Community discussions

MikroTik App
 
duckasylum
just joined
Topic Author
Posts: 6
Joined: Tue Nov 03, 2020 9:12 pm

CRS305-1G-4S+IN - strange behavior and possible setup problem

Fri Nov 06, 2020 7:15 pm

Hello!

I am trying to set up a CRS305-1G-4S+IN as my core network infrastructure device. I want each port to have a different subnet attached to it. The upstream router (connected over cat6a) is a wireless Asus router (running DD-WRT) that is connected to an ISP cable modem. The wireless router has physical connections to my raspberry Pi, which provides DNS(bind9) and DHCP(isc-dhcpd) and my Samsung Smart-TV.

The CRS305-1G-4S+IN is connected to:
  • beforementioned Asus router (RJ-45 -> cat6a -> S+RJ10 SPG+ module)
  • my workstation (RJ-45 -> cat6a -> S+RJ10 SPG+ module)
  • my virtualization server (Intel x520 -> Cisco SFP-H10GB-CU1M DAC cable)
  • downstream switch (sfp+ -> S+DA0001 DAC cable) - currently offline due to faulty firmware
Things I have configured:
  • Put the router into RouterOS mode
  • Configured the interface facing the wireless Asus router as WAN port (after disabling the bridge interface the router automatically assigned the downstream IP address to the LAN section in the "Quick Set" page)
  • I gave all the interfaces IP addresses in different subnets.
  • I disabled the bridge interface
  • Set up DHCP relays for the 3 "lower level" subnets
  • Updated the RouterOS and firmware to 6.47.7
Also
  • I am not using NAT nor firewalling on the CRS
  • I have not configured any VLANs
  • I have not done any additional routing except the static routes auto-generated from interface addresses.

I have attached an image to describe the network a bit better.
network_schematic.png
So now to the problem:

I can ping 10.0.0.1, 10.0.0.2, 10.0.0.3 and 10.0.0.4 from my workstation at 10.1.11.10, but I cannot ping the Smart-TV at 10.0.0.10. I can see from the tcpdump on the wireless Asus router that 10.0.0.10 is sending ICMP replies but they never reach 10.1.11.10. I am struggling with the packet sniffer to determine if they reach the CRS router. I know that according to wireshark they do not reach the workstation.

First I thought there is some kind of forwarding needed because my upstream port is WAN and I use rfc1819 subnets but that conflicts with the fact that I can successfully ping other systems in the same target subnet.

Does anyone have some idea what I might be doing wrong here? Why does the router have to have a WAN port if I am keeping it in the private network space, I could always just make a default route to an appropriate interface?
You do not have the required permissions to view the files attached to this post.
CRS305-1G-4S+IN
CSS610-8G-2S+IN
 
mkx
Forum Guru
Forum Guru
Posts: 5460
Joined: Thu Mar 03, 2016 10:23 pm

Re: CRS305-1G-4S+IN - strange behavior and possible setup problem

Fri Nov 06, 2020 8:37 pm

Basically you should reset CRS to no config and the start to build the configuration. Pre-set configurations don't cover your own use case at all.
BTW, CRS is a switch with low capacity L3 capabilities. Which means it can route but speeds won't be anywhere near wire speed.

Beware if you reset CRS to no confguration, it won't have any IP address and you'll have to use winbox (available from download.mikrotik.com) and it's ability to connect to ROS device over plain ethernet.
BR,
Metod
 
duckasylum
just joined
Topic Author
Posts: 6
Joined: Tue Nov 03, 2020 9:12 pm

Re: CRS305-1G-4S+IN - strange behavior and possible setup problem

Fri Nov 06, 2020 10:11 pm

Basically you should reset CRS to no config and the start to build the configuration. Pre-set configurations don't cover your own use case at all.
BTW, CRS is a switch with low capacity L3 capabilities. Which means it can route but speeds won't be anywhere near wire speed.

Beware if you reset CRS to no configuration, it won't have any IP address and you'll have to use winbox (available from download.mikrotik.com) and it's ability to connect to ROS device over plain ethernet.

So basically I have to run '/system reset-configuration no-defaults'?
What are the expected configuration steps I need to do after? I assume give addresses to the interfaces?
Does routing between interfaces work automatically or do I need to add that also?
Will I be able to use VLANs afterwards (as I am so far from a typical use case)?
How big of a routing performance hit will I get?

I have some experience with Cisco IOS and Catalyst switches so I might be trying to do someting on a 150 usd device that I am supposed to be doing on a 1500 usd device.
CRS305-1G-4S+IN
CSS610-8G-2S+IN
 
mkx
Forum Guru
Forum Guru
Posts: 5460
Joined: Thu Mar 03, 2016 10:23 pm

Re: CRS305-1G-4S+IN - strange behavior and possible setup problem

Fri Nov 06, 2020 10:27 pm

Yes, that's the reset command. After that set the admin password. Add IP addresses to interfaces which will automatically enable CRS to route between connected subnets. Add default route via gateway and you'll enable all connected subnets to access internet (via Asus router).

If you intend to use VLANs, then configure those before any IP stuff. Have a look at this tutorial. If your CRS is configured according to tutorial, it will switch between ports (including VLANs) wire-speed.

Routing performance? Check official test results. Seems like routing capacity will be around 1Gbps cumulative (duplex, between all interfaces), give or take. Less if this device was acting as firewall as well.
BR,
Metod
 
duckasylum
just joined
Topic Author
Posts: 6
Joined: Tue Nov 03, 2020 9:12 pm

Re: CRS305-1G-4S+IN - strange behavior and possible setup problem

Thu Nov 12, 2020 7:23 pm

I finally managed to get back to this problem and I can tell that the particular issue is not RouterOS or Mikrotik. I have conditional routing set in the upstream router to redirect traffic from the Smart-TV to an OpenVPN tunnel and somehow it does not properly route local traffic anymore without some additional routes. After adding those it looks like I can ping the TV correctly. But this is where a new problem rises - I think my media server is using multicast to stream content to the TV and as the two devices are in different subnets I need a way to route it. Will make a separate post about this.

Also I am looking at RB4011iGS+RM as a replacement for the Asus router as an upstream router. Am I looking at the test results correctly when I say it achieves close to line speed without acting as a firewall?
RB4011iGS+RM - test_results.PNG
You do not have the required permissions to view the files attached to this post.
CRS305-1G-4S+IN
CSS610-8G-2S+IN

Who is online

Users browsing this forum: fedorovic and 82 guests