I am completely new to RouterOS, so please bear with me. I have had a chance to get my hands on two CRS125-24G-1S-RM switches. Before I make everything too messy simply due to my lack of RouterOS knowledge, I wanted to ask you what would be the best way to connect these two switches and in the process avoiding loopbacks. Basically I use pfSense to act as my router, and all I want for these two switches is tot act simply as a switch, and nothing else - so no L3 configuration. Also, I want to leave one port (on either switch) for hotspot that an AP gets connected to it just for my guests separating them from my local LAN. That’s pretty much it. Thank you!
For connecting the switches, just run a cable (or multiple cables) between the two. For a single cable, you’ll just need to set up a VLAN trunk on both switches for the connected ports. If you use multiple cables, you’ll want to set up a port trunk. The port trunk is effectively a static link aggregation group (sorry, no LACP supported yet). You’ll have to do some minimal layer 3 config on the switches for management purposes, but if you set up all the VLANs you want in the switch chip, the device will run all layer 2 operations at wire-speed.
PfSense is a great routing option if the hardware behind it is sufficient. For your setup, I would bridge a few interfaces so you can run a link from pfSense to both switches, and then enable RSTP on the bridge. This will ensure that only one link to the router is active at any given time. If one of the cables fails, or a port goes bad, the router will simply switch over to the other link.
Thanks for the quick reply. That seems pretty straightforward. After doing my research, I realized then that the switch doesn’t support LACP. I also realized that jumbo frames are capped at 4K. Now, back to your outline: As far as the trunking goes, if two separate trunks are created on the two switches, doesn’t that create loopbacks? If I create an SLA group, I have to bridge the group to the master-port? Or the group itself act as a slave? In case I have to do bridging, then doesn’t the bridging end up leaving heavy processing on the CPU, and according to the block diagram, apparently there’s only 1Gbs port to the CPU. That’s no much for the backbone processing.
I have setup the pfSense as a VM on a HP G9. So the hardware should suffice. I do however want when clients are talking to each other (i.e NAS → Plex Server → Apple TV) just keep talking only through the switch unless they need to visit the router.
While the switch doesn’t support dynamic link aggregation, it does support static link aggregation using the interface > ethernet > switch > port > trunk menu. This should not create a switching loop if set up on both switches. I could’ve sworn jumbo frames were up to 9k on the CRS, but I could be wrong…I know the CRS226 is 9k.
You don’t want to do any bridging…it involves the CPU, and since you’re just trying to create a larger switch fabric, it’s completely unnecessary. If you set the trunks up via the switch chip, it is done in hardware, rather than via the CPU.
Question regarding the second switch: If Switch A has the master_port, and all other ports are slave to the the master_port, and ports 21_24 are port trunked (switch → port → trunk) connected to switch B which is also configured with identical port trunking, then does switch B need master_port? I am guessing yes, since after all an IP is needed for the switch itself, no? How would this work?!
I am getting seriously confused here. I set up the first switch, with nothing connected to it, except a cat 6 cable from the router to interface 1 (port 1), and another cat 6 cable from my pc to port 2. I manually assigned an IP of 10.x.x.x. to the master_port, and tried to test the wirespeed bandwidth through btest. When I initiated a TCP test to the IP, the bandwidth went only as up as 37Mbs, and then the CPU meter hit the roof at 100%, and the switch crashed. Literally crashed, I was tossed out of the Winbox, the LCD interface went white, and I could not connect back to the switch no matter what, until I power-cycled the thing! What am I doing wrong here?!?!
The easiest way to ensure that you’re testing the layer 2 bandwidth is to plug two machines into any two ports. You’ll get a good 1 gbps.
The CRS can be a little tricky to program correctly. I would create a Management VLAN and attach it to the Master port in the switch group. A Master port only means that any port needing to communicate with the CPU does so through the master port. Then in the Interface > Ethernet > Switch > VLAN menu, you need to add the Management VLAN to the Master port and switch1-cpu. Then go to the Switch > Egress VLAN Tag menu and and tag the Master port and switch1-cpu. Finally, add the management IP address to the Management VLAN interface.
Remember, you’re taking two independent switches and connecting them together. In a way, this creates a single switch fabric, except it’s not, because the switches can’t be managed as a single unit. You’ll want to set up the management IP on both units so you can make changes to both switches in the future. I’d also recommend using the console port to make the initial configuration changes. When you go messing the the VLANs, tagging, etc., it’s not uncommon for the switch to stop responding over IP because the new configuration doesn’t allow for it, leaving the switch only half-configured. The console port never stops responding.
Switch acts as a switch between the ports that are set to be the slaves to one common master. The master port is a part of the swithing group too.
Because swithing is done on L2, there is no need to set anything on L3 (IP prootocol). So you do not need any IP address until you decide to use it for management purposes (to connect via web/winbox/ssh/telnet to the device itself) or unltil you want the device to act as a router. You can still manage the device over L2 using mac connected winbox ormac telnet. If it has serial port, you can use serial console too.
Of course, setting some IP to the device could be helpful in other ways, not only for configuration but for monitoring via snmp too.
But generally a switch does not need to have an IP address to be able to work as a switch.
Regarding the crashing the switch. I have just one CRS125 running in my lab in bridging mode (not in switch, it means, everything goes to CPU and back). It is able to pass over 800Mbits trhu. When running btest to its IP it accepts over 200Mbits single stream TCP and over 900Mbits of UDP. The limitation is the generating device obviously. No crash of CRS125. Running 6.34.2.
Thank you jarda and mpreissner for your help. I did connect the two switches without the trunk and with the trunk. The log files say it all. Without the trunk, there are warning errors about multicast broadcasts, but with the trunk all seems to be well.
However, on a side-note: Post-crash of the Switch A, its LCD panel has gone plain white! I have power-cycled the device, reset the switch with the auto-config file, updated the RouterOS, checked the serial console port, check the interfaces associated with the LCD, clicked on recaliberate, nothing seems to work. Please don’t point to the Wiki LCD page, I have been there already and did that it told me to do. What gives? Yet again, I need your help!
Unfortunately, I can’t help you there with the LCD. I actually disabled my LCD as I consider it to be a security risk. It allows anyone to walk up to the switch and get interact with it without authentication. As long as the rest of the switch works correctly, that’s all I care about.
There can be set a pin for the display to be able to change the settings so it can be “secured” a bit if necessary. I also have the displays off. It lowers the consumpiton, spares the display (because it gets burned in permanently soon). And there were times when the enabled display influenced dramatically the performance (hope these times are gone).
Hard to say how to get permanently white display back to the life. Just try to change the display settings back and forth, it may help.