VLANs (switch-cpu), VLAN interfaces, MGMT interface

martinb · February 8, 2017, 1:32pm

Hello guys,

I have already read some articles and posts about this topic. Also I have read the manual of mikrotik. But Im unable to run this simple topology. I also put here the config files. Maybe I just missing something. When I configure Vlan interfaces to every MK then it works fine, but I dont need interface VLAN20 on second MK2. I just want to make vlan interfaces only on MK1. MK2 would serve as L2 switch without any routed interface except mgmt intervace vlan10.

So when I dont have vlan20 interface on MK2 and I plug PC to Ether5 which is access vlan 20 the PC doesnt have connectivity to VLAN20 interface on MK1. When I configure vlan interface on MK2 then it has connectivity to vlan interface 20 on MK1.

config of MK1:

/interface ethernet
set [ find default-name=ether1 ] name=ether1-master
set [ find default-name=ether2 ] master-port=ether1-master
set [ find default-name=ether3 ] master-port=ether1-master
set [ find default-name=ether4 ] master-port=ether1-master
set [ find default-name=ether5 ] master-port=ether1-master
set [ find default-name=ether6 ] master-port=ether1-master
set [ find default-name=ether7 ] master-port=ether1-master
set [ find default-name=ether8 ] master-port=ether1-master
set [ find default-name=sfp-sfpplus1 ] master-port=ether1-master
set [ find default-name=sfpplus2 ] master-port=ether1-master
/interface vlan
add interface=ether1-master name=vlan10 vlan-id=10
add interface=ether1-master name=vlan20 vlan-id=20
/interface ethernet switch egress-vlan-tag
add tagged-ports=ether2 vlan-id=20
/interface ethernet switch vlan
add ports=ether2 vlan-id=20
add ports=switch1-cpu,ether2 vlan-id=10
/ip address
add address=192.168.1.10/24 interface=vlan10 network=192.168.1.0
add address=172.16.1.10/24 interface=vlan20 network=172.16.1.0

config of MK2:

/interface ethernet
set [ find default-name=ether1 ] name=ether1-master
set [ find default-name=ether2 ] master-port=ether1-master
set [ find default-name=ether3 ] master-port=ether1-master
set [ find default-name=ether4 ] master-port=ether1-master
set [ find default-name=ether5 ] master-port=ether1-master
set [ find default-name=ether6 ] master-port=ether1-master
set [ find default-name=ether7 ] master-port=ether1-master
set [ find default-name=ether8 ] master-port=ether1-master
set [ find default-name=sfp-sfpplus1 ] master-port=ether1-master
set [ find default-name=sfpplus2 ] master-port=ether1-master
/interface vlan
add interface=ether1-master name=vlan10 vlan-id=10
add interface=ether1-master name=vlan20 vlan-id=20
/interface ethernet switch egress-vlan-tag
add tagged-ports=ether2 vlan-id=20
/interface ethernet switch ingress-vlan-translation
add new-customer-vid=10 ports=ether3
add new-customer-vid=20 ports=ether5
/interface ethernet switch vlan
add ports=ether2,ether5 vlan-id=20
add ports=switch1-cpu,ether2 vlan-id=10
/ip address
add address=192.168.1.15/24 interface=vlan10 network=192.168.1.0

I want to use switch-cpu and I would like to bypass any bridge configuration.

martinb · February 10, 2017, 6:18pm

So I would like to react to my own post. I’ve changed the topology a bit. I don’t use the first MK1 anymore and I changed it to Cisco platform. But this change is really minnor so I don’t think that it is changing something anyway. MK2 is actually CRS210-8G-2S+IN and I use it with firmware version 6.38.1

Here is my config from MK2 and it works for me:

/interface vlan
add interface=sfp-sfpplus1 name=vlan10 vlan-id=10
add interface=sfp-sfpplus1 name=vlan20 vlan-id=20
add interface=sfp-sfpplus1 name=vlan30 vlan-id=30
/interface ethernet
set [ find default-name=ether1 ] master-port=sfp-sfpplus1
set [ find default-name=ether2 ] master-port=sfp-sfpplus1
set [ find default-name=ether3 ] master-port=sfp-sfpplus1
set [ find default-name=ether4 ] master-port=sfp-sfpplus1
set [ find default-name=ether5 ] master-port=sfp-sfpplus1
set [ find default-name=ether6 ] master-port=sfp-sfpplus1
set [ find default-name=ether7 ] master-port=sfp-sfpplus1
set [ find default-name=ether8 ] master-port=sfp-sfpplus1
/interface ethernet switch egress-vlan-tag
add tagged-ports=sfp-sfpplus1,switch1-cpu vlan-id=10
add tagged-ports=sfp-sfpplus1 vlan-id=20
add tagged-ports=sfp-sfpplus1 vlan-id=30
/interface ethernet switch ingress-vlan-translation
add new-customer-vid=10 ports=ether2
add new-customer-vid=20 ports=ether4
add new-customer-vid=30 ports=ether6
/interface ethernet switch vlan
add ports=switch1-cpu,ether2,sfp-sfpplus1 vlan-id=10
add ports=switch1-cpu,ether4,sfp-sfpplus1 vlan-id=20
add ports=switch1-cpu,ether6,sfp-sfpplus1 vlan-id=30
/ip address
add address=192.168.10.15/24 interface=vlan10 network=192.168.10.0

Without switch1-cpu parameter in the /interface ethernet switch egress-vlan-tag part the vlan10 interface is not reachable from cisco and also the vlan10 interface on cisco is not reachable from MK2.

I tested it and it seems that it works like I wished to. I will do some additional tests.