RE: CRS326-24G-2S+

I’m having a hell of a time getting a Cisco Wireless Access point to work on a interface on this switch
First off i’m using an external power injector and a Cisco 9130 AXI Access point

the port configuration on a Cisco switch that works with this is as follows

!
interface GigabitEthernet1/0/13
switchport trunk native vlan 710
switchport mode trunk
spanning-tree portfast

Note it’s a Trunk port and the native vlan is 710
I can also set it as an access port on vlan 710 but if i do that i’m not able to use any other VLANS for Wireless SSID’S

I provided this detail so that the following makes more sense

I need to configure an interface on the CRS326 similar to the way the Cisco Switch is configured.


This is the configuration I’m using that is not working

Oddly enough the Access point is able to get a DHCP Address on the VLAN 710 with this configuration but it’s not able to communicate with anything on that VLAN nor is it able to communicate with the gateway.

/interface bridge
add admin-mac= auto-mac=no ingress-filtering=no name=bridge vlan-filtering=yes

/interface vlan
add interface=bridge name=vlan1 vlan-id=1
add interface=bridge name=vlan710 vlan-id=710

!This is the PORT Facing towards the Access Point
/interface bridge port
add bridge=bridge ingress-filtering=no interface=ether21 pvid=710

/ip address
add address=172.16.0.236/20 interface=vlan1 network=172.16.0.0
add address=10.7.10.236/24 interface=vlan710 network=10.7.10.0

From the Upstream Cisco switch i’m able to ping the vlan710 address and from the CRS326 i’m able to ping the Cisco Switch’s VLAN SVI

So I’m confident I’ve setup the Trunk correctly

Cisco Trunk Configuration
!
interface TenGigabitEthernet1/1/5
description IDF1LAN1_UPLINK
switchport trunk native vlan 999
switchport trunk allowed vlan 1,10,20,200,498,499,602,700,710,720,800,900-904
switchport trunk allowed vlan add 999-1001
switchport mode trunk


CRS326
This is the TRUNK port connected to the Cisco Switchport
/interface bridge port
add bridge=bridge ingress-filtering=no interface=sfp-sfpplus2 pvid=999


Frankly i’m at a Loss I’ve been beating my head against this for 2 days now.

I could seriously use some guidance

Here you go:

First reload the switch with no defaults:
/system/reset-configuration no-defaults=yes

When it comes back up, create the bridge. Set the priority and spanning-tree mode as needed:

/interface bridge
add admin-mac= auto-mac=no name=bridge1 priority=0x8000 protocol-mode=rstp vlan-filtering=yes

Next you need to add the ports you want to the bridge. Since we have no defaults, there are no ports in the bridge. Add them all if you want. Note…You might not want all ports to be “edge” ports. Especially ones that trunk. Watch out for spanning-tree when connecting other devices.

/interface bridge port
add bridge=bridge1 edge=yes interface=ether1 pvid=XXX
add bridge=bridge1 edge=yes interface=ether2 pvid=XXX

add bridge=bridge1 edge=yes interface=ether24 pvid=XXX

Note, you might create bonds, or maybe you want to turn up bpdu-guard or other features…But at a minimum, you have to create the bridge, then add the ports to the bridge. When you assign “pvid=XXX” the XXX is the VLAN number. 710, 40, 4094, Whatever you want.

Next up…You need to setup the “tagged” VLANs and what ports those VLANs are tagged on. This is where you’re doing the VLAN “trunking.”

/interface bridge vlan
add bridge=bridge1 tagged=ether1,ether2,ether3 vlan-ids=6
add bridge=bridge1 tagged=ether1,bridge1 vlan-ids=710

The above will tag VLAN 6 on ports ether1, ether2, and ether3. It will also tag VLAN 710 on ether1 and the internal CPU of the Mikrotik (think management). Repeat for as many VLANs as you’re needing to be tagged on an interface. There’s no real equivalent to just “switchport mode trunk” in Cisco-ese. You have have to set each VLAN to be tagged on each port as a single entry under /interface/bridge/vlan. (Yes…That sucks.) You can trunk as many VLANs to as many ports as you want…But each VLAN should be represented here as a single line. I do not suggest you go crazy and define a bunch of VLANs to have just in case…Just define them as needed. Yes it’s “messy.”

Anyway…

In /interface/bridge/port you set ether1 to be an “access” on a VLAN with pvid=XXX
And in /interface/bridge/vlan you set ether1 to be a “trunk” for VLAN YYY

Now…If you want the Mikrotik to have an IP address in a vlan, you have to “tag” that VLAN to the “bridge” defined in /interface/bridge (in my example above, “bridge1”) Then you will have to add a VLAN interface into the bridge:

/interface vlan
add interface=bridge1 name=VL710 vlan-id=710

Now you’ll need to set an IP address for the VLAN interface you just created:

/ip address
add address=10.0.0.1/24 interface=VL710 network=10.0.0.0

It’s a little cumbersome, but once you get the basic ideas there, you can start tweaking further. Yes…This turns in to a mess if you’re making lots of changes over time.

That should get you going.

Thank you for your response.

As it turns out i was barking up the wrong tree.

I thought my problem was on the CRS326-24G

However it turns out the actual problem is with the CRS112-8p-4s trunked off ethernet port 23

I believe the issue i’m having is with the Switch chip and vlan’s



/interface ethernet switch egress-vlan-tag
add tagged-ports=ether5,ether7,sfp12 vlan-id=710
add tagged-ports=ether5,ether7,sfp12 vlan-id=1
add tagged-ports=ether5,ether7,sfp12 vlan-id=0
add tagged-ports=ether5,ether7,sfp12 vlan-id=720
/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=1 ports=ether1
/interface ethernet switch vlan
add ports=ether5,ether7,sfp12 vlan-id=1
add ports=ether5,ether7,sfp12 vlan-id=0
add ports=ether5,ether7,sfp12 vlan-id=710\

/interface bridge
add name=bridge port-cost-mode=short vlan-filtering=yes
/interface bridge port
add bridge=bridge comment=APCRAFT interface=ether2 internal-path-cost=10
path-cost=10 trusted=yes
add bridge=bridge interface=ether3 internal-path-cost=10 path-cost=10 trusted=
yes
add bridge=bridge ingress-filtering=no interface=ether4 internal-path-cost=10
path-cost=10 trusted=yes
add bridge=bridge comment=WORKDESK-SWITCH interface=ether5 internal-path-cost=
10 path-cost=10 pvid=999 trusted=yes
add bridge=bridge interface=ether6 internal-path-cost=10 path-cost=10 trusted=
yes
add bridge=bridge comment=MASTERBEDROOM interface=ether7 internal-path-cost=10
path-cost=10 pvid=999 trusted=yes
add bridge=bridge interface=ether8 internal-path-cost=10 path-cost=10 trusted=
yes
add bridge=bridge interface=sfp10 internal-path-cost=10 path-cost=10 trusted=
yes
add bridge=bridge interface=sfp11 internal-path-cost=10 path-cost=10 trusted=
yes
add bridge=bridge comment=IDF2LAN-TRUNK ingress-filtering=no interface=sfp12
internal-path-cost=10 path-cost=10 pvid=999 trusted=yes
add bridge=bridge interface=sfp9 internal-path-cost=10 path-cost=10 trusted=yes
add bridge=bridge interface=ether1
/interface bridge vlan
add bridge=bridge tagged=sfp12,bridge,ether7,ether5 untagged=
ether3,ether1,ether4,ether6,ether2,ether8,sfp9,sfp10 vlan-ids=1
add bridge=bridge tagged=bridge,ether7,sfp12,ether5 vlan-ids=710
add bridge=bridge tagged=bridge untagged=ether7,ether5,sfp12 vlan-ids=999



SFP12 is trunked to the CRS326 on Ethernet 23
the native PVID = 999
i’m trying to carry vlan’s 999,710,1

I can get a VLAN SVI on the Bridge to work on VLAN 1 with an ip address.
But the VLAN svi For VLAN710 refuses to work

I’m normally pretty good with this stuff but i’m finding the combination switch and routeros configuration to be completely mind boggling.


If i understand correctly the code you gave me is correct for the CRS326
However, I’m pretty sure I’m misconfigured on the CRS112 side.



Here’s the relevant bridge code i have for the CRS326

/interface bridge
add admin-mac=74:4D:28:05:04:66 auto-mac=no ingress-filtering=no name=bridge port-cost-mode=short
vlan-filtering=yes
/interface bridge port
add bridge=bridge comment=“DESK CRS317-1G-16S+ Uplink” ingress-filtering=no interface=sfp-sfpplus2
internal-path-cost=10 path-cost=10 pvid=999
add bridge=bridge ingress-filtering=no interface=ether1 internal-path-cost=10 path-cost=10 pvid=710
add bridge=bridge ingress-filtering=no interface=ether2 internal-path-cost=10 path-cost=10
add bridge=bridge ingress-filtering=no interface=ether3 internal-path-cost=10 path-cost=10
add bridge=bridge ingress-filtering=no interface=ether4 internal-path-cost=10 path-cost=10
add bridge=bridge ingress-filtering=no interface=ether5 internal-path-cost=10 path-cost=10
add bridge=bridge ingress-filtering=no interface=ether6 internal-path-cost=10 path-cost=10
add bridge=bridge ingress-filtering=no interface=ether7 internal-path-cost=10 path-cost=10
add bridge=bridge ingress-filtering=no interface=ether8 internal-path-cost=10 path-cost=10
add bridge=bridge ingress-filtering=no interface=ether9 internal-path-cost=10 path-cost=10
add bridge=bridge ingress-filtering=no interface=ether10 internal-path-cost=10 path-cost=10
add bridge=bridge ingress-filtering=no interface=ether11 internal-path-cost=10 path-cost=10
add bridge=bridge ingress-filtering=no interface=ether12 internal-path-cost=10 path-cost=10
add bridge=bridge ingress-filtering=no interface=ether13 internal-path-cost=10 path-cost=10
add bridge=bridge ingress-filtering=no interface=ether14 internal-path-cost=10 path-cost=10
add bridge=bridge ingress-filtering=no interface=ether15 internal-path-cost=10 path-cost=10
add bridge=bridge ingress-filtering=no interface=ether16 internal-path-cost=10 path-cost=10
add bridge=bridge ingress-filtering=no interface=ether18 internal-path-cost=10 path-cost=10
add bridge=bridge ingress-filtering=no interface=ether19 internal-path-cost=10 path-cost=10 pvid=700
add bridge=bridge ingress-filtering=no interface=ether20 internal-path-cost=10 path-cost=10
add bridge=bridge ingress-filtering=no interface=ether21 internal-path-cost=10 path-cost=10 pvid=710
add bridge=bridge ingress-filtering=no interface=ether22 internal-path-cost=10 path-cost=10
add bridge=bridge ingress-filtering=no interface=ether24 internal-path-cost=10 path-cost=10 pvid=999
add bridge=bridge ingress-filtering=no interface=sfp-sfpplus1 internal-path-cost=10 path-cost=10
add bridge=bridge comment=“–>> IDF1LAN3 port SFP12” ingress-filtering=no interface=ether23
internal-path-cost=10 path-cost=10 pvid=999
add bridge=bridge ingress-filtering=no interface=ether17 internal-path-cost=10 path-cost=10
/interface bridge vlan
add bridge=bridge tagged=bridge,sfp-sfpplus1,sfp-sfpplus2,ether24,ether23 untagged=“ether3,ether4,ether5,eth
er6,ether7,ether8,ether9,ether10,ether11,ether12,ether13,ether14,ether15,ether16,ether17,ether18,ether19
,ether20,ether21,ether22” vlan-ids=1
add bridge=bridge tagged=bridge,ether23,ether24,sfp-sfpplus1,sfp-sfpplus2 vlan-ids=10
add bridge=bridge tagged=bridge untagged=ether23,ether24,sfp-sfpplus1,sfp-sfpplus2 vlan-ids=999
add bridge=bridge tagged=bridge,ether23,ether24,sfp-sfpplus1,sfp-sfpplus2 vlan-ids=200
add bridge=bridge tagged=bridge,ether23,ether24,sfp-sfpplus1,sfp-sfpplus2 vlan-ids=720
add bridge=bridge tagged=bridge,ether23,ether24,sfp-sfpplus1,sfp-sfpplus2 vlan-ids=20
add bridge=bridge tagged=bridge,ether23,ether24,sfp-sfpplus1,sfp-sfpplus2 vlan-ids=700
add bridge=bridge tagged=bridge,ether23,ether24,sfp-sfpplus1,sfp-sfpplus2 vlan-ids=730
add bridge=bridge tagged=bridge,ether23,ether24,sfp-sfpplus1,sfp-sfpplus2 vlan-ids=800
add bridge=bridge tagged=bridge,ether23,ether24,sfp-sfpplus1,sfp-sfpplus2 vlan-ids=900
add bridge=bridge tagged=bridge,ether23,ether24,sfp-sfpplus1,sfp-sfpplus2 vlan-ids=901
add bridge=bridge tagged=bridge,ether23,ether24,sfp-sfpplus1,sfp-sfpplus2 vlan-ids=902
add bridge=bridge tagged=bridge,ether23,ether24,sfp-sfpplus1,sfp-sfpplus2 vlan-ids=903
add bridge=bridge tagged=bridge,ether23,ether24,sfp-sfpplus1,sfp-sfpplus2 vlan-ids=904
add bridge=bridge tagged=bridge,ether23,ether24,sfp-sfpplus1,sfp-sfpplus2 vlan-ids=1000
add bridge=bridge tagged=bridge,ether23,ether24,sfp-sfpplus1,sfp-sfpplus2 vlan-ids=1001
add bridge=bridge tagged=bridge,ether23,ether24,sfp-sfpplus1,sfp-sfpplus2 untagged=ether1,ether21 vlan-ids=
710