I’m trying to establish a simple port-based VLAN between CRS125 and RB260GS switches. I have configured ports on the CRS125 following https://wiki.mikrotik.com/wiki/Manual:CRS_examples#Port_Based_VLAN with my configuration being:
ether4,ether5,ether6 : vlan-id=20
ether4,ether7,ether8 : vlan-id=50
I can get the solution to partially work by specifying the Default VLAN ID on Port1 of the RB260GS. Set it to 20 and VLAN20 works, set it to 50 and VLAN50 works. Setting “VLAN Received” to “only tagged” on Port1 has no effect so I’m surmising that the CRS125 is actually tagging its egress traffic. Looking at the Hosts tab on the RB260 doesn’t help much as no VLAN is shown against any MAC address, locally attached or coming across the Trunk.
Looking at /interface ethernet switch unicast-fdb print on the CRS125 shows MAC addresses on the local switch against the correct VLANs but MACs coming from the RB260GS show against VLAN4091 which is dynamically assigned. I’m assuming this is related to my problem. Can anyone offer some insight or suggestions on how I can diagnose the problem?
I’ve now methodically tried every combination of Ingress/Egress settings on the RB260GS and the only setting that has any effect is specifying the Default VLAN ID on the incoming Trunk port (Port 1 in my config). I can only conclude that it is unable to read the VLAN-ID on the ingress port from the CRS125, thus seeing all ingress traffic as untagged and applying the Default VLAN to it. Unfortunately I don’t have another device running RouterOS to prove my theory that the SwOS device is (as of SwOS v2.4) incompatible with the CRS125 VLANs.
I continue to be amazed at how complicated it is to set up the same vlan on multiple ports in MikroTik. I’m pretty sure it’s some setup issue. It’s unlikely it’s compatibility.
Maybe try just setting regular vlan interfaces on port 4 of the CRS (not the port based setup you’re using now) just to see if it works? Just create 2 vlan interfaces and make their parent interface eth4. This is not a solution, just something to try.
It’s actually pretty easy. Here’s a couple screen captures from my RB260GS:
VLAN tab
And VLANs tab
To translate a little, the Open Mesh is an access point that needs non-VLAN access to something in order to communicate with it’s cloud based management. VLAN 201 is used for that. VLANs 102, 103, 131, 202, 203, & 204 are all sent to the access point with VLAN tagging. Four of those appear as different SSIDs on the WiFi. The reason that there are six VLANs sent to the AP is that I was in a bit of a transition when this screen capture was taken. The DC E6804 and Xmas E682 are lighting controllers that live on the 131 LAN. They are NOT VLAN aware devices. The outside jack is a LAN jack out in my front yard. It is normally functionally dead by being on VLAN 1 that does not go anywhere. If I need it, I will enable it on whatever LAN I need it to be on. The Garage trunk and Backup trunk is the trunk going to the far end device (only one is in use). It has only VLAN traffic on the trunk for any of the VLANs.
The far end of the trunk in my case is a HP 2610-48. I don’t uses routers as switches. If I want a switch, I buy a switch; if I want a router, I buy a router.
Thanks very much for the replies. I’m embarrassed to say I was completely barking up the wrong tree by blaming the RB260GS, it’s working fine. I borrowed another smart switch (a TL-SG2008) and quickly discovered it worked perfectly in combination with the RB260GS and I could trunk VLANs between them with no problem.
I couldn’t get either switch to interact with the CRS125. Placing Wireshark on the Trunk between the CRS125 and either switch showed all packets from both sides as being tagged with the correct VLANs but I was also seeing VLAN tags on the Egress ports of the CRS125. As the devices on those ports weren’t VLAN aware, I’m guessing they just dropped the packets. All I got was a flurry of ARP requests and no replies to them. Nothing I tried corrected this behavior so I reverted the CRS125 to a flat switch config and created the Trunk/VLANs between the other two switches. Not the ideal outcome but at least I have a working configuration.
I work on Juniper and Cisco all day, plus a few others, and I don’t find MikroTik easy at all. Maybe I’m missing some simple concept that will tie it all together.
I understand the concepts in the documentation, it just requires a whole lot more thought and planning than the “big” brands. I hope the new bridge implementation helps, I haven’t read the documentation on that.
