Hi,
I recently purchased a CRS326 in order to replace my Linksys LGS308. Reason is, that I need more ports and furthermore I want to have all ports monitored via SFLOW for the management software I am using. Because of the latter I run routeros rather than swos.
Basically besides VLANs and SFLOW there aren't any functionality I am planning to use (so far).
Current setup of my vlan on the linksys switch is like that:
But I am really struggeling with the vlan setup on the CRS326. How is this being done via the webinterface. Is there a tutorial with some basic steps to map a vlan to a specific port, either as trunk or as an access port.
thanks in advance,
macx
RouterOS 6.41.3
RouterOS basic vlan config
You do not have the required permissions to view the files attached to this post.
Re: RouterOS basic vlan config
Hey,
I followed this tutorial - https://wiki.mikrotik.com/wiki/Manual:I ... s_Ports.29
I'd like to start with a trunk port to connect the CRS to the Linksys switch. I'll use port 4 on Linksys for that (settings are of Linksys shown in the picture above). What I did so far on CRS is:
<a bridge with the name "bridge" connected to all ports already exists and therefore there's no need to create a new bridge I suppose>
/interface bridge
set bridge vlan-filtering=no
<Trunk should be ethernet port 24>
/interface bridge vlan
add bridge=bridge tagged=ether24 vlan-ids=1,2,3,10,66,100
<activate vlan-filtering>
/interface bridge
set bridge vlan-filtering=yes
ip address of CRS has been changed to same subnet as Linksys switch. My expectation was after connecting Port24 of CRS to Port4 of Linksys pinging the IP address of CRS should be possible from another PC in the same subnet. Unfortunately it didn't work. Pinging Linksys from that PC does work.
I guess I am missing something here. Can you point me to the right direction?
Best
I followed this tutorial - https://wiki.mikrotik.com/wiki/Manual:I ... s_Ports.29
I'd like to start with a trunk port to connect the CRS to the Linksys switch. I'll use port 4 on Linksys for that (settings are of Linksys shown in the picture above). What I did so far on CRS is:
<a bridge with the name "bridge" connected to all ports already exists and therefore there's no need to create a new bridge I suppose>
/interface bridge
set bridge vlan-filtering=no
<Trunk should be ethernet port 24>
/interface bridge vlan
add bridge=bridge tagged=ether24 vlan-ids=1,2,3,10,66,100
<activate vlan-filtering>
/interface bridge
set bridge vlan-filtering=yes
ip address of CRS has been changed to same subnet as Linksys switch. My expectation was after connecting Port24 of CRS to Port4 of Linksys pinging the IP address of CRS should be possible from another PC in the same subnet. Unfortunately it didn't work. Pinging Linksys from that PC does work.
I guess I am missing something here. Can you point me to the right direction?
Best
Re: RouterOS basic vlan config
Once you have a start of a config, post it here for us to review.
If using winbox note in the upper left a SAFE MODE.
Use this. If you do something wrong it will kick you out of winbox and unroll to the last changes.
Typically what I do is make a few changes. IF not kicked out I will undo safe mode, to save my work and then apply safe mode again.
Thus whenever I do something that would freeze, log out, befuddle the router, it simply kicks me out and allows me to reconnect at the last safe point.
If using winbox note in the upper left a SAFE MODE.
Use this. If you do something wrong it will kick you out of winbox and unroll to the last changes.
Typically what I do is make a few changes. IF not kicked out I will undo safe mode, to save my work and then apply safe mode again.
Thus whenever I do something that would freeze, log out, befuddle the router, it simply kicks me out and allows me to reconnect at the last safe point.
Re: RouterOS basic vlan config
what you've defined so far is just the trunk port and ids of the vlans
But
You'll need to redefine / update the ports definitions -> /interface bridge port
These vlans, except for 1, end there, as no other port is participating / propagating any of these vlans. -> /interface bridge vlan
the ip on MT is on bridge I guess?
the ip on Linksys is on vlan 1 as well?
But
You'll need to redefine / update the ports definitions -> /interface bridge port
These vlans, except for 1, end there, as no other port is participating / propagating any of these vlans. -> /interface bridge vlan
the ip on MT is on bridge I guess?
the ip on Linksys is on vlan 1 as well?
Re: RouterOS basic vlan config
Hi again,
I didn't have much time recently to keep on trying to set it up. But now I try again and still don't get it properly.
second thing I did, was configuring one access port:
/interface bridge vlan
add bridge=bridge untagged=ether17 vlan-ids=2
so, Port 17 is an access port on vlan 2 untagged.
Port 24 is a trunk port for vlans 1,2,3,10,66,100
the ip on MT is on bridge I guess? --- What exactly does that mean. I set up the IP of the MT via the WebUI using QuickSet. Is that what you mean?
the ip on Linksys is on vlan 1 as well? The IP of Linksys as well as MT is on vlan 2
If I try to add bridge port and specify pvid:
/interface bridge port
add bridge=bridge interface=ether17 pvid=2
I get the following error message:
failure: device already added as bridge port
any idea?
I didn't have much time recently to keep on trying to set it up. But now I try again and still don't get it properly.
second thing I did, was configuring one access port:
/interface bridge vlan
add bridge=bridge untagged=ether17 vlan-ids=2
so, Port 17 is an access port on vlan 2 untagged.
Port 24 is a trunk port for vlans 1,2,3,10,66,100
the ip on MT is on bridge I guess? --- What exactly does that mean. I set up the IP of the MT via the WebUI using QuickSet. Is that what you mean?
the ip on Linksys is on vlan 1 as well? The IP of Linksys as well as MT is on vlan 2
If I try to add bridge port and specify pvid:
/interface bridge port
add bridge=bridge interface=ether17 pvid=2
I get the following error message:
failure: device already added as bridge port
any idea?
Re: RouterOS basic vlan config
Post the output of /export compact hide-sensitive file=MyConfig.rsc. It will show up in the "Files" menu. Paste it between code tags.
Re: RouterOS basic vlan config
Code: Select all
jan/03/1970 06:48:44 by RouterOS 6.41.3
# software id = xxx
#
# model = CRS326-24G-2S+
# serial number = xxx
/interface bridge
add admin-mac=CC:2D:E0:C7:00:DC auto-mac=no comment=defconf name=bridge \
vlan-filtering=yes
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface bridge port
add bridge=bridge comment=defconf interface=ether1
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=ether10
add bridge=bridge comment=defconf interface=ether11
add bridge=bridge comment=defconf interface=ether12
add bridge=bridge comment=defconf interface=ether13
add bridge=bridge comment=defconf interface=ether14
add bridge=bridge comment=defconf interface=ether15
add bridge=bridge comment=defconf interface=ether16
add bridge=bridge comment=defconf interface=ether17 pvid=2
add bridge=bridge comment=defconf interface=ether18
add bridge=bridge comment=defconf interface=ether19
add bridge=bridge comment=defconf interface=ether20
add bridge=bridge comment=defconf interface=ether21
add bridge=bridge comment=defconf interface=ether22
add bridge=bridge comment=defconf interface=ether23
add bridge=bridge comment=defconf interface=ether24
add bridge=bridge comment=defconf interface=sfp-sfpplus1
add bridge=bridge comment=defconf interface=sfp-sfpplus2
/interface bridge vlan
add bridge=bridge tagged=ether24 vlan-ids=1,2,3,10,66,100
/interface list member
add interface=ether1 list=WAN
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=ether5 list=LAN
add interface=ether6 list=LAN
add interface=ether7 list=LAN
add interface=ether8 list=LAN
add interface=ether9 list=LAN
add interface=ether10 list=LAN
add interface=ether11 list=LAN
add interface=ether12 list=LAN
add interface=ether13 list=LAN
add interface=ether14 list=LAN
add interface=ether15 list=LAN
add interface=ether16 list=LAN
add interface=ether17 list=LAN
add interface=ether18 list=LAN
add interface=ether19 list=LAN
add interface=ether20 list=LAN
add interface=ether21 list=LAN
add interface=ether22 list=LAN
add interface=ether23 list=LAN
add interface=ether24 list=LAN
add interface=sfp-sfpplus1 list=LAN
add interface=sfp-sfpplus2 list=LAN
/ip address
add address=192.168.88.1/24 comment=defconf disabled=yes interface=bridge \
network=192.168.88.0
add address=192.168.2.60/24 interface=ether2 network=192.168.2.0
/system routerboard settings
set boot-os=router-os
Re: RouterOS basic vlan config
If the linksys is on mgmt VLAN 2 you will not be able to ping it from the mikrotik which is on VLAN 1. You will need to create a VLAN interface under /interface vlan (this only has to be done for VLANs that you want to put an IP on), with interface=bridge and vlan-id=2, and put the IP address on this VLAN interface. You also then need to add vlan 2 as a tagged port on bridge, otherwise the traffic will not get to the VLAN interface. Right now you have a combined entry for all VLANs i.e. "/interface bridge vlan add bridge=bridge tagged=ether24 vlan-ids=1,2,3,10,66,100", I usually do a separate entry for each VLAN instead of doing a big combined one like this because it is easier to work with. At the very least you will need to remove vlan 2 from that statement and make a new one that has vlan-ids=2 and set tagged=ether24,bridge.Hi again,
I didn't have much time recently to keep on trying to set it up. But now I try again and still don't get it properly.
second thing I did, was configuring one access port:
/interface bridge vlan
add bridge=bridge untagged=ether17 vlan-ids=2
so, Port 17 is an access port on vlan 2 untagged.
Port 24 is a trunk port for vlans 1,2,3,10,66,100
the ip on MT is on bridge I guess? --- What exactly does that mean. I set up the IP of the MT via the WebUI using QuickSet. Is that what you mean?
the ip on Linksys is on vlan 1 as well? The IP of Linksys as well as MT is on vlan 2
Re: RouterOS basic vlan config
alright,
I did thisYou will need to create a VLAN interface under /interface vlan (this only has to be done for VLANs that you want to put an IP on), with interface=bridge and vlan-id=2
How do I do this? Can't see an option to set a vlan for the MK IP.and put the IP address on this VLAN interface
Followed your advise - please see configAt the very least you will need to remove vlan 2 from that statement and make a new one that has vlan-ids=2 and set tagged=ether24,bridge.
Code: Select all
# jan/04/1970 00:25:21 by RouterOS 6.41.3
# software id = xxx
#
# model = CRS326-24G-2S+
# serial number = xxx
/interface bridge
add admin-mac=CC:2D:E0:C7:00:DC auto-mac=no comment=defconf name=bridge \
vlan-filtering=yes
/interface vlan
add interface=bridge name=vlan2 vlan-id=2
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/interface bridge port
add bridge=bridge comment=defconf interface=ether1
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=ether10
add bridge=bridge comment=defconf interface=ether11
add bridge=bridge comment=defconf interface=ether12
add bridge=bridge comment=defconf interface=ether13
add bridge=bridge comment=defconf interface=ether14
add bridge=bridge comment=defconf interface=ether15
add bridge=bridge comment=defconf interface=ether16
add bridge=bridge comment=defconf interface=ether17 pvid=2
add bridge=bridge comment=defconf interface=ether18
add bridge=bridge comment=defconf interface=ether19
add bridge=bridge comment=defconf interface=ether20
add bridge=bridge comment=defconf interface=ether21
add bridge=bridge comment=defconf interface=ether22
add bridge=bridge comment=defconf interface=ether23
add bridge=bridge comment=defconf interface=ether24
add bridge=bridge comment=defconf interface=sfp-sfpplus1
add bridge=bridge comment=defconf interface=sfp-sfpplus2
/interface bridge vlan
add bridge=bridge tagged=ether24 vlan-ids=1,3,10,66,100
add bridge=bridge tagged=bridge,ether24 vlan-ids=2
/interface list member
add interface=ether1 list=WAN
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=ether5 list=LAN
add interface=ether6 list=LAN
add interface=ether7 list=LAN
add interface=ether8 list=LAN
add interface=ether9 list=LAN
add interface=ether10 list=LAN
add interface=ether11 list=LAN
add interface=ether12 list=LAN
add interface=ether13 list=LAN
add interface=ether14 list=LAN
add interface=ether15 list=LAN
add interface=ether16 list=LAN
add interface=ether17 list=LAN
add interface=ether18 list=LAN
add interface=ether19 list=LAN
add interface=ether20 list=LAN
add interface=ether21 list=LAN
add interface=ether22 list=LAN
add interface=ether23 list=LAN
add interface=ether24 list=LAN
add interface=sfp-sfpplus1 list=LAN
add interface=sfp-sfpplus2 list=LAN
/ip address
add address=192.168.88.1/24 comment=defconf disabled=yes interface=bridge \
network=192.168.88.0
add address=192.168.2.60/24 interface=ether2 network=192.168.2.0
/system routerboard settings
set boot-os=router-osRe: RouterOS basic vlan config
To do this, simply change the interface for the IP from "ether2" to "vlan2". Currently you have "/ip address add address=192.168.2.60/24 interface=ether2 network=192.168.2.0", this will become "/ip address add address=192.168.2.60/24 interface=vlan2 network=192.168.2.0".How do I do this? Can't see an option to set a vlan for the MK IP.and put the IP address on this VLAN interface
Re: RouterOS basic vlan config
I added:
/ip address add address=192.168.2.60/24 interface=vlan2 network=192.168.2.0
and I removed:
/ip address remove numbers=0 (this was the "interface=ether2")
the last command unfortunately looked me out. Don't exactly understand why, since Port 17 was supposed to be an untagged access Port on Vlan2.
/ip address add address=192.168.2.60/24 interface=vlan2 network=192.168.2.0
and I removed:
/ip address remove numbers=0 (this was the "interface=ether2")
the last command unfortunately looked me out. Don't exactly understand why, since Port 17 was supposed to be an untagged access Port on Vlan2.
Re: RouterOS basic vlan config
Hi, sorry I didn't notice this. You can get back in with winbox and managing the device that way if you don't want to have to reset. Your settings for vlan2 do not have ether17 set as an untagged port. Under /interface bridge vlan, instead of "/interface bridge vlan add bridge=bridge tagged=bridge,ether24 vlan-ids=2" you probably want "/interface bridge vlan add bridge=bridge tagged=bridge,ether24 untagged=ether17 vlan-ids=2"I added:
/ip address add address=192.168.2.60/24 interface=vlan2 network=192.168.2.0
and I removed:
/ip address remove numbers=0 (this was the "interface=ether2")
the last command unfortunately looked me out. Don't exactly understand why, since Port 17 was supposed to be an untagged access Port on Vlan2.
Re: RouterOS basic vlan config
no worries. I don't have Windows pcs therefore Winbox is not an option. However I simply reset the CRS and started from scratch. Could also help me understanding the concept a little better.
I followed all (hopefully all) your recommendations and did the following:
set IP of MK to 192.168.2.60 via Webinterface
<deactivate vlan filtering>
/interface bridge
set bridge vlan-filtering=no
<set up trunk on ether24> (Do I need to add tagged=bridge to the other vlan-ids as well?)
/interface bridge vlan
add bridge=bridge tagged=ether24 vlan-ids=1
add bridge=bridge tagged=bridge,ether24 untagged=ether17 vlan-ids=2
add bridge=bridge tagged=ether24 vlan-ids=3
add bridge=bridge tagged=ether24 vlan-ids=10
add bridge=bridge tagged=ether24 vlan-ids=66
add bridge=bridge tagged=ether24 vlan-ids=100
<add vlan interface for MK>
/interface vlan
add interface=bridge name=vlan2 vlan-id=2
<add MK IP to vlan 2>
/ip address
add address=192.168.2.60/24 interface=vlan2 network=192.168.2.0
and here again, I locked myself out. What am I missing?
Edit: I replicated all steps before the last step where I am adding the IP address and here's the export:
What I see is, that there's no pvid set up for ether17. However trying to add the pvid by
/interface bridge port> add bridge=bridge interface=ether17 pvid=2
results in "failure: device already added as bridge port"
I followed all (hopefully all) your recommendations and did the following:
set IP of MK to 192.168.2.60 via Webinterface
<deactivate vlan filtering>
/interface bridge
set bridge vlan-filtering=no
<set up trunk on ether24> (Do I need to add tagged=bridge to the other vlan-ids as well?)
/interface bridge vlan
add bridge=bridge tagged=ether24 vlan-ids=1
add bridge=bridge tagged=bridge,ether24 untagged=ether17 vlan-ids=2
add bridge=bridge tagged=ether24 vlan-ids=3
add bridge=bridge tagged=ether24 vlan-ids=10
add bridge=bridge tagged=ether24 vlan-ids=66
add bridge=bridge tagged=ether24 vlan-ids=100
<add vlan interface for MK>
/interface vlan
add interface=bridge name=vlan2 vlan-id=2
<add MK IP to vlan 2>
/ip address
add address=192.168.2.60/24 interface=vlan2 network=192.168.2.0
and here again, I locked myself out. What am I missing?
Edit: I replicated all steps before the last step where I am adding the IP address and here's the export:
Code: Select all
# jan/02/1970 00:07:19 by RouterOS 6.41.3
# software id = xxx
#
# model = CRS326-24G-2S+
# serial number = xxx
/interface bridge
add admin-mac=CC:2D:E0:C7:00:DC auto-mac=no comment=defconf name=bridge
/interface vlan
add interface=bridge name=vlan2 vlan-id=2
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface bridge port
add bridge=bridge comment=defconf interface=ether1
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=ether10
add bridge=bridge comment=defconf interface=ether11
add bridge=bridge comment=defconf interface=ether12
add bridge=bridge comment=defconf interface=ether13
add bridge=bridge comment=defconf interface=ether14
add bridge=bridge comment=defconf interface=ether15
add bridge=bridge comment=defconf interface=ether16
add bridge=bridge comment=defconf interface=ether17
add bridge=bridge comment=defconf interface=ether18
add bridge=bridge comment=defconf interface=ether19
add bridge=bridge comment=defconf interface=ether20
add bridge=bridge comment=defconf interface=ether21
add bridge=bridge comment=defconf interface=ether22
add bridge=bridge comment=defconf interface=ether23
add bridge=bridge comment=defconf interface=ether24
add bridge=bridge comment=defconf interface=sfp-sfpplus1
add bridge=bridge comment=defconf interface=sfp-sfpplus2
/interface bridge vlan
add bridge=bridge tagged=ether24 vlan-ids=1
add bridge=bridge tagged=ether24 vlan-ids=3
add bridge=bridge tagged=ether24 vlan-ids=10
add bridge=bridge tagged=ether24 vlan-ids=66
add bridge=bridge tagged=ether24 vlan-ids=100
add bridge=bridge tagged=bridge,ether24 untagged=ether17 vlan-ids=2
/interface list member
add interface=ether1 list=WAN
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=ether5 list=LAN
add interface=ether6 list=LAN
add interface=ether7 list=LAN
add interface=ether8 list=LAN
add interface=ether9 list=LAN
add interface=ether10 list=LAN
add interface=ether11 list=LAN
add interface=ether12 list=LAN
add interface=ether13 list=LAN
add interface=ether14 list=LAN
add interface=ether15 list=LAN
add interface=ether16 list=LAN
add interface=ether17 list=LAN
add interface=ether18 list=LAN
add interface=ether19 list=LAN
add interface=ether20 list=LAN
add interface=ether21 list=LAN
add interface=ether22 list=LAN
add interface=ether23 list=LAN
add interface=ether24 list=LAN
add interface=sfp-sfpplus1 list=LAN
add interface=sfp-sfpplus2 list=LAN
/ip address
add address=192.168.88.1/24 comment=defconf disabled=yes interface=bridge \
network=192.168.88.0
add address=192.168.2.60/8 interface=ether2 network=192.0.0.0
/system routerboard settings
set boot-os=router-os/interface bridge port> add bridge=bridge interface=ether17 pvid=2
results in "failure: device already added as bridge port"
Re: RouterOS basic vlan config
Many people use winbox on MacOS or Linux in Wine. It is designed to work well in Wine. There is even a version with bundled Wine specifically for MacOS: http://joshaven.com/resources/tools/winbox-for-mac/no worries. I don't have Windows pcs therefore Winbox is not an option. However I simply reset the CRS and started from scratch. Could also help me understanding the concept a little better.
Although that Winbox version is 3.17 you can easily upgrade it to 3.18 by viewing the package contents in MacOS, locating the winbox.exe file and replacing it with the one downloaded from MikroTik.
No, because the switch does not have IP addresses on those VLANs. The setting tagged=bridge actually makes a connection from the switch chip back to the main router CPU, which is necessary if you are giving the switch an IP on that VLAN. If the switch simply needs to switch that VLAN, then no connection back to the CPU is necessary for that VLAN.<set up trunk on ether24> (Do I need to add tagged=bridge to the other vlan-ids as well?)
That is probably the issue at this point. You can either change the PVID through the web interface or winbox, or do the following from the command lineWhat I see is, that there's no pvid set up for ether17. However trying to add the pvid by
/interface bridge port> add bridge=bridge interface=ether17 pvid=2
results in "failure: device already added as bridge port"
/interface bridge port> print
you will get a list of bridge ports with numbers beside them. Make note of the number for ether17. Then,
/interface bridge port> set # pvid=2
replacing # with the port number for ether17 from the print output.
Also you have a wrong subnet mask for that network - /8? I think you probably want /24. You'll need to also fix the network address after changing the subnet mask to /24, it should be 192.168.2.0 not 192.0.0.0
Re: RouterOS basic vlan config
Also, I would not add the same IP onto two interfaces simultaneously. It could possibly cause an issue - if the device has an IP on the same subnet in two different interfaces, how does it know which to use to reach you? You should probably put the ether2 ip in a different subnet from the IP that you are assigning to vlan2. After the vlan2 IP is working then you can remove the ether2 IP.
It is for doing this kind of complex configuration that Winbox is handy so that you do not lock yourself out. You can connect via layer 2 MAC winbox protocol even if the device does not have an IP address. Although this config is not really complex, it is tricky b/c the order that you do things in needs to be correct or you lock yourself out. You don't have to worry about that if you use MAC winbox.
It is for doing this kind of complex configuration that Winbox is handy so that you do not lock yourself out. You can connect via layer 2 MAC winbox protocol even if the device does not have an IP address. Although this config is not really complex, it is tricky b/c the order that you do things in needs to be correct or you lock yourself out. You don't have to worry about that if you use MAC winbox.