[RB2011 as Switch] - How to use all ports?

RouterOS General
1

Hello

Recently we had to use a RB2011 as Switch.
The goal was to manage the switch (RB2011) on VLAN 0 ( normally known as vlan 1 on others switches) … by putting default route and IP on master-port.
Receive at this port (master-port / UPLINK port) , tagged vlans. Make some ports untagged on respective VID and be able to orientate traffic to flow only on tagged and unttaged ports, on that vlan.

So, the configuration was like this:

UPLINK as ether5 (gigabit)
Management IP as VLAN 0 ( normally known as vlan 1 on others switches)

/interface bridge
add name=LAN protocol-mode=none

/interface bridge port
add bridge=LAN interface=ether10
add bridge=LAN interface=ether5

/interface ethernet
set [ find default-name=ether1 ] master-port=ether5  name=ether1
set [ find default-name=ether2 ] master-port=ether5  name=ether2
set [ find default-name=ether3 ] master-port=ether5  name=ether3
set [ find default-name=ether4 ] master-port=ether5  name=ether4
set [ find default-name=ether6 ] master-port=ether10 name=ether6
set [ find default-name=ether7 ] master-port=ether10 name=ether7
set [ find default-name=ether8 ] master-port=ether10 name=ether8
set [ find default-name=ether9 ] master-port=ether10 name=ether9

/interface ethernet switch vlan
add independent-learning=no ports=ether5,ether1 switch=switch1 vlan-id=12
add independent-learning=no ports=ether5,ether2 switch=switch1 vlan-id=15
add independent-learning=no ports=ether5,ether3 switch=switch1 vlan-id=8
add independent-learning=no ports=ether5,ether4 switch=switch1 vlan-id=7
add ports=switch2-cpu,ether7  switch=switch2 vlan-id=6
add ports=switch2-cpu,ether6  switch=switch2 vlan-id=11
add ports=switch2-cpu,ether8  switch=switch2 vlan-id=253
add ports=switch2-cpu,ether9  switch=switch2 vlan-id=14


/interface ethernet switch port
set 1 default-vlan-id=12 vlan-header=always-strip vlan-mode=secure
set 2 default-vlan-id=15 vlan-header=always-strip vlan-mode=secure
set 3 default-vlan-id=8 vlan-header=always-strip vlan-mode=secure
set 4 default-vlan-id=7 vlan-header=always-strip vlan-mode=secure
set 5 default-vlan-id=0 vlan-mode=fallback
set 6 default-vlan-id=11 vlan-header=always-strip vlan-mode=secure
set 7 default-vlan-id=6 vlan-header=always-strip vlan-mode=secure
set 8 default-vlan-id=253 vlan-header=always-strip vlan-mode=secure
set 9 default-vlan-id=14 vlan-header=always-strip vlan-mode=secure
set 12 vlan-mode=fallback

/ip address
add address=10.255.253.2/29 interface=ether5 network=10.255.253.0

/ip route
add distance=1 gateway=10.255.253.1

How can I use ether10 to be an “untagged” port on VID 12 ?
Is it possible?

I’ve tried to set like this:

/interface ethernet switch vlan
add ports=switch2-cpu,ether10 switch=switch2 vlan-id=3

/interface ethernet switch port 
set 10 default-vlan-id=3 vlan-header=always-strip vlan-mode=secure

No success.

Any help would be appreciated. Thanks

2

On gigabit switches the vlan-header attribute is ignored in secure vlan-mode. Instead the port will behave as leave-as-is. Use the default-vlan-id to tag and untag traffic in secure vlan-mode. Your configuration is untagging vlan 3 on ether10. Also make sure the vlan table is correct for all ports.

EDIT: just realised ether10 is on the fast ethernet switch, so the always-strip option makes sense for egress on an access port. Still, the default-vlan-id is off for ingress. You may need to add switch1-cpu to the vlan table for the traffic to be passed through the bridge to the trunk on ether5; not entirely sure through.

3

Yes. It worked!!! Thanks

Enviado de meu XT1225 usando Tapatalk

4

check this post http://forum.mikrotik.com/t/switching-with-routeros-crs-questions/68042/76

maybe it can help