Page 1 of 1

First VLAN attempt

Posted: Fri Mar 03, 2017 6:18 pm
by ik3umt
I need to do this in CRS125 :


Eth22 is the trunk with a third party switch

Eth 1 to 21 are VLAN200 untagged

Practically, vlan access ports are on the remote switch while CRS is the gateway for each of those single vlans (and it is the gateway for local vlan200 ports too)

Any suggestion on how to achieve this , please ?

Re: First VLAN attempt

Posted: Sat Mar 04, 2017 8:25 pm
by Sob
I don't have any hardware I could test it with myself, but examples in manual look useful.

Re: First VLAN attempt

Posted: Wed Mar 08, 2017 9:26 am
by ik3umt
I have understood there are three type of hardware with different behaviour about vlan CCR, CRS and Atheros-based switch-chip

For now, i'm testing a spare RB3011 this way :

interface ethernet switch vlan print terse
0 switch=switch1 vlan-id=10 ports=ether1,ether2,ether3,ether4,ether5,switch1-cpu independent-learning=no
1 switch=switch1 vlan-id=200 ports=ether1,switch1-cpu independent-learning=no

interface ethernet switch port print terse
0 name=ether1 switch=switch1 vlan-mode=secure vlan-header=add-if-missing default-vlan-id=auto
1 name=ether2 switch=switch1 vlan-mode=secure vlan-header=always-strip default-vlan-id=10
2 name=ether3 switch=switch1 vlan-mode=secure vlan-header=always-strip default-vlan-id=10
3 name=ether4 switch=switch1 vlan-mode=secure vlan-header=always-strip default-vlan-id=10
4 name=ether5 switch=switch1 vlan-mode=secure vlan-header=always-strip default-vlan-id=10
10 name=switch1-cpu switch=switch1 vlan-mode=secure vlan-header=leave-as-is default-vlan-id=auto

so Ethernet 1 is the trunk to a third party switch with tagged vlans

A question about addressing and routing:

As the routerboard has to be the default gateway for both vlan subnets I have to create a Vlan interface each and give it the ip address that is the default gateway for that subnet and bind the switch1-cpu port to that Vlan (otherwise routing doesn't work)

Is it the right way to do ??

I've seen that doing so , a route for each vlan is created so inter-vlan routing is automatically enabled : to keep vlan traffic separated but allow them to route through wan, should I work around firewall filter rules ?

Please correct me if something is wrong or misunderstood.