VLANs + switch chip under CRS125

Hello, I recently configured a CRS125-24G-1S-RM switch to use vlans and switch chip. I created an script for that and would like some validation and comments. Here we have.

First, how network is segmented:

Servers => vlan 10 - 192.168.10.0/24 ports 1, 5, 6, 7 e 8
Clients => vlan 20 - 192.168.20.0/24 ports 1, 9, 10, 11 e 12
Clients => vlan 30 - 192.168.30.0/24 ports 1, 13, 14, 15 e 16
Clients => vlan 40 - 192.168.40.0/24 ports 1, 17, 18, 19 e 20
Clients => vlan 50 - 192.168.50.0/24 ports 1, 21, 22, 23 e 24
Management => vlan 100 - 192.168.100.0/24 ports 1, 2, 3, 4 e 5

/interface vlan
add name=vlan10 vlan-id=10 interface=ether1-master-local
add name=vlan20 vlan-id=20 interface=ether1-master-local
add name=vlan30 vlan-id=30 interface=ether1-master-local
add name=vlan40 vlan-id=40 interface=ether1-master-local
add name=vlan50 vlan-id=50 interface=ether1-master-local
add name=vlan100 vlan-id=100 interface=ether1-master-local

/ip address
add address=192.168.10.254/24 interface=vlan10 network=192.168.10.0
add address=192.168.20.254/24 interface=vlan20 network=192.168.20.0
add address=192.168.30.254/24 interface=vlan30 network=192.168.30.0
add address=192.168.40.254/24 interface=vlan40 network=192.168.40.0
add address=192.168.50.254/24 interface=vlan50 network=192.168.50.0
add address=192.168.100.254/24 interface=vlan100 network=192.168.100.0

/interface ethernet switch vlan
add ports=ether5-slave-local,ether6-slave-local,ether7-slave-local,ether8-slave-local,switch1-cpu vlan-id=10
add ports=ether9-slave-local,ether10-slave-local,ether11-slave-local,ether12-slave-local,switch1-cpu vlan-id=20
add ports=ether13-slave-local,ether14-slave-local,ether15-slave-local,ether16-slave-local,switch1-cpu vlan-id=30
add ports=ether17-slave-local,ether18-slave-local,ether19-slave-local,ether20-slave-local,switch1-cpu vlan-id=40
add ports=ether21-slave-local,ether22-slave-local,ether23-slave-local,ether24-slave-local,switch1-cpu vlan-id=50
add ports=ether2-slave-local,ether3-slave-local,ether4-slave-local,switch1-cpu vlan-id=100

/interface ethernet switch egress-vlan-tag
add tagged-ports=switch1-cpu vlan-id=10
add tagged-ports=switch1-cpu vlan-id=20
add tagged-ports=switch1-cpu vlan-id=30
add tagged-ports=switch1-cpu vlan-id=40
add tagged-ports=switch1-cpu vlan-id=50
add tagged-ports=switch1-cpu vlan-id=100

/interface ethernet switch ingress-vlan-translation
add ports=ether5-slave-local,ether6-slave-local,ether7-slave-local,ether8-slave-local new-customer-vid=10
add ports=ether9-slave-local,ether10-slave-local,ether11-slave-local,ether12-slave-local new-customer-vid=20
add ports=ether13-slave-local,ether14-slave-local,ether15-slave-local,ether16-slave-local new-customer-vid=30
add ports=ether17-slave-local,ether18-slave-local,ether19-slave-local,ether20-slave-local new-customer-vid=40
add ports=ether21-slave-local,ether22-slave-local,ether23-slave-local,ether24-slave-local new-customer-vid=50
add ports=ether2-slave-local,ether3-slave-local,ether4-slave-local new-customer-vid=100

With this all vlans communicate among them.

Comments, any thoughts?

I appreciate,
Marcello.

If it works as expected, I think you probably did a pretty good job.

One thing to keep in mind is that the CRS products are designed primarily as a switch and have limited routing capabilities. Depending on how much throughput you need between your internal network or how large your ISP link is, the CRS may not be up to the task. You may need to use a separate router with more CPU to achieve speeds higher than about 300 mbps when routing.