VLANs on a CCR?

m00dawg · February 6, 2016, 5:17pm

I’m trying to figure out how VLANs should be working on my CCR1009. I have a few setup already but they are all trunked to my downlink port to my CRS109 which made things pretty simple. But for the next VLAN I want to use, I need to trunk it to both my downlink and to a port on my CCR1009 that my NAS is connected to. I’m not sure where I should be defining the VLANs (on the switch section or within the Interface section, or if I should be using a bridge or what).

My current, non-working, setup is that I have VLAN interfaces on my downlink and NAS ports. Then I made a bridge and attached a IP address to that for the router. The NAS is in a hybrid setup. I setup VLAN tagging on Linux and created a eth0.4 interface. At one point I had basic communication working between the NAS port to the router, but now nothing seems to be working.

The VLAN docs on the wiki seem to be more switch centric and only show single trunk setups on the router side.

Curious has anyone done something like this that can offer up some advice? This is for security cameras and the VLAN is to both limit outbound traffic as well as to avoid multicasting overhead (I know Mikrotik aren’t fans of multicasting but the cameras still like to be chatty cathys on multicast and I want to limit the scope as as result).

chechito · February 6, 2016, 5:38pm

taking in count architecture of equipment try testing with eth6-eth8 because are directly to cpu interfaces
CCR1009-8G-1S-1SplusPC-160128142122.png

Revelation · February 7, 2016, 5:08am

m00dawg:

I’m trying to figure out how VLANs should be working on my CCR1009. I have a few setup already but they are all trunked to my downlink port to my CRS109 which made things pretty simple. But for the next VLAN I want to use, I need to trunk it to both my downlink and to a port on my CCR1009 that my NAS is connected to. I’m not sure where I should be defining the VLANs (on the switch section or within the Interface section, or if I should be using a bridge or what).

My current, non-working, setup is that I have VLAN interfaces on my downlink and NAS ports. Then I made a bridge and attached a IP address to that for the router. The NAS is in a hybrid setup. I setup VLAN tagging on Linux and created a eth0.4 interface. At one point I had basic communication working between the NAS port to the router, but now nothing seems to be working.

The VLAN docs on the wiki seem to be more switch centric and only show single trunk setups on the router side.

Curious has anyone done something like this that can offer up some advice? This is for security cameras and the VLAN is to both limit outbound traffic as well as to avoid multicasting overhead (I know Mikrotik aren’t fans of multicasting but the cameras still like to be chatty cathys on multicast and I want to limit the scope as as result).

I have a CCR1009 and I can at least tell you how I did it. Butch Evans Blog helped me tremendously as this was my first exposure to Mikrotik. http://blog.butchevans.com/2010/02/to-tag-or-not-to-tag-that-is-the-question/

So I created Bridges to act as my VLAN interfaces with IPs assigned. I did it this way so I could bridge VLANs as well as ports into a single VLAN instance.

Example:

23  R  ;;; MGMT DG ///192.168.88.1 ///
       bridge-vlan1                        bridge           1500  1576            4C:5E:0C:E8:4E:ED
24  R  ;;; Data DG /// 10.10.25.65 ///
       bridge-vlan20                       bridge           1500  1576            4C:5E:0C:E8:4E:ED
25  R  ;;; DMZ DG /// 10.10.25.17 ///
       bridge-vlan30                       bridge           1500 65535            00:00:00:00:00:00
26  R  ;;; Server DG /// 10.10.25.33 ///
       bridge-vlan40                       bridge           1500  1576            4C:5E:0C:E8:4E:F3
27  R  ;;; NAS DG /// 10.10.25.1 ///
       bridge-vlan50                       bridge           1500  1580            4C:5E:0C:E8:4E:F5
28  R  ;;; Wifi DG /// 10.10.25.129 ///
       bridge-vlan70                       bridge           1500  1578            4C:5E:0C:E8:4E:F1

/interface bridge
add name=bridge-vlan20
/interface vlan
add name=DATA-eth3 interface=ether3 vlan-id=20
/interface bridge port
add interface=DATA-eth3 bridge=bridge-vlan20
/ip address
add interface=bridge-vlan20 address=10.10.25.0/27

Trunks Example:

/interface vlan
add name=DATA-sfp interface=sfp vlan-id=20
add name=MGMT-sfp interface=sfp vlan-id=1
/interface bridge port
add interface=DATA-sfp bridge=bridge-vlan20
add interface=MGMT-sfp bridge=bridge-vlan1

This may not be the best way or the only way to accomplish what you are looking for, I can simply tell you this is how I got it to work. Read Butch’s blog, there’s a lot of good info in there.

m00dawg · February 7, 2016, 4:59pm

Awesome thanks folks! Sounds like I’m on the right track with the bridging, but I’ll definitely chat out that blog! As I think what chechito alluded to, my NAS is connected to a switched port but my downlink isn’t (so it would have to go through the CPU). I wasn’t too much concerned with that though given the cameras won’t be sending that much traffic. Although I can’t remember why I put my downlink port not on a switch port. I feel like I did that for a reason but of course I can’t remember now

Anyways I’ll read up on the blog, thanks again!