I recently purchased a CRS326 in order to replace my Linksys LGS308. Reason is, that I need more ports and furthermore I want to have all ports monitored via SFLOW for the management software I am using. Because of the latter I run routeros rather than swos.
Basically besides VLANs and SFLOW there aren’t any functionality I am planning to use (so far).
Current setup of my vlan on the linksys switch is like that:
But I am really struggeling with the vlan setup on the CRS326. How is this being done via the webinterface. Is there a tutorial with some basic steps to map a vlan to a specific port, either as trunk or as an access port.
I’d like to start with a trunk port to connect the CRS to the Linksys switch. I’ll use port 4 on Linksys for that (settings are of Linksys shown in the picture above). What I did so far on CRS is:
<a bridge with the name “bridge” connected to all ports already exists and therefore there’s no need to create a new bridge I suppose>
/interface bridge
set bridge vlan-filtering=no
<Trunk should be ethernet port 24>
/interface bridge vlan
add bridge=bridge tagged=ether24 vlan-ids=1,2,3,10,66,100
/interface bridge
set bridge vlan-filtering=yes
ip address of CRS has been changed to same subnet as Linksys switch. My expectation was after connecting Port24 of CRS to Port4 of Linksys pinging the IP address of CRS should be possible from another PC in the same subnet. Unfortunately it didn’t work. Pinging Linksys from that PC does work.
I guess I am missing something here. Can you point me to the right direction?
Once you have a start of a config, post it here for us to review.
If using winbox note in the upper left a SAFE MODE.
Use this. If you do something wrong it will kick you out of winbox and unroll to the last changes.
Typically what I do is make a few changes. IF not kicked out I will undo safe mode, to save my work and then apply safe mode again.
Thus whenever I do something that would freeze, log out, befuddle the router, it simply kicks me out and allows me to reconnect at the last safe point.
what you’ve defined so far is just the trunk port and ids of the vlans
But
You’ll need to redefine / update the ports definitions → /interface bridge port
These vlans, except for 1, end there, as no other port is participating / propagating any of these vlans. → /interface bridge vlan
the ip on MT is on bridge I guess?
the ip on Linksys is on vlan 1 as well?
I didn’t have much time recently to keep on trying to set it up. But now I try again and still don’t get it properly.
second thing I did, was configuring one access port:
/interface bridge vlan
add bridge=bridge untagged=ether17 vlan-ids=2
so, Port 17 is an access port on vlan 2 untagged.
Port 24 is a trunk port for vlans 1,2,3,10,66,100
the ip on MT is on bridge I guess? — What exactly does that mean. I set up the IP of the MT via the WebUI using QuickSet. Is that what you mean?
the ip on Linksys is on vlan 1 as well? The IP of Linksys as well as MT is on vlan 2
If I try to add bridge port and specify pvid:
/interface bridge port
add bridge=bridge interface=ether17 pvid=2
I get the following error message:
failure: device already added as bridge port
If the linksys is on mgmt VLAN 2 you will not be able to ping it from the mikrotik which is on VLAN 1. You will need to create a VLAN interface under /interface vlan (this only has to be done for VLANs that you want to put an IP on), with interface=bridge and vlan-id=2, and put the IP address on this VLAN interface. You also then need to add vlan 2 as a tagged port on bridge, otherwise the traffic will not get to the VLAN interface. Right now you have a combined entry for all VLANs i.e. “/interface bridge vlan add bridge=bridge tagged=ether24 vlan-ids=1,2,3,10,66,100”, I usually do a separate entry for each VLAN instead of doing a big combined one like this because it is easier to work with. At the very least you will need to remove vlan 2 from that statement and make a new one that has vlan-ids=2 and set tagged=ether24,bridge.
You will need to create a VLAN interface under /interface vlan (this only has to be done for VLANs that you want to put an IP on), with interface=bridge and vlan-id=2
I did this
and put the IP address on this VLAN interface
How do I do this? Can’t see an option to set a vlan for the MK IP.
At the very least you will need to remove vlan 2 from that statement and make a new one that has vlan-ids=2 and set tagged=ether24,bridge.
To do this, simply change the interface for the IP from “ether2” to “vlan2”. Currently you have “/ip address add address=192.168.2.60/24 interface=ether2 network=192.168.2.0”, this will become “/ip address add address=192.168.2.60/24 interface=vlan2 network=192.168.2.0”.
Hi, sorry I didn’t notice this. You can get back in with winbox and managing the device that way if you don’t want to have to reset. Your settings for vlan2 do not have ether17 set as an untagged port. Under /interface bridge vlan, instead of “/interface bridge vlan add bridge=bridge tagged=bridge,ether24 vlan-ids=2” you probably want “/interface bridge vlan add bridge=bridge tagged=bridge,ether24 untagged=ether17 vlan-ids=2”
no worries. I don’t have Windows pcs therefore Winbox is not an option. However I simply reset the CRS and started from scratch. Could also help me understanding the concept a little better.
I followed all (hopefully all) your recommendations and did the following:
set IP of MK to 192.168.2.60 via Webinterface
/interface bridge
set bridge vlan-filtering=no
(Do I need to add tagged=bridge to the other vlan-ids as well?)
/interface bridge vlan
add bridge=bridge tagged=ether24 vlan-ids=1
add bridge=bridge tagged=bridge,ether24 untagged=ether17 vlan-ids=2
add bridge=bridge tagged=ether24 vlan-ids=3
add bridge=bridge tagged=ether24 vlan-ids=10
add bridge=bridge tagged=ether24 vlan-ids=66
add bridge=bridge tagged=ether24 vlan-ids=100
What I see is, that there’s no pvid set up for ether17. However trying to add the pvid by
/interface bridge port> add bridge=bridge interface=ether17 pvid=2
results in “failure: device already added as bridge port”
Many people use winbox on MacOS or Linux in Wine. It is designed to work well in Wine. There is even a version with bundled Wine specifically for MacOS: http://joshaven.com/resources/tools/winbox-for-mac/
Although that Winbox version is 3.17 you can easily upgrade it to 3.18 by viewing the package contents in MacOS, locating the winbox.exe file and replacing it with the one downloaded from MikroTik.
No, because the switch does not have IP addresses on those VLANs. The setting tagged=bridge actually makes a connection from the switch chip back to the main router CPU, which is necessary if you are giving the switch an IP on that VLAN. If the switch simply needs to switch that VLAN, then no connection back to the CPU is necessary for that VLAN.
That is probably the issue at this point. You can either change the PVID through the web interface or winbox, or do the following from the command line
/interface bridge port> print
you will get a list of bridge ports with numbers beside them. Make note of the number for ether17. Then,
/interface bridge port> set # pvid=2
replacing # with the port number for ether17 from the print output.
Also you have a wrong subnet mask for that network - /8? I think you probably want /24. You’ll need to also fix the network address after changing the subnet mask to /24, it should be 192.168.2.0 not 192.0.0.0
Also, I would not add the same IP onto two interfaces simultaneously. It could possibly cause an issue - if the device has an IP on the same subnet in two different interfaces, how does it know which to use to reach you? You should probably put the ether2 ip in a different subnet from the IP that you are assigning to vlan2. After the vlan2 IP is working then you can remove the ether2 IP.
It is for doing this kind of complex configuration that Winbox is handy so that you do not lock yourself out. You can connect via layer 2 MAC winbox protocol even if the device does not have an IP address. Although this config is not really complex, it is tricky b/c the order that you do things in needs to be correct or you lock yourself out. You don’t have to worry about that if you use MAC winbox.
