Hello,
I have a RB2011UiAS with the two switches in it. The case is that I want to make a trunk between the two switches (with some vlans on it) WITHOUT using external cable. (I’ve seen this mental solution around the net.)

The obvious solution seemed to be to bridge the switch1-cpu and switch2-cpu pseudo ports but it’s not working. I’ve tried numerous variants and red numerous guides and did not managed to do it. Sometimes the board needs to be rebooted for the vlan groups and bridge groups to start working. This really hinders any troubleshooting. I have extensive experience with “normal” switching architecture but can’t make this to work.

Can anyone give some pointers or a solution to that. I cant be the only one that had come across this nuisance.

BR

That’s the basic config for a 2011. Both master ports bridged. Once you start adding settings to the switch chip, you have to do it right though. All vlans you want passed need to have access to the cpu ports.

Although something broke on one of the other vlans, I’ve tried this: (I think this is what the config should be like)
Tell me if I’m missing something

I have two master port groups.
[root@rb] > /interface ethernet print
Flags: X - disabled, R - running, S - slave

NAME MTU MAC-ADDRESS ARP MASTER-PORT SWITCH

Fa1 1500 00:1D:60:E2:62:80 enabled none switch2
Fa2 1500 4C:5E:0C:1E:A9:64 enabled none switch2
Fa3 1500 4C:5E:0C:1E:A9:65 enabled Fa2 switch2
Fa4 1500 4C:5E:0C:1E:A9:66 enabled Fa2 switch2
4 S Fa5 1500 4C:5E:0C:1E:A9:67 enabled Fa2 switch2
5 RS Ge1 1500 4C:5E:0C:1E:A9:5E enabled none switch1
6 S Ge2 1500 4C:5E:0C:1E:A9:5F enabled Ge1 switch1
7 S Ge3 1500 4C:5E:0C:1E:A9:60 enabled Ge1 switch1
8 S Ge4 1500 4C:5E:0C:1E:A9:61 enabled Ge1 switch1
9 Ge5 1500 4C:5E:0C:1E:A9:62 enabled none switch1
10 Ge6_FX 1500 4C:5E:0C:1E:A9:5D enabled none switch1

A bridge.
[root@rb] > /interface bridge print
Flags: X - disabled, R - running
0 R name=“br_sw1_sw2” mtu=auto actual-mtu=1500 l2mtu=1598 arp=enabled arp-timeout=auto mac-address=4C:5E:0C:1E:A9:5E protocol-mode=rstp
priority=0x8000 auto-mac=yes admin-mac=00:00:00:00:00:00 max-message-age=20s forward-delay=15s transmit-hold-count=6 ageing-time=5m

A members of that bridge.
[root@rb] > /interface bridge port print
Flags: X - disabled, I - inactive, D - dynamic

INTERFACE BRIDGE PRIORITY PATH-COST HORIZON

0 Fa2 br_sw1_sw2 0x80 10 none
1 Ge1 br_sw1_sw2 0x80 10 none
A member ports of that vlan.
[root@rb] > /interface ethernet switch vlan print
Flags: X - disabled, I - invalid

SWITCH VLAN-ID PORTS

2 switch2 12 switch2-cpu
Fa3
Fa5
3 switch1 12 switch1-cpu
Ge1
Ge2
And a port config for vlans.
[root@rb] > /interface ethernet switch port print
Flags: I - invalid

NAME SWITCH VLAN-MODE VLAN-HEADER DEFAULT-VLAN-ID

1 Ge1 switch1 secure always-strip 12
2 Ge2 switch1 disabled leave-as-is auto

7 Fa2 switch2 secure always-strip 11
8 Fa3 switch2 secure add-if-missing 0

11 switch1-cpu switch1 disabled leave-as-is 0
12 switch2-cpu switch2 disabled leave-as-is 0

At current I have no access between Fa3, Ge1 and a vlan-intarface in this 12 vlan
[root@br] > /interface vlan print
Flags: X - disabled, R - running, S - slave

NAME MTU ARP VLAN-ID INTERFACE

2 R vlan12 1500 enabled 12 Fa2

Am I missing something?

It appears that you have VLAN mode disabled in the ports section for cpu_ports which will strip all vlan tags even if in vlan table. Don’t know if that’s the only issue.

http://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features