Hi. Getting a CRS326. Need to know if I can do this and some configuration assistance.

Background. I will be setting up the CRS326 as a switch (no routing). There will be two VLANs.

One of them will be 100% isolated. Meaning no communication to other vlans or the internet.

Let’s call these VLANs

Vlan 100 - general
Vlan 200 - radio

Vlan 100 will have internet and access to rest of building.

Vlan 200 is an isolated network for aoip only.

Here is the kicker. I need Vlan 200 to have a PTPv2 master on it provided by the CRS326. The clock should only be “seen” by Vlan 200.

This doable? Any tips?

Thanks

In the documentation here:

https://help.mikrotik.com/docs/spaces/ROS/pages/64127015/Precision+Time+Protocol#PrecisionTimeProtocol-PTPonVLANPorts

# Create Bridge
/interface/bridge/add name=bridge1

# Add port on the bridge assign ether1 as vlan 100 and ether2 as vlan 200

/interface/bridge/port/add pvid=100 interface=ether1 frame-types=admit-only-untagged-and-priority-tagged
/interface/bridge/port/add pvid=200 interface=ether2 frame-types=admit-only-untagged-and-priority-tagged

# Define vlan id = 100 and 200

/interface/bridge/vlan add vlan-ids=100 tagged=br1,untagged=ether1 bridge=bridge1


## from MT documentation

/system ptp add name=ptp1 profile=802.1as
/system ptp port add interface=ether2 ptp=ptp1

/interface bridge vlan add bridge=bridge1 vlan-ids=200 untagged=bridge1,ether2

# Activate Bridge Vlan Filtering
/interface/bridge/set vlan-filtering=yes

Thank you. I will get that tested.

Seems like I got it configured. Is using a single bridge the right thing on a CRS326 to get near wire speed?
How do I even test that?

The only thing I have left is to test the AES67 and create a LAG group for the NAS.

I did see something odd in a YouTube video.
With Winbox - In the bridge section. Double click the bridge then click the ports tab, I see the interfaces with the PVID. The video showed manually putting the ether# on each vlan in the vlan tab (in the tagged untagged section). I did not do this and it is working.

Should I have someone look at my config?

In newer versions (~7.16+), it’s automatic. i.e. the /interface/bridge/vlan table will get populated by adding a /interface/vlan automatically.., so for access ports you just need to change PVID on the /interface/bridge/port.

One bridge is best. There may be more HW offloading things to enable, IDK. If post want to post your config, feel free. But sounds like you figured this out.

Ok. Here is my config. I’m not sure about the LAG group. How do I make sure that only works on VLAN 1? Thanks in advance for any comments / advice.

Export compact file=studio1


Ian

2025-03-10 12:17:38 by RouterOS 7.18.2

software id = 3CRN-VBZI

model = CRS326-24G-2S+

serial number = xxxxxxxxxxxx

/interface bridge
add admin-mac=D4:01:C3:86:1E:E9 auto-mac=no comment=defconf name=bridge
vlan-filtering=yes
/interface ethernet
set [ find default-name=sfp-sfpplus1 ] disabled=yes
set [ find default-name=sfp-sfpplus2 ] disabled=yes
/interface bonding
add mode=802.3ad name=“Bond 1 - LAG for NAS” slaves=ether15,ether16
transmit-hash-policy=layer-2-and-3
/port
set 0 name=serial0
/system ptp

ports are not running

add name=ptp1 profile=aes67
/interface bridge port
add bridge=bridge comment=defconf interface=ether1
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=ether10
add bridge=bridge comment=defconf interface=ether11
add bridge=bridge comment=defconf interface=ether12
add bridge=bridge comment=defconf interface=ether13
add bridge=bridge comment=defconf interface=ether14
add bridge=bridge comment=defconf interface=ether17 pvid=200
add bridge=bridge comment=defconf interface=ether18 pvid=200
add bridge=bridge comment=defconf interface=ether19 pvid=200
add bridge=bridge comment=defconf interface=ether20 pvid=200
add bridge=bridge comment=defconf interface=ether21 pvid=200
add bridge=bridge comment=defconf interface=ether22 pvid=200
add bridge=bridge comment=defconf interface=ether23 pvid=200
add bridge=bridge comment=defconf interface=ether24 pvid=200
add bridge=bridge comment=defconf interface=sfp-sfpplus1
add bridge=bridge comment=defconf interface=sfp-sfpplus2
/ipv6 settings
set disable-ipv6=yes
/interface bridge vlan
add bridge=bridge untagged=ether17,ether18 vlan-ids=1
add bridge=bridge tagged=ether17,ether18 vlan-ids=200
/ip address
add address=192.168.1.240/24 comment=defconf interface=bridge network=
192.168.1.0
/system note
set show-at-login=no
/system ptp port
add interface=ether19 ptp=ptp1
add interface=ether20 ptp=ptp1
add interface=ether21 ptp=ptp1
add interface=ether22 ptp=ptp1
add interface=ether23 ptp=ptp1
add interface=ether24 ptp=ptp1
/system routerboard settings
set enter-setup-on=delete-key

Bump. Can anyone verify for me that the lag works on the default vlan. I want to put in production. I can’t test this until it goes there.

Any other issues you see?

Thanks

Ian

Please do yourself a favor you can simulate your environment in GNS3 VM before running your config intro production, your configuration might appear ok but we don’t know your whole network

edit: your bond/lagg interface should be added as ports in the bridge i haven’t seen that on your config and what’s the intention? anyway my argument still stand

I had to take those ports out of the bridge to make the bond so know idea how I would put them back in. I’ll look into the simulator.

I could be wrong, but as far as I understand, MikroTik’s PTP implementation doesn’t support master mode.