WAN on switch

Jojolejobar · June 2, 2023, 12:13pm

Hello,

I would like to have the following infrastructure for my home :

ISP —> (Sfp+1, Vlan 100 needed) CSS610-8P-2S+IN (Sfp+2) —> (Sfp+) RB5009

I would like to know if it is a good idea and how I am a able to do that

I think I don’t know if I can setup a dhcp client on the switch to get an ip on WAN and then setup the router and the switch on the same subnet to communicate the through sfp. I also don’t know how to redirect wan trafic to the WAN port, does it work to mark all packets for internet as Vlan 100

erlinden · June 2, 2023, 1:36pm

So you want to act the switch (CSS610-8P-2S+IN) as router and then the router (RB5009) as switch?
With RouterOS you can do nearly anything…so configuring is possible. But it doesn’t make sense…

Can you explain a bit more?

Jojolejobar · June 2, 2023, 5:15pm

No I want the switch to act as a switch and the router as a router.

But since the switch has 2 Sfp ports and the router only one, I was thinking that I could put the ISP on my switch instead of on the router and link the router to the switch on the second sfp.

Dillton · October 29, 2023, 7:23pm

Hello @Jojolejobar.

Did you manage to get this setup work?
I am currently in the same scenario with basically same HW and I know this should be possible with usage of VLANs.

BoerbooM · October 30, 2023, 12:41pm

I am going to follow this too.
Did not get this working on my RB2011, but wanne try again with the L009UiGS and my CSS610-8G-2S+IN.
Very curious!

k6ccc · October 30, 2023, 4:52pm

What is the point of the switch - as opposed to just running the ISP connection into the router?

Now, I am doing something similar however. My router (RB4011) is in my garage data cabinet. My fiber ISP drops into the garage data cabinet and there is a Ethernet connection directly from the ONT into the RB4011. However, my cable ISP comes into my family room. That is connected to the family room CSS326 switch and becomes tagged as VLAN 100 in the CSS326. That in turn runs over a VLAN trunk to a CSS326 switch in the data cabinet where VLAN 100 is stripped out and is connected to a port on the RB4011. Then most of the various house LANs go back to the family room over that same VLAN trunk.

BoerbooM · October 31, 2023, 1:29pm

I needed more than the 8 eth ports on the RB2011, so i bought the cloud switch. Later on a fiber ISP became available, so i switched.
Without needing a router from the ISP, i got a SFP cable directly in my router.

Recently bought the L009 because the RB2011 died.
As i would like to connect the router through SFP with the cloud switch instead of the eth cable, i was wondering if this would be possible.

So am I able to connect the ISP with SFP to the cloud switch, the cloud switch with SFP to the L009 and make the L009 receive the ISP connection.
No is also an answer

Gblenn · November 24, 2023, 3:54pm

I am looking at a somewhat similar setup and have some problems that I can’t really figure out.

I’m using a CSS326-24G-2S for my setup, which also has two SFP+ ports and the rest are 1Gig only.

I am running pfsense as my firwall/router and normally plug the fiber module directly into that machine. However, now I wanted to play around with some other firewalls, which I can run virtualized on a different server in the same rack. And instead of having to move the fiber module every time I switch between machines, I thought of using the Mikrotik as a glorified media converter.

I have already tried this on TP-Link switch, whiched worked perfectly fine.

What I do is to set up the SFP+ and another of the ports with VLAN 500, and nothing more. As they are the only ports in the switch which accept that TAG, it simply creates a “tunnel” between the two ports. This “tunnel” can of course go across switches, provided the VLAN 500 is part of the trunk. Which I suppose is the scenario Jojoljobar is after…

And now I wanted to use the Mikrotik for this exact same purpose as the TP-Link, but I can’t get it to work out!

I have tried using only port isolation, modifying the mapping so that only the two ports I want to, can talk to each other.
I have tried setting up separate VLAN for the two ports only.
I have tried combining port isolation and VLAN.
I have tried without VLAN entirely (only having a VLAN for the port I use for accessing the UI).
I have been fiddling with other settings like IGMP snooping, Fast Leave, Discovery Protocol etc. but it doesn’t seem to matter.

Whichever way I try, I lose my IP on pfsense after some 6-7 hours or so. Which makes it a slow process when testing…

Mikrotik reports both ports Link UP, and I can even see traffic on pfsense, but no IP and hence no Internet. I can pcap WAN from within pfsense and see a lot of “traffic” hitting the port, basically revealing a lot of MAC’s on the ISP side, but I don’t really know if there’s anything there which could reveal what’s going on?.

The second I plug the module back directly into pfsense, I get my IP back. When I do change over to go via the Mikrotik switch, it takes a long time before pfsense picks up the IP, more than a minute I belive. Whereas when I do the same thing in the TP-Link case, I get an IP in an instant.
What can be different between the switches, and what can possibly be going on with the Mikrotik switch in this scenario??