First time user here. I’m used to Cisco and Juniper stuff, but I have never used a Mikrotik device before. I’m kind of lost in the VLAN configuration of the box.
I would like to use it as an aggregation switch for different devices within my home but I can’t get the VLAN trunks and access ports to work correctly.
I’ve read some docs online, watched Youtube videos, but it seems like some stuff doesnt work because everytime I hook up my trunk cables I completely lose access, and nothing works (the data doesn’t pass through the switch, and management doesnt work anymore either). I have a Cisco switch on SFP3 and another one on SFP4, and routers on SFP1 and SFP2
Topology:
VLAN 1 : ACCESS on ETH0 and SFP1 // TRUNK on ports SFP3 and SFP4 (Management + my own computers)
VLAN 402-406 : TRUNK on SFP2, SFP3 and SFP4 (Segregated access to different people/devices in the house)
VLAN 407-4094 : TRUNK on SFP3 and SFP4 (other VLANs for random work stuff and tests)
I have tried assigning the IP address to VLAN-1 but it doesn’t ping from the switch. If I set the IP to port ETH0, then it can ping from terminal
I’m attaching my config file that I have so far. Any help would be appreciated !
In general terms, @pcunite prepared a really good tutorial on how to do VLANs properly … it includes example of switch configuration. Another good tutorial by @sindy explains different bridge personalities.
In short: bridge is a “switch-like” entity and a port (of the switch-like entity). Whatever you do with bridge port, specially with regards to VLANs, you have to configure it explicitly, just the way you do for other bridge ports. Default (all over ROS) config is to have all bridge ports configured with PVID=1 (which makes using VID 1 explicitly somehow dangerous as one has to be very careful to configure things correctly). In your case you should be able to set management IP address to bridge port directly as it’s (by default, implicitly) set as access port with PVID=1.
Another general lesson: as soon as physical port becomes part of bridge, you should not configure any L3 stuff on it … you have to use bridge port for that. ROS doesn’t block it but it’s wrong anyway. At the same time you have to add bridge port to appropriate interface list (basic distinction between interface and port is that port is L2 entity while interface is L3 entity - based on L2 entity and assumes same name).
BTW, the admin-mac property of bridge is invalid, it should be colon-separated octets but first field in your config is word-sized (dea … should be de).
Yes the MAC was wrong as I did a typo when redacting the MAC. The color coding I found for Notepad++ is way too light and I can’t see a thing. I’ll look into modifying that.
About the tutorials, I did try to adapt to my needs and ports of the CSR305, and apart from completely losing access to the device, I was not able to achieve much so far.
I was finally able to get a working configuration as I wanted. I don’t exactly know what was different as I followed the same steps, but from a blank device that had not bridged ports by itself after the factory reset.
For what it’s worth, I will leave it here if anybody needs an example and finds this post