VLAN hell - NOOB :)

RouterOS Beginner Basics
1

Hi there,

I’m new to the mikrotik world. Hi everyone. :slight_smile: I’m excited to be here, but… This stuff is harder to make it WORK than I thought it would. So I’m sure I can get some valuable learning experience here. Having said that..

I purchased a CRS326-24G-2S+ to expand my home network (run out of port is the primary motivator) I have plans to clean up my IP CAMS, IoT device, remote home (site) access, but before I go there I need to figure out few items in the new realm-routeros (I had been using Merlin software on ASUS and been able to achieve most of the things i needed) . I will post under other threads on specifics. Sorry for the long winded intro.

So over the past few days I have been trying to figure out how to separate my IoT devices (thermostat, hue, lutron hubs) and IP Cameras (after i get the iot to work) from my main subnet so things work faster.

Basically I have followed the online manuals, various forums (including this one) and was not successful. I got there partially but never got it to work .

My setup for now is this.(till i figure out all about RouterOS i need to keep comfortable enough to take place of Asus as my main router)

internet provider modem / router → Asus AC router with Merlin Firmware (DHCP, DSN, wifi, VPN, traffic usage stats, kid control stuff) → CRS in bridge mode static ip from Asus router on eth1 (AP - secondary/extender, POE switches / smart and dumb, HyperV & hosts, home media wired, IoT hubs, wired PC/MAC)

I would like to create VLANs (i think it is the best ) with separate subnets for IoT hubs wired for now add wifi later, IP Cameras.

I tired to follow this guide (one of many) that got me closest to what i need in that i could route between the vlans but not get outside of the CRS https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#Management_port VLAN Example #3 (InterVLAN Routing by Bridge) -

What I would like to achieve is to have eth15 and eth16 get ip in the range 192.168.50.0/24 all ports of CRS are bridged on all ports, network is 192.168.1.0/24 . CRS IP is 192.168.1.6 , ASUS router 192.168.1.1
I did create DHCP for the 192.168.50.0/24 network and got the eth15 an eth16 get the IP

Anyone would care to help me out here. Please let me know if I have missed some crutial info or my info is lacking. I know I’m lacking some skills :frowning: , hence I 'm here.

Thanks in advance and Merry Xmass all.

2

Hi

Congrats on your purchase.

Your intent is not entirely clear to me:

  • “all ports of CRS are bridged on all ports”: do you intent for all ports to behave like trunk ports?
  • “eth15 and eth16 get ip in the range 192.168.50.0/24”: should these be access ports for some specific VLAN tag?
3

Thanks !

So no my intention is to have only one trunk port (eth 1) . Then use the some of the existing ports on the CRS to be VLAN200 (for IoT) having different subnet 192.168.50.x/24 . I was able to achieve that but I cant figure out the part where the new subnet on VLAN200 (eth15 and eth16 ports ) is then routed to trunk port (eth1) and down to my router. At this point I don’t need the orginal subnet 192.168.1.0/24 talk to 192.168.50.0/24 . That will be next phase once i get this simple thing to work you people like yourself … i hope..

Here is a layout of what I would like to accomplish in Phase I
isp modem → Asus router → eth01 port - CRS in bridge mode - eth10 port → Hyper-V ( 192.168.1.10) Static IP

  • eth15 port → MAC ( 192.168.1.20 ) DHCP IP from Asus router
  • eth20 port → IoT Hub #1 ( 192.168.50.10) DHCP IP from CRS
  • eth21 port → IoT Hub #2 ( 192.168.50.11) DHCP IP from CRS
4

Keep in mind that there is a difference between inter-VLAN routing and “router-on-a-stick”. With a router-on-a-stick setup, your router is providing the inter-VLAN routing and the switch has the VLANs configured on it only to place certain ports in certain VLANs as untagged or make certain ports trunk ports (passing all VLANs with tags). When your switch is doing the inter-VLAN routing, it is doubling as a ‘second router’, and this setup is more complex than “router-on-a-stick” unless your ASUS does not support VLAN configuration and inter-VLAN routing.

If you are trying to configure the CRS for inter-VLAN routing (which the wiki section you were reading was for), you are probably missing routes. First the CRS will need a default route to the ASUS router so that it can get online (unless it has gotten one from DHCP). After it has connectivity, you need to log into the ASUS router and create a static route so that the ASUS router knows to send traffic to 192.168.50.0/24 to the IP of your CRS (192.168.1.20?) as a next-hop.

If, on the other hand, you do a “router-on-a-stick” configuration, the ASUS will do the inter-VLAN routing, in which case the switch doesn’t really need an IP on the 192.168.50.0/24 network, but the ASUS does. You would add VLAN200 on the ASUS and give it an IP on the 192.168.50.0/24 network. The ASUS would then run the DHCP server for your IoT network. You then do not need VLAN200 added under /interface vlan - it would only need to be set up in bridge-related items.