First VLAN attempt
Posted: Fri Mar 03, 2017 6:18 pm
I need to do this in CRS125 :
Eth22 is the trunk with a third party switch
Eth 1 to 21 are VLAN200 untagged
Practically, vlan access ports are on the remote switch while CRS is the gateway for each of those single vlans (and it is the gateway for local vlan200 ports too)
Any suggestion on how to achieve this , please ?
Re: First VLAN attempt
Posted: Sat Mar 04, 2017 8:25 pm
I don't have any hardware I could test it with myself, but examples in manual
Re: First VLAN attempt
Posted: Wed Mar 08, 2017 9:26 am
I have understood there are three type of hardware with different behaviour about vlan CCR, CRS and Atheros-based switch-chip
For now, i'm testing a spare RB3011 this way :
interface ethernet switch vlan print terse
0 switch=switch1 vlan-id=10 ports=ether1,ether2,ether3,ether4,ether5,switch1-cpu independent-learning=no
1 switch=switch1 vlan-id=200 ports=ether1,switch1-cpu independent-learning=no
interface ethernet switch port print terse
0 name=ether1 switch=switch1 vlan-mode=secure vlan-header=add-if-missing default-vlan-id=auto
1 name=ether2 switch=switch1 vlan-mode=secure vlan-header=always-strip default-vlan-id=10
2 name=ether3 switch=switch1 vlan-mode=secure vlan-header=always-strip default-vlan-id=10
3 name=ether4 switch=switch1 vlan-mode=secure vlan-header=always-strip default-vlan-id=10
4 name=ether5 switch=switch1 vlan-mode=secure vlan-header=always-strip default-vlan-id=10
10 name=switch1-cpu switch=switch1 vlan-mode=secure vlan-header=leave-as-is default-vlan-id=auto
so Ethernet 1 is the trunk to a third party switch with tagged vlans
A question about addressing and routing:
As the routerboard has to be the default gateway for both vlan subnets I have to create a Vlan interface each and give it the ip address that is the default gateway for that subnet and bind the switch1-cpu port to that Vlan (otherwise routing doesn't work)
Is it the right way to do ??
I've seen that doing so , a route for each vlan is created so inter-vlan routing is automatically enabled : to keep vlan traffic separated but allow them to route through wan, should I work around firewall filter rules ?
Please correct me if something is wrong or misunderstood.