Hello! As background, I have 10+ years and advanced certs from Cisco/Brocade/Juniper. For whatever reason, I’m having a very hard time understanding how to accomplish even very simple things with this CRS125-24G.
I’ve got a home lab with a Synology iSCSI/NAS box, plus a couple of micro PCs running ESXi. Each server has a management interface and an ‘iSCSI’ interface. My home wireless network is backed by a UBNT USG and an AC-PRO WAP. I currently have two SSIDs, one for my use, and a ‘guest’ SSID on a different VLAN. In the current setup (w/ a Cisco switch), I have 3 VLANs in total, home/management, iSCSI, and guest. Rough diagram attached. I’d like USG to handle all of the inter-VLAN routing.
I tried to create a bridge, add individual VLAN interfaces into that bridge, assign IPs to the VLAN interfaces, and then attach my laptop to a port on the switch configured as an ‘access’ port, only to find that I could not ping the VLAN IPs. I’m essentially asking for a single port to be (in Cisco speak) ‘switchport mode trunk, switchport trunk allowed vlan 10,20,30’, with other ports being set to access mode for 10,20,30. The first link is what I’d followed, only it doesn’t use bridges. NetworkLayout.txt (933 Bytes)
This is a non researched answer, and I’ve never used a MikroTik switch device.
It seems to me that you don’t want your vlan interfaces’ parent to be the bridge. Make the parent the ethernet port, and if you need to bridge ports together, put the ethernet ports into a bridge.
I’ve not tried this, no. Might help if I could understand what the difference is between setting a ‘Master Port’ and using a ‘Bridge’ interface, specifically as it applies to RouterOS. Found http://wiki.mikrotik.com/wiki/Manual:CRS_features#Port_Switching, which states
The “master-port” will be the port through which the RouterOS will communicate to all ports in the group. Interfaces which have the “master-port” specified become isolated - no traffic can be received and no traffic can be sent out directly from RouterOS.
Conceptually, is this not the same as a bridge? Is the takeaway from that statement that the physical interface itself forwards the traffic, as opposed to the OS?
Would definitely love a good description of the difference between a master port, and a bridge, and maybe an example of how I’d use either in context of .1Q and layer 3 routing.
Yeah, I never really got the concept of the master port. I’m not sure why it is needed. Maybe to help noobs understand what’s going on a bit better?
In my case I’m using “bonding” with LACP (aka channel-group xx mode active under a po interface). To accomplish this you set the bonded ports with master-port=“none”. This is only an illustration of the need to free ports from this “master port” concept.
Pretty sure you could do this with all your ports and then add them to whatever bridge you want.
Another thing to consider in this case is in Cisco, once you set a port to a vlan, there is an implied bridge between all vlan ports. In MikroTik, vlan means you’re just tagging frames leaving that port. It’s not connected to any other port until you bridge it. I think this is sort of how Juniper works, my Juniper skills are not so good yet.
I have a config that works, figured I’d share. Still unclear about ‘Master Port’ versus ‘Bridge’, but seems there’s clearly a distinction between use cases of each. Will have to play around with this a bit more at some point.
dec/21/2016 12:41:12 by RouterOS 6.37.3
software id = 4WMX-3Q00
/interface ethernet
set [ find default-name=ether2 ] master-port=ether1
set [ find default-name=ether3 ] master-port=ether1
set [ find default-name=ether4 ] master-port=ether1
set [ find default-name=ether5 ] master-port=ether1
set [ find default-name=ether6 ] master-port=ether1
set [ find default-name=ether7 ] master-port=ether1
set [ find default-name=ether8 ] master-port=ether1
set [ find default-name=ether9 ] master-port=ether1
set [ find default-name=ether10 ] master-port=ether1
set [ find default-name=ether11 ] master-port=ether1
set [ find default-name=ether12 ] master-port=ether1
set [ find default-name=ether13 ] master-port=ether1
set [ find default-name=ether14 ] master-port=ether1
set [ find default-name=ether15 ] master-port=ether1
set [ find default-name=ether16 ] master-port=ether1
set [ find default-name=ether17 ] master-port=ether1
set [ find default-name=ether18 ] master-port=ether1
set [ find default-name=ether19 ] master-port=ether1
set [ find default-name=ether20 ] master-port=ether1
set [ find default-name=ether21 ] master-port=ether1
set [ find default-name=ether22 ] master-port=ether1
set [ find default-name=ether23 ] master-port=ether1 mtu=1588
set [ find default-name=ether24 ] master-port=ether1 mtu=1588
/interface vlan
add interface=ether1 name=vlan52 vlan-id=52
add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan60 vlan-id=60
/interface ethernet switch egress-vlan-tag
add tagged-ports=ether1,switch1-cpu vlan-id=52
add tagged-ports=ether1,ether2,switch1-cpu vlan-id=60
/interface ethernet switch ingress-vlan-translation
add new-customer-vid=52 ports=ether17
add new-customer-vid=52 ports=ether18
add new-customer-vid=52 ports=ether19
add new-customer-vid=52 ports=ether20
add new-customer-vid=52 ports=ether21
add new-customer-vid=52 ports=ether22
add new-customer-vid=52 ports=ether23
add new-customer-vid=52 ports=ether24
/ip address
add address=192.168.52.254/24 interface=vlan52 network=192.168.52.0
add address=192.168.60.254/24 interface=vlan60 network=192.168.60.0
add address=192.168.50.254/24 interface=ether1 network=192.168.50.0
/ip route
add distance=1 gateway=192.168.50.1
I’d guess hardware would be more efficient, and software slower (maybe?)?
I’m struggling with tribal/anecdotal information and Mikrotik products. From a layer 2 perspective, should that information be somehow depicted in this lifecycle diagram? http://wiki.mikrotik.com/wiki/Manual:Packet_Flow_v6