Need help with Creating VLAN's without master port

phantom213 · March 1, 2018, 11:39pm

Hello guys,

I’m begginer in “mikrotik world” and I need little help with VLAN’s please.
I have two mikrotik CRS125-24G-1S-RM switches. One will act as router and one will act as L2 Switch. I need it like this just for example.

So let’s say for example we have 4 vlans.

Servers – vlan 10
Clients – vlan 20
Wireless – vlan 30
Management – vlan 40

The interfaces are used as follow:

ether01 – Uplink / trunk
ether02 – trunk (vlan 10, vlan 30, vlan 40) (i.e. ESXi)
ether03 – access port vlan 10 (i.e. NAS)
ether04 – access port vlan 20 (i.e. Desktop)

How can I config this vlans without “bridging method” and without master port (anyways there is no master port in new RouterOS)?
here is topology for example.

I found lot of tutorial where everyone using bridging, but it loads CPU (anyways maybe there is another way to do vlans without this method).
So I need it like “classic VLANS” in cisco switches. Can someone show configuration examples to how I must accomplish this test project please?

sebastia · March 2, 2018, 9:07pm

In a switch one needs the functionality of frame forwarding between ports within switch fabric. That functionality is fulfilled by bridge (with hardware support from 6.41) and by switch master / slave port (pre 6.41).

If these aren’t used, one ends up with all individual ports.
block diagram: https://i.mt.lv/routerboard/files/CRS125-24G-1S-160620160514.png
=> notice the connection from switch to CPU = 1gb/s

For config examples: https://wiki.mikrotik.com/wiki/Manual:CRS_examples

phantom213 · March 2, 2018, 9:37pm

As you can see, if I’m not mistaken, all config in this examples depends on "master port " and in new RouterOS its not used anymore.

CZFan · March 3, 2018, 10:55am

https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge

I think, according to your diagram, all you have to do on router is:

Remove ether1 from bridge,
create vlan’s in /interface vlan and assign them to either1,
assign the necessary IP’s to the vlan’s,
then either1 is a trunk port with these vlan’s and apply routing / firewall rules using the vlan’s

mkx · March 3, 2018, 2:24pm

All examples in the document, linked by @sebastia, have two parts, first for older ROS versions and the second part is for recent ROS versions. As you obviously have ROS 6.41 (or later) installed on your CRSes, you need to apply something similar to the second part. They don’t mention master port there.

I might add: in ROS >=6.41 you configure things in two places: 1) under /inteface ethernet switch and 2) /interface bridge. It is slightly confusing, but you can have disjoint settings between the two. Settings at 1) are applied to HW switch directly … if you only need CRS as switch, then you might do settings only there … but beware, if you don’t configure at least bare minimum under 2) as well, you may loose management access to your RB and even WinBoxin mac mode can not help you then. If you need any of L3 functionality, then you need appropriate settings at 2) as well.
You can do something in between: if you have some VLANs, that don’t need any connectivity outside or that connectivity is provided by some other device(s), then you only define appropriate VLANs on needed physical interfaces in 1) and you don’t have to do any setup regarding those VLANs and physical interfaces in 2).