VLAN configuration - RB2011UiAS-RM and CRS125-24G-1S-RM

torsteintveit · February 4, 2016, 9:19am

Hi all,

I have been trying to figure out vlan configuration in routeros in a while now, but I`m now seeking som help

I have an RB2011UiAS-RM as my router, and a CRS125-24G-1S-RM as a switch. The setup I´m trying to achieve is this: I want to have port# 6-10 on my router as edge ports in a vlan with vlanID: 10. Port #1 is my WAN port. Port #2-5 I want to have as core ports with vlans 192 an 172.

On my switch I am planning to have port #1 as uplink to my router. The rest of the ports I wants as edge ports with vlan 192.

I think I have control for setting up DHCP servers on the different VLANS. My problem som far has been to understand and configure these ports right, with vlans, etc.

Thanks for any help!

Regards, Torstein

torsteintveit · February 4, 2016, 11:46pm

I whent with a different approach,

On my router I have port#1 as WAN, and on interface port#2 I have created 3 vlans - 192, 172 and 10. I Have configured a DHCP server for each vlan.

On my switch I have the following setup:

[root@MikroTik_Switch] /interface ethernet> print
Flags: X - disabled, R - running, S - slave 
 #    NAME          MTU MAC-ADDRESS       ARP        MASTER-PORT      SWITCH     
 0 R  ether1-m...  1500 E4:8D:8C:A8:56:72 enabled    none             switch1    
 1 RS ether2       1500 E4:8D:8C:A8:56:73 enabled    ether1-master    switch1    
 2 RS ether3       1500 E4:8D:8C:A8:56:74 enabled    ether1-master    switch1    
 3  S ether4       1500 E4:8D:8C:A8:56:75 enabled    ether1-master    switch1    
 4  S ether5       1500 E4:8D:8C:A8:56:76 enabled    ether1-master    switch1    
 5  S ether6       1500 E4:8D:8C:A8:56:77 enabled    ether1-master    switch1    
 6  S ether7       1500 E4:8D:8C:A8:56:78 enabled    ether1-master    switch1    
 7  S ether8       1500 E4:8D:8C:A8:56:79 enabled    ether1-master    switch1    
 8  S ether9       1500 E4:8D:8C:A8:56:7A enabled    ether1-master    switch1    
 9  S ether10      1500 E4:8D:8C:A8:56:7B enabled    ether1-master    switch1    
10  S ether11      1500 E4:8D:8C:A8:56:7C enabled    ether1-master    switch1    
11 RS ether12      1500 E4:8D:8C:A8:56:7D enabled    ether1-master    switch1    
12  S ether13      1500 E4:8D:8C:A8:56:7E enabled    ether1-master    switch1    
13  S ether14      1500 E4:8D:8C:A8:56:7F enabled    ether1-master    switch1    
14  S ether15      1500 E4:8D:8C:A8:56:80 enabled    ether1-master    switch1    
15 RS ether16      1500 E4:8D:8C:A8:56:81 enabled    ether1-master    switch1    
16  S ether17      1500 E4:8D:8C:A8:56:82 enabled    ether1-master    switch1    
17  S ether18      1500 E4:8D:8C:A8:56:83 enabled    ether1-master    switch1    
18  S ether19      1500 E4:8D:8C:A8:56:84 enabled    ether1-master    switch1    
19  S ether20      1500 E4:8D:8C:A8:56:85 enabled    ether1-master    switch1    
20  S ether21      1500 E4:8D:8C:A8:56:86 enabled    ether1-master    switch1    
21  S ether22      1500 E4:8D:8C:A8:56:87 enabled    ether1-master    switch1    
22  S ether23      1500 E4:8D:8C:A8:56:88 enabled    ether1-master    switch1    
23 RS ether24      1500 E4:8D:8C:A8:56:89 enabled    ether1-master    switch1    
24  S sfp1         1500 E4:8D:8C:A8:56:8A enabled    ether1-master    switch1

[root@MikroTik_Switch] /interface ethernet switch ingress-vlan-translation> print
Flags: X - disabled, I - invalid, D - dynamic 
 0   ports=ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,ether11,ether12,
      ether13,ether14,ether15,ether16,ether17,ether18,ether19,ether20 
     service-vlan-format=any customer-vlan-format=any new-customer-vid=192 
     pcp-propagation=no sa-learning=yes 

 1   ports=ether23,ether24 service-vlan-format=any customer-vlan-format=any 
     new-customer-vid=10 pcp-propagation=no sa-learning=yes 

 2 D ports="" service-vlan-format=any customer-vlan-format=any new-customer-vid=4095 
     pcp-propagation=no sa-learning=no

[root@MikroTik_Switch] /interface ethernet switch vlan> print
Flags: X - disabled, I - invalid, D - dynamic 
 #   VLAN-ID PORTS                 SVL LEARN FLOOD INGRESS-MIRROR QOS-GROUP                
 0 D    4095 switch1-cpu           no  no    no    no             none                     
 1 X      10 ether1-master         no  yes   no    no             none                     
             ether23              
             ether24              
 2 X     172 ether1-master         no  yes   no    no             none                     
             ether2               
             ether3               
 3 X     192 ether1-master         no  yes   no    no             none                     
             ether2               
             ether3               
             ether4               
             ether5               
             ether6               
             ether7               
             ether8               
             ether9               
             ether10              
             ether11              
             ether12              
             ether13              
             ether14              
             ether15              
             ether16              
             ether17              
             ether18              
             ether19              
             ether20

[

root@MikroTik_Switch] /interface ethernet switch egress-vlan-tag> print
Flags: X - disabled, I - invalid, D - dynamic 
 #   VLAN-ID TAGGED-PORTS                                                                  
 0 D    4095
 1        10 ether1-master                                                                 
 2       192 ether1-master                                                                 
 3       172 ether1-master                                                                 
             ether2                                                                        
             ether3

I now have port 23 & 24 as edge ports in vlan 10 - as wantet - and everything is fine here.
I have port 4-20 as edge ports in vlan 192 - as wanted - and everything is OK.
On port 2 & 3 I think I have hybrid, with vlan 192 as edge, and 172 as tagged? Theese ports are connected to my AP`s (Ubiquiti AP AC-LITE), where I have one SSID without specifying vlan - this works great, and I am recieving IP as wantet from vlan 192. But I have a second SSID where I have specifyed vlan 172, but I am not getting any IP when connecting to this SSID.

Any suggestions? You might wonder why I have disabled vlans in: /interface ethernet switch vlan
This is simply because when I activate these, I am not longer able to manage the switch from other ports than 21 & 22 witch is not listed in any other vlan configuration…