a fiber SFP-PLUS module "directly".
Oh I just re-read your first post, and it appears that your ONT simply uses a normal RJ45 port and is not a SFP module? If that's the case then ignore my post about the port swapping above. You can just use the default configuration of the RB5009 where the ONT is plugged into ether1 and that port is already configured as WAN port with DHCP client.
And then just connect the RB5009's sfp-sfpplus1 to the CRS310's sfp-sfpplus1 port with the above cleaned up configuration and you are good to go.
The old version of my post above was written for the case where your internet comes with a SFP ONT module and thus spf-sfpplus1 needs to be reconfigured to be the WAN port.
Concur, and I forgot that the 5009 already has one 2.5gig port.
Use the 2.5 gig port on the router for the internet connection and the sfpplus port to the SWITCH and done.
The UNRAID still connects to sfpplus2 on the switch. ( which I think is what jaclaz is recommending ).
The only reason now, I can see to do it the way I recommend ISP to switch, is if you need to use the 2.5gig port on a device that is local to the RB5009, perhaps an AP that is up to 2.5gigs for example.
Otherwise move to this switch setup.
/interface ethernet
set [ find default-name=ether8 ] name=OffBridge8 comment=”emergency access and optimal config location avoids getting locked out for any bridge issues”
/interface vlan
add interface=bridge1 name=vlan10-mgmt vlan-id=10 \
comment=”only management vlan needs to be identified”
/interface bridge
add name=bridge1
/interface list
add name=MGMT
/interface bridge port
add bridge=bridge1 frame-types{as required} interface=ether1 {pvid=if required}
add bridge=bridge1 frame-types{as required} interface=ether2 {pvid=if required}
add bridge=bridge1 frame-types{as required} interface=ether3 {pvid=if required}
add bridge=bridge1 frame-types{as required} interface=ether4 {pvid=if required}
add bridge=bridge1 frame-types{as required} interface=ether5 {pvid=if required}
add bridge=bridge1 frame-types{as required} interface=ether6 {pvid=if required}
add bridge=bridge1 frame-types{as required} interface=ether7 {pvid=if required}
add bridge=bridge1 frame-types=admit-only-vlan-tagged interface=sfp-sfpplus1 \
comment=”Trunk to/fro ROUTER”
add bridge=bridge1 frame-types=admit-only-vlan-tagged interface=sfp-sfpplus2 \
comment=”Trunk to/fro UNRAID server”
/ip neighbor discovery-settings
set discover-interface-list=MGMT
/interface list member
add interface=OffBridge8 list=MGMT
add interface=vlan10-mgmt list=MGMT
/interface bridge vlan
add bridge=bridge tagged=bridge,ether1,sfpplus1,sfpplus2,??? vlan-id=10 \
comment=”management vlan needs to go to all smart devices”
add bridge=bridge tagged=sfpplus1,??? untagged=??? vlan-id=??? \
comment=”add all the vlans required to be passed between router and switch and switch ports”
/ip address
add address=192.168.50.2/24 interface=vlan10-mgmt network=192.168.50.0 { edited }
add address=192.168.77.1/30 interface=OffBridge8 network=192.168.77.0
/ip dns
set servers=192.168.50.1
/ip route
add dst-address=0.0.0.0/0 gateway=192.168.50.1
/system clock
set time-zone-name=America/Chicago
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=MGMT
The ONT has a 10gig capable RJ45 jack. I have 2gig service and probably don't see myself going beyond that.
The two Wi-Fi 7 Ubiquiti AP's I ordered are both multi gig. I made a mistake in my planning and for some reason thought all the ports on the RB5009 were 2.5g POE. I should be able to connect the AP's to the CRS310 as long as I use external POE injector?
It will only be a little more messy with mains power cables and adapter(s) near the switch.
I am assuming that all the stuff (RB5009, CRS310 and NAS) is in the same rack/room/near, so that DACs can be used to interconnect them via the SFP-PLUS cages.
IF not, OP should be aware that "copper" SFP+ are usually a no-no in passively cooled devices (such as the RB5009) and also on the CRS310 its single fan may be noisy or actually simply not enough with both SFP+ cages populated.
If this is not the case and DAC's cannot be used, it is advised to use fiber and not copper modules.
Perfect! That is what I did. I picked up the Ubiquiti 10G PoE++ Adapter (60W) for the U7 Pro XG access point and the smaller Ubiquiti 2.5G PoE+ Adapter (30W) for the U7 Pro Wall access point.
