Good morning,
I am having an issue with desired setup and I would like to ask you for advice / recommendation. I need a setup for configuration where I cannot VLAN all the access ports and need them to act as a pure switch
L009 - working as combination of switch / router - “wan = ether1“ port is connected to company network and rest of the ports are trunks for both VLAN and non-VLAN. Desired as router for those devices which have VLAN defined and for rest of them as a switch
CRS354 - working as a switch .. trunk port (sfp1) is connected to the L009 a end devices to the access port (where VLAN for end point are defined or not)
It is working. I can separate vlan networks and if there is no vlan defined (id=1) I can be part of company network (wan).
What is concerning is routerOS Broadcast / Tx drop packets on the CRS354. On the simple IP telephone I am having 1701315 Broadcast / 154926 Unicast / 2392509 Tx drop. 24672/0 Tx / Rx BPDu.
All devices (IP telephones, AP’s, wifi devices) are available and there is no obvious issue but apparently this state/configuration is not healthy .. especially with BPDu. I am afraid that there can be some virtual loop caused by VLANs.
Can you please check configuration files if there would be something which you thing is obvious mistake? I did not post complete configuration files .. rather then relevant part regarding VLANs
Thank you.
CRS354
add admin-mac=D4:01:C3:A2:9C:5C auto-mac=no comment=defconf name=bridge vlan-filtering=yes
/interface bridge port
add bridge=bridge comment=defconf frame-types=admit-only-untagged-and-priority-tagged interface=ether1
add bridge=bridge comment=defconf frame-types=admit-only-untagged-and-priority-tagged interface=ether14 pvid=10
add bridge=bridge comment=defconf frame-types=admit-only-untagged-and-priority-tagged interface=ether41 pvid=30
add bridge=bridge comment=defconf frame-types=admit-only-vlan-tagged interface=sfp-sfpplus1
/interface bridge vlan
add bridge=bridge tagged=sfp-sfpplus1 untagged=ether13,ether14,ether15,ether16,ether17,ether18,ether19,ether21,ether22,ether20,ether24 vlan-ids=10
add bridge=bridge disabled=yes tagged=sfp-sfpplus1 untagged=ether25,ether26,ether27,ether28,ether29,ether30,ether31,ether32,ether33,ether34,ether35,ether36 vlan-ids=20
add bridge=bridge tagged=sfp-sfpplus1 untagged=ether37,ether38,ether39,ether40,ether41,ether42,ether43,ether44,ether45,ether46,ether47,ether48 vlan-ids=30
add bridge=bridge tagged=sfp-sfpplus1 untagged=ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,ether11,ether12,ether25,ether26,ether27,ether28,ether29,ether30,ether31,ether32,ether33,ether34,ether35,ether36 vlan-ids=1
L009
/ip dhcp-server
add address-pool=vlan10_wifi_pool disabled=yes interface=bridge name=defconf
add address-pool=vlan10_wifi_pool interface=vlan10_wifi lease-time=8h name=server10_wifi
add address-pool=vlan20_VOIP_pool interface=vlan20_VOIP name=server20_voip
add address-pool=vlan30_tech_pool interface=vlan30_tech name=server30_tech
/interface bridge port
add bridge=bridge comment=defconf frame-types=admit-only-vlan-tagged interface=ether2
add bridge=bridge comment=defconf frame-types=admit-only-vlan-tagged interface=ether3
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged interface=ether1
/interface bridge vlan
add bridge=bridge tagged=sfp1,ether2,ether3,ether4,ether5,ether6,ether7,ether8 vlan-ids=10
add bridge=bridge tagged=sfp1,ether2,ether3,ether4,ether5,ether6,ether7,ether8 vlan-ids=20
add bridge=bridge tagged=sfp1,ether2,ether3,ether4,ether5,ether6,ether7,ether8 vlan-ids=30
add bridge=bridge tagged=ether2,sfp1,ether3 untagged=ether1 vlan-ids=1
/ip address
add address=10.0.0.1/24 interface=ether1 network=10.0.0.0
add address=192.168.8.1/22 interface=vlan10_wifi network=192.168.8.0
add address=192.168.20.1/24 interface=vlan20_VOIP network=192.168.20.0
add address=192.168.163.1/24 interface=vlan30_tech network=192.168.163.0
add address=192.168.162.1/24 interface=wireguard1 network=192.168.162.0
/ip dhcp-server network
add address=192.168.8.0/22 dns-server=192.168.8.1 gateway=192.168.8.1 netmask=22 ntp-server=192.168.8.1
add address=192.168.20.0/24 dns-server=192.168.20.1 gateway=192.168.20.1 netmask=24 ntp-server=192.168.20.1
add address=192.168.163.0/24 dns-server=192.168.163.1 gateway=192.168.163.1 netmask=24 ntp-server=192.168.163.1