Hello!

I am trying to set up a CRS305-1G-4S+IN as my core network infrastructure device. I want each port to have a different subnet attached to it. The upstream router (connected over cat6a) is a wireless Asus router (running DD-WRT) that is connected to an ISP cable modem. The wireless router has physical connections to my raspberry Pi, which provides DNS(bind9) and DHCP(isc-dhcpd) and my Samsung Smart-TV.

The CRS305-1G-4S+IN is connected to:

• beforementioned Asus router (RJ-45 -> cat6a -> S+RJ10 SPG+ module)

• my workstation (RJ-45 -> cat6a -> S+RJ10 SPG+ module)

• my virtualization server (Intel x520 -> Cisco SFP-H10GB-CU1M DAC cable)

• downstream switch (sfp+ -> S+DA0001 DAC cable) - currently offline due to faulty firmware

Things I have configured:

• Put the router into RouterOS mode

• Configured the interface facing the wireless Asus router as WAN port (after disabling the bridge interface the router automatically assigned the downstream IP address to the LAN section in the "Quick Set" page)

• I gave all the interfaces IP addresses in different subnets.

• I disabled the bridge interface

• Set up DHCP relays for the 3 "lower level" subnets

• Updated the RouterOS and firmware to 6.47.7

Also

• I am not using NAT nor firewalling on the CRS

• I have not configured any VLANs

• I have not done any additional routing except the static routes auto-generated from interface addresses.

I have attached an image to describe the network a bit better. So now to the problem:

I can ping 10.0.0.1, 10.0.0.2, 10.0.0.3 and 10.0.0.4 from my workstation at 10.1.11.10, but I cannot ping the Smart-TV at 10.0.0.10. I can see from the tcpdump on the wireless Asus router that 10.0.0.10 is sending ICMP replies but they never reach 10.1.11.10. I am struggling with the packet sniffer to determine if they reach the CRS router. I know that according to wireshark they do not reach the workstation.

First I thought there is some kind of forwarding needed because my upstream port is WAN and I use rfc1819 subnets but that conflicts with the fact that I can successfully ping other systems in the same target subnet.

Does anyone have some idea what I might be doing wrong here? Why does the router have to have a WAN port if I am keeping it in the private network space, I could always just make a default route to an appropriate interface?

Basically you should reset CRS to no config and the start to build the configuration. Pre-set configurations don't cover your own use case at all.
BTW, CRS is a switch with low capacity L3 capabilities. Which means it can route but speeds won't be anywhere near wire speed.

Beware if you reset CRS to no configuration, it won't have any IP address and you'll have to use winbox (available from download.mikrotik.com) and it's ability to connect to ROS device over plain ethernet.

So basically I have to run '/system reset-configuration no-defaults'?
What are the expected configuration steps I need to do after? I assume give addresses to the interfaces?
Does routing between interfaces work automatically or do I need to add that also?
Will I be able to use VLANs afterwards (as I am so far from a typical use case)?
How big of a routing performance hit will I get?

I have some experience with Cisco IOS and Catalyst switches so I might be trying to do someting on a 150 usd device that I am supposed to be doing on a 1500 usd device.

I finally managed to get back to this problem and I can tell that the particular issue is not RouterOS or Mikrotik. I have conditional routing set in the upstream router to redirect traffic from the Smart-TV to an OpenVPN tunnel and somehow it does not properly route local traffic anymore without some additional routes. After adding those it looks like I can ping the TV correctly. But this is where a new problem rises - I think my media server is using multicast to stream content to the TV and as the two devices are in different subnets I need a way to route it. Will make a separate post about this.

Also I am looking at RB4011iGS+RM as a replacement for the Asus router as an upstream router. Am I looking at the test results correctly when I say it achieves close to line speed without acting as a firewall?