Locked out GUI when

Mon Aug 05, 2019 9:50 pm

The Network
I have a CRS317 running latest router OS (6.45.3).

In the initial startup I did select the option “bridge” (no idea to which extend that change gui etc, but at this moment in time I have a separate router). I also defined the GUI network and address.

On the CRS317 I did defined (bridge vlan filtering off)
- one bridge/virtualswitch covering all interfaces (12 SFP+ , 2 lag's 2 ports and 1 ETH/Boot port).
- a couple of VLAN's all within the bridge/virtualswitch. Each port is member of one or more VLAN's
- apart of a few exceptions all connections and VLAN are tagged.

Activating vlan filtering
- a bit strange IMHO, but Mikrotik switches do by default route without vlan filtering
- so I define my bridge, my ports and my vlan’s
- and ad that moment I can still access the switch its GUI
But then the problem arises ... :( :(

The problem
- The switch has a GUI-IP but that is initially not tied it to preferable a VLAN (or Port if that is not an option)
- However, I want to tie to a VLAN, because I want to access the GUI via that VLAN
- I tried to archive that by adding the <bridge identity> to the list of tagged interfaces for that particular VLAN

The VLAN can be accessed via three options:
o Via a trunk coming from another switch (the intended path)
o Via a second trunk going elsewhere (the backup path)
o Via the “ether 1” port (last resort).
(o Perhaps also via the IMHO obscure serial port, do not know and do not use. I would have preferred a normal management lan interface there.)

That works, up to the moment I activate the bridge VLAN filtering …..
o At that moment the switch start more or less behaving as intended, but
o I can not access the GUI any more
o How luckily I discovered the option to configure in “Save Mode”

I hope that somebody can explain how GUI access in a VLAN situation is supposed to work.


