Newbie CRS226-24G-2S+IN Setup

Hello,
I have experience in networking but am not an active Network Engineer. I really like the specs of the Routerboard CRS226-24G-2S+IN and purchased on for our church as a basic switch. I would like to setup a VLAN but not much other management.

I’m having troubles finding a setup guide for the CRS226-24G-2S+IN for basic switch use. I find the RouterOS Wiki and etc, but I think it is overkill for a basic setup. My questions:

1. Will this just operate as a switch out of the box?
2. Can anyone point me to a good setup guide that has a little more step by step instructions?

Thanks!

It will work as a basic switch out of the box with all vlans being available on all ports, just the way they come in.

If you’re just using it as a switch with no routing then just concentrate mainly on the port based vlan section of the CRS example. If you’re using as a gateway as well, then you’ll need to make all vlans available to the CPU and assign IP’s to vlan interfaces setup on the switch master-port. Basically management ip setup.

Either way each deployment is different and the switch if very customizable, so a simpler example may be hard to find.

http://wiki.mikrotik.com/wiki/Manual:CRS_examples

Mikrotik docs on CRS series is a terable

Maybe my config help to you little.

/interface ethernet switch
set drop-if-invalid-or-src-port-not-member-of-vlan-on-ports="SFP-10G,ether1-QRT2,ether2,ether3,ether4,ether5,ether6-34410A,ether7-MyPC,ether8-MyPC,ether9,ether10-Akip,ether11,ether12,ether13,ether14-R7000,ether15,ether16,ether17,ether18-sosedi146,ether19,ether20,ether21-MaxiSRV,ether22,ether23-MySRV,ether24-MySRV,sfp-sfpplus1,switch1-cpu"

Drop all packet who not in VLAN on all ports.

/interface ethernet switch trunk
add member-ports=ether7-MyPC,ether8-MyPC name=MyPC-trunk
add member-ports=ether24-MySRV,ether23-MySRV name=MySRV-trunk

Add ports to SLA (Static Link Aggregation)

/interface ethernet switch egress-vlan-tag
add tagged-ports=SFP-10G vlan-id=3
add tagged-ports=ether1-QRT2,SFP-10G vlan-id=2

Accept tagged packets VLAN 3 from SFP-10G port
Accept tagged packets VLAN 2 from ether1-QRT2 and SFP-10G port

/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=3 ports=ether21-MaxiSRV sa-learning=yes
add customer-vid=0 new-customer-vid=2 ports=ether18-sosedi146 sa-learning=yes

Convert untagged packets from ether21-MaxiSRV port to tagged VLAN 3
Convert untagged packets from ether18-sosedi146 port to tagged VLAN 2

/interface ethernet switch port
set 0 action-on-static-station-move=drop drop-dynamic-mac-move=yes dscp-based-qos-dscp-to-dscp-mapping=no learn-limit=100 learn-override=yes
set 1 action-on-static-station-move=drop drop-dynamic-mac-move=yes dscp-based-qos-dscp-to-dscp-mapping=no learn-limit=10 learn-override=yes
set 2 action-on-static-station-move=drop drop-dynamic-mac-move=yes dscp-based-qos-dscp-to-dscp-mapping=no learn-limit=10 learn-override=yes
set 3 action-on-static-station-move=drop drop-dynamic-mac-move=yes dscp-based-qos-dscp-to-dscp-mapping=no learn-limit=10 learn-override=yes
set 4 action-on-static-station-move=drop drop-dynamic-mac-move=yes dscp-based-qos-dscp-to-dscp-mapping=no learn-limit=10 learn-override=yes
set 5 action-on-static-station-move=drop drop-dynamic-mac-move=yes dscp-based-qos-dscp-to-dscp-mapping=no learn-limit=10 learn-override=yes
set 6 action-on-static-station-move=drop drop-dynamic-mac-move=yes dscp-based-qos-dscp-to-dscp-mapping=no learn-limit=10 learn-override=yes
set 7 action-on-static-station-move=drop drop-dynamic-mac-move=yes dscp-based-qos-dscp-to-dscp-mapping=no learn-limit=10 learn-override=yes
set 8 action-on-static-station-move=drop drop-dynamic-mac-move=yes dscp-based-qos-dscp-to-dscp-mapping=no learn-limit=10 learn-override=yes
set 9 action-on-static-station-move=drop drop-dynamic-mac-move=yes dscp-based-qos-dscp-to-dscp-mapping=no learn-limit=10 learn-override=yes
set 10 action-on-static-station-move=drop drop-dynamic-mac-move=yes dscp-based-qos-dscp-to-dscp-mapping=no learn-limit=10 learn-override=yes
set 11 action-on-static-station-move=drop drop-dynamic-mac-move=yes dscp-based-qos-dscp-to-dscp-mapping=no learn-limit=10 learn-override=yes
set 12 action-on-static-station-move=drop drop-dynamic-mac-move=yes dscp-based-qos-dscp-to-dscp-mapping=no learn-limit=10 learn-override=yes
set 13 action-on-static-station-move=drop drop-dynamic-mac-move=yes dscp-based-qos-dscp-to-dscp-mapping=no learn-limit=50 learn-override=yes
set 14 action-on-static-station-move=drop drop-dynamic-mac-move=yes dscp-based-qos-dscp-to-dscp-mapping=no learn-limit=10 learn-override=yes
set 15 action-on-static-station-move=drop drop-dynamic-mac-move=yes dscp-based-qos-dscp-to-dscp-mapping=no learn-limit=10 learn-override=yes
set 16 action-on-static-station-move=drop drop-dynamic-mac-move=yes dscp-based-qos-dscp-to-dscp-mapping=no learn-limit=10 learn-override=yes
set 17 action-on-static-station-move=drop drop-dynamic-mac-move=yes dscp-based-qos-dscp-to-dscp-mapping=no learn-limit=10 learn-override=yes
set 18 action-on-static-station-move=drop drop-dynamic-mac-move=yes dscp-based-qos-dscp-to-dscp-mapping=no learn-limit=10 learn-override=yes
set 19 action-on-static-station-move=drop drop-dynamic-mac-move=yes dscp-based-qos-dscp-to-dscp-mapping=no learn-limit=10 learn-override=yes
set 20 action-on-static-station-move=drop drop-dynamic-mac-move=yes dscp-based-qos-dscp-to-dscp-mapping=no learn-limit=10 learn-override=yes
set 21 action-on-static-station-move=drop drop-dynamic-mac-move=yes dscp-based-qos-dscp-to-dscp-mapping=no learn-limit=10 learn-override=yes
set 22 action-on-static-station-move=drop drop-dynamic-mac-move=yes dscp-based-qos-dscp-to-dscp-mapping=no learn-limit=100 learn-override=yes
set 23 action-on-static-station-move=drop drop-dynamic-mac-move=yes dscp-based-qos-dscp-to-dscp-mapping=no learn-limit=100 learn-override=yes
set 24 dscp-based-qos-dscp-to-dscp-mapping=no learn-limit=100 learn-override=yes
set 25 dscp-based-qos-dscp-to-dscp-mapping=no isolation-leakage-profile-override=0 learn-limit=1023 learn-override=yes
set 26 dscp-based-qos-dscp-to-dscp-mapping=no learn-limit=1023 learn-override=yes

Add internal loop protect on ports and add limits to adding MACs to switch table for protect MAC flood attack.

/interface ethernet switch vlan
add ports=ether21-MaxiSRV,SFP-10G vlan-id=3
add ports=MyPC-trunk,MySRV-trunk,switch1-cpu,ether1-QRT2,ether6-34410A,ether10-Akip,ether14-R7000,SFP-10G vlan-id=0
add ports=MySRV-trunk,SFP-10G vlan-id=4
add ports=ether1-QRT2,ether18-sosedi146,SFP-10G vlan-id=2

Accept VLANS on ports.

I delete some parts, because it is not a basic.

When you been configured it, prepare serial console cable! at first time it is must have while you understand what you need append CPU and you PC ports must be in one VLAN.
I do not know, why mikrotik not place it in the package…

When i install CRS226 in my net, i do smoke mikrotik manual at 2 days! After HP ProCurve and Linksys switch, Mikrotik config i seen too complicated.

In classic routing and firewall i’m not need any manual on mikrotik, because i Linux sysadmin i understand all config clearly, but not in switch features


Bee cool if mikrotik add someting like this in Web-interface for simple setup.
24 ports is too many to add and manage him in winbox…
IMG_13122015_153811.png

Mikrotik switch vlan CONFIG is a major pain to use.
I recommend tp-link Jetstream series.

The difficulty in setting up the CRS is directly proportional to how complicated you want your environment to be. If you just want to run a patch cable from a router to the CRS, and you don’t have any need for multiple subnets, the default switch config should be just fine (you just need to change the switch IP to be accessible from your network so you can manage it). If you do need to separate out a few different networks, this is still fairly easy, but like others have said, MikroTik config can seem a little odd if you’re not used to how they do things. Give us more details on exactly what you need to accomplish, and we can give you much better feedback.

Sorry for the delay. I was supposed to receive an email with any responses but never did. I assumed the forum was dead. However, I decided to manually look and see there are responses. I will go through the current responses first and reply.

Yes, we are not getting fancy here, just basic switching. Eventually, I will need to setup a VLAN for the public WiFi but I will not need to do that right away. Since it has an IP address setup for admin purposes, will it flag as a duplicate IP when I connect my second CRS as a switch?

Thank you for the reply but that doesn’t help at all.

Thank you for your time and reply. I inherited this network when I started here a few months ago and am trying to enhance our networking and connect our 3 buildings. My main job function is with the church Audio/Video/Lighting. I have a networking background but am by no means a full Network Engineer and am totally new to MikroTik.

We currently have a NetGear 24-port switch that is about full that connects to a NetGear wireless router. The office staff use this wireless AP to connect to the private network. The public WiFi goes to a small NetGear pro switch with one port setup to throttle the up/down. Both of those connect to our Cable Modem.

My plan is to use the CRS only as a switch. I also purchased a Routerboard 1100AHx2 to replace the router. My plan was to have the Public AP connect directly to the router and let it handle the VLAN. This way, I can use the CRS strictly as a switch.

Does that sound like a good plan? Or, do you have a better suggestion?

To change the IP for admin access, should I change it to Bridge Mode first? Otherwise, it wants all of the routing IP configuration setup.

I posted a reply with quotes to skuykend and mpreissner. However, I’m not seeing the replies listed. Does a moderator have to approve the replies, or something?

FirstTech - Posts and topics are approved by forum administrators.

Winbox can connect though MAC address as well, no IP needed.

But yes, you should either change the IP to another unused static IP or remove it and add a dhcp-client to the switch master-port (ether1 by default) to get one from your dhcp server.

I played with it quite a bit yesterday. Anytime I changed the IP in WebFig, I could no longer find it via an IP Scan and it would not display an IP address on the snail display on the switch. I will try installing WinBox. Thanks for the suggestion and your help.

Thank you

Update for anyone following this topic…

I found what was messing me up. The OS version on the box was 6.9 and it seems it had an issue with the QuickSetup. It would not repopulate with the information you put in. I found in the IP Menu where I had to assign the address. Also, the Switch menu was missing.

I installed WinBox and that was much easier to find and configure. So, I now have the correct IP addresses for them and they are working great. Next, on to the VLAN setup.