I’m trying to set up VLANs on an RB260 but so far every single guide I’ve found for doing so contains different instructions. There’s this MikroTik one, another MikroTik one, a third-party one, another third-party one, and then a fifth one for which I’ve lost the link which is different yet again. Does anyone know which of this multitude of incompatible VLAN setup guides is the correct one? Or, if they all more or less work, which is the preferred one to go with?
In case this makes any difference for the above question, I want to use the SFP port as a trunk including web access to the router and the various ethernet ports as untagged VLAN ports with the RB260 adding the tagging.
I’d seen that one but it seems to be more a tutorial on VLANs, as well as being CLI-based which means there’s a much bigger opportunity to break things than going via the GUI. Not to mention that it’s a 250-message thread offering various options and alternatives as you get further into it…
I have not looked at your collection of links in the first post (not taken the time), but I have several RB260 switches using a SFP as a trunk port. Is this on one of the “old” RB260s that are limited to SwitchOS 1.x or one of the “new” ones also known as a CSS106-5G-1S that uses SwitchOS version 2.x? The setup is a bit different between the two. I have each of those types.
OK, I took a quick look at the two Mikrotik references. My guess was correct, one is for the older RB260 and the other is the newer RB260 (aka CSS106-5G-1S).
Ah, that explains it. I’ve got the SwitchOS 2.x (2.13 from memory) one, not the older one. Since it’s mounted in a difficult-to-access location I’m trying to maximise the chances of getting the setup right the first time.
Thanks! The MikroTik way of doing this is a bit different to what I’m used to… the one change in the above, since I still want to be able to access the switch from a non-VLAN to configure it, would be to change the SFP setting step to Interfaces > Select SFP port > VLAN tab > Add VLANs as Any, default VLAN ID = 1 so both tagged and untagged traffic will get through.
On the System tab there’s also some management access settings but I assume that’s an AND rather than an OR, i.e. setting Allow from Ports = SFP, Allow from VLAN = 1 would still require setting the SFP VLAN tab to Any to allow untagged/VLAN 1 traffic through in the first place?
Well, that worked the first time, which kinda surprised me since with VLANs it’s really easy to lock yourself out with the slightest misstep. For anyone else trying this, some notes as a worked example, this assumes the SFP is the trunk port with two VLANs, VLAN 10 on Port 1 + 2, VLAN 20 on Port 3 + 4. Make the changes on the MikroTik before you change the upstream switch/router it’s connected to:
System > General > Independent VLAN Lookup = On (probably redundant unless you’re using the same MAC address across multiple VLANs).
VLANs > Append VLAN 10 + VLAN 20. Set SFP = Leave as is for all VLANs, Port 1+2 = Leave as is for VLAN 10 and Not a member otherwise, Port 3+4 = Leave as is for VLAN 20 and Not a member otherwise.
VLAN > Ingress, set SFP = Enabled, Any, VLAN ID 1, Port 1+2 = Strict, Only untagged, VLAN ID 10, Port 3+4 = Strict, Only untagged, VLAN ID 20.
VLAN > Egress, it seems like this should be Always strip since you’re going from VLAN tagged to untagged but it works fine with the default Leave as is.
Once you hit Apply you’ll lose access to things connected to the MikroTik because it’s expecting to see VLAN tagged traffic, so at this point you need to go to the upstream switch and make it a trunked port.
Hopefully I got all that down right without messing up any of the steps.