this is my first post in this forum. Also I’m new to MT too.
Please excuse my horrible english skills.
I need help to configure a “CRS326-24G-2S+” with V-Lan.
The CRS326 should communicate over sfp2 wit an “Unifi Aggregation Switch Pro” on Port 19.
I would like to create 3 V-Lan on those ports:
V-Lan-ID 10 > 192.168.100.XXX > Port 17 - 22 > Untagged
V-Lan-ID 30 > 192.168.095.XXX > Port 09 - 16 > Untagged
V-Lan-ID 50 > 192.168.050.XXX > Port 01 - 08 > Untagged
sfp1: BACKUP Uplink to “Unifi” (Cold-Standby)
sfp2: Uplink to “Unifi”
The MT needs no static IP, because it’s a test switch laying on my benchdesk.
If a device get connected on port 01 - 22 it should get an ip-adress via dhcp.
Informations:
The MT is powered by RouterOS 6.49.7
On the Unifi Port19 is configured as Uplink. The same configuration as on port19, connects various servers and HPE Aruba 1930 switches, with the same V-Lan ID’s with the usw-pro-aggregation.
They work all. So it can only be the configuration on the CRS326.
In which way exactly does things break for you? If your management access breaks … then it’s because you’re setting BR1_interface_ as tagged member of “default” VLAN (VID = 1) while corresponding (untagged) interface doesn’t exist (and even winbox can’t talk to ROS without appropriate untagged interface). You can get a suitable interface by running
Or you can leave BR1 port untagged (by not adding it as tagged member of VID 1 … setting of pvid=1 on all bridge ports, including BR1, is implicit default). More on various bridge personalities.
The configuration commands from attached file seem fine. Now please also post exact configuration after the commands are applied … execute /export file=anynameyouwish, fetch file to admin computer, obfuscate any sensitive data (using any text editor) and copy-paste contents here.
thanks for your fast reply. After applying my configuration i can access the switch via winbox on port 23 and 24 (not configured). That’s not the problem. The problem I’ve, is that my notebook or any device connected to an access port on the switch, gets no ip. But it should get an ip via dhcp within the v-lan ip-range from our firewall.
I’ve uploaded the configuration of the switch after applying the commands from my attechment “crs326-configuration”. crs326-running -config.txt (2.91 KB)
Well, the posted export shows only config for ether ports, the rest is missing:
none config for trunk ports sfp1 and sfp2
I’m not sure why adding sfp1 and sfp2 ports to bridge fails, but most probably because their names are sfp-sfpplus1 and sfp-sfpplus2. You have to verify what are exact names of these two interfaces. Same for commands setting VLAN properties of these two bridge ports.
no config for tagged VLANs
You can’t use “set” constructs if there are not corresponding entries already existing, you have to use “add”. E.g. /interface bridge vlan add bridge=BR1 tagged=sfp-sfpplus1,sfp-sfpplus2 vlan-ids=10 (again, use correct names for these two interfaces). And similarly for VLAN IDs 30 and 50
my consideration about using VLAN 1 tagged remains. Possibly you should not use it tagged at all, not even on “trunk” interfaces towards USW … but that depends on how exactly is USW configured (is it explicitly configured for tagged VLAN 1?).
I’ve updatet my configuration to hopefully match or suggestion(see "crs326-config-1.txt and “crs326-running-config-1.txt”) but still no success.
I’ll try it again and remove the tagg’s for V-Lan “1”. crs326-running-config-1.txt (3.36 KB) CRS326-configuration-1.txt (5.39 KB)
Latest config creates “switch group” of untagged ports ether1-ether8 and sfp+ 1 and 2 tagged with VID 50. Similarly it creates “switch group” of untagged ports ether9-ether16 (plus tagged sfp+ ports) with VID 30 and “switch group” of untagged ports ether17-22 (plus tagged sfp+ ports) with VID 10. Also sfp+ ports seem to be correctly set as tagged members of relevant VLANs (untagged ports are made members of corresponding VLANs automatically due to pvid setting).
Which means that PC, connected to e.g. ether1, should be able to communicate to DHCP server (on USW), handling VLAN 50. If USW is configured correctly (that part of configuration was not mentioned yet).
You can test basic configuration by using two machines with statically configured network settings. Connect them to same “switch group” and see if traffic flows. Then connect them to different “switch groups”, e.g. one to ether1 and the other to ether9 and try again (traffic should not flow unless uplink to USW actually works).
As to VLAN 1 … it really depends what you need to do with it … is it supposed to be used for management access to switch? There’s no other use for it on CRS, only sfp+ ports are members and those are supposed to be used in active-standby configuration so CRS is not supposed to switch traffic between the two.
BTW, you may want to configure sfp+ ports as links of bond. Any bond mode will offer link redundancy (if one link fails, all the traffic will flow via the remaining links), most of them also offer load balance (different modes behave differently in this aspect, depending on particular traffic patterns it may happen that some bond modes won’t do any load balancing). But both link partners (CRS and USW) have to support same bond mode, otherwise the link might fail. CRS can do bonding in hardware but only with certain bond modes.
you were right mkx. Not tagging/ adding V-Lan “1” solve the problem for me. Now everything works just fine.
I don’t now exactly why its working now by not adding vlan “1” but I’m not complaining. Perhaps because vlan “1” is default for MT or it was a redundancy/ collison with the port config of my unfi switch.
Load balancing is a little op for my test-benchdesk.
For everyone who’ve the same or a similar problem, I attached the configuration that worked for me (crs326-working-vlan-config.txt).