Community discussions

MikroTik App
 
Traveler382
just joined
Topic Author
Posts: 22
Joined: Mon Mar 01, 2021 4:41 pm

CRS317 trunk VLAN configuration help

Tue Mar 02, 2021 1:08 am

I'm new to MikroTik, but have done a lot of reading of the wiki and examples. But I'm still a bit confused on the configuration that I need. I put together a network diagram, that I hope is helpful in explaining what I need for the CRS317:

https://imgur.com/cbDJGLW

What I want is Ether1-4 to be trunk ports, accepting ANY VLAN from my server. Eth16 is also a trunk port, going to the border router. I will also be connecting a network cable to the management port and want it to have a management IP of 10.13.2.12. I just need L2 functionality in the CRS317. The CCR2004 will do all the routing.

I've hacked together a config, which I'm sure is wrong and needs serious modifications. Any help would be greatly appreciated!
/interface bridge
add name=bridge1 vlan-filtering=no
/ip address
add address=10.13.2.12/24 interface=bridge1
/interface bridge port
add bridge=bridge1 interface=ether1 hw=yes
add bridge=bridge1 interface=ether2 hw=yes
add bridge=bridge1 interface=ether3 hw=yes
add bridge=bridge1 interface=ether4 hw=yes
add bridge=bridge1 interface=ether16 hw=yes
/interface bridge set bridge1 vlan-filtering=yes
Thanks!
Last edited by Traveler382 on Thu Mar 04, 2021 4:11 am, edited 1 time in total.
 
Traveler382
just joined
Topic Author
Posts: 22
Joined: Mon Mar 01, 2021 4:41 pm

Re: CRS317 trunk VLAN configuration help

Tue Mar 02, 2021 5:19 pm

After more research I've modified the proposed configuration. Any input is welcome on changes needed. I also need the MTU set to 9000 on all ports, as I'll be using VMware NSX-T.

/interface bridge
add name=bridge1 vlan-filtering=no
/ip address
add address=10.13.2.12/24 interface=MGMT
/ip route add distance=1 gateway=10.13.2.1
/ip dns
set servers=10.13.2.200,10.13.2.201
/interface bridge port
add bridge=bridge1 interface=ether1 hw=yes
add bridge=bridge1 interface=ether2 hw=yes
add bridge=bridge1 interface=ether3 hw=yes
add bridge=bridge1 interface=ether4 hw=yes
add bridge=bridge1 interface=ether16 hw=yes
/interface bridge vlan
add bridge=bridge1 tagged=ether1,ether2,ether3,ether4,ether16 vlan-ids=1-4094
/interface ethernet
set [ find ] l2mtu=10218 mtu=9000
/interface bridge set bridge1 vlan-filtering=yes
/system identity
set name=Mikro-CRS317
/system ntp client
set enabled=yes
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19125
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: CRS317 trunk VLAN configuration help

Tue Mar 02, 2021 8:01 pm

This is the best guide for vlans using switch chip..........
https://www.youtube.com/watch?v=Rj9aPoyZOPo

If using the bridge vlan method,
viewtopic.php?f=13&t=143620
 
Traveler382
just joined
Topic Author
Posts: 22
Joined: Mon Mar 01, 2021 4:41 pm

Re: CRS317 trunk VLAN configuration help

Thu Mar 04, 2021 4:08 am

Thanks! I've significantly modified my configuration based on your links and more research. Can you review to see if I made any mistakes?
# Setup OOB management interface

/interface ethernet set [ find default-name=ether1 ] name=MGMT
/ip address
add address=10.13.2.12/24 interface=MGMT network=10.13.2.0

# Global Settings

/ip route add dst-address=0.0.0.0/0 gateway=10.13.2.1
/ip dns
set servers=10.13.2.200,10.13.2.201
/system identity
set name=CRS317
/system ntp client
set enabled=yes
/user set 0 name=root
/user set 0 password = "password"

# Bridge Configuration

/interface bridge
add name=bridge vlan-filtering=no

/interface bridge port
add bridge=bridge interface=ether1 hw=yes
add bridge=bridge interface=ether2 hw=yes
add bridge=bridge interface=ether3 hw=yes
add bridge=bridge interface=ether4 hw=yes
add bridge=bridge interface=ether16 hw=yes
set bridge=bridge ingress-filtering=yes frame-types=admit-only-vlan-tagged [find interface=ether1] 
set bridge=bridge ingress-filtering=yes frame-types=admit-only-vlan-tagged [find interface=ether2]
set bridge=bridge ingress-filtering=yes frame-types=admit-only-vlan-tagged [find interface=ether3]
set bridge=bridge ingress-filtering=yes frame-types=admit-only-vlan-tagged [find interface=ether4]
set bridge=bridge ingress-filtering=yes frame-types=admit-only-vlan-tagged [find interface=ether16]

/interface bridge vlan
add bridge=bridge tagged=ether1,ether2,ether3,ether4,ether16 vlan-ids=2611
add bridge=bridge tagged=ether1,ether2,ether3,ether4,ether16 vlan-ids=2612
add bridge=bridge tagged=ether1,ether2,ether3,ether4,ether16 vlan-ids=2613

/interface vlan
add name=2611-MGT interface=bridge vlan-id=2611
add name=2612-vMotion interface=bridge vlan-id=2612
add name=2613-VM interface=bridge vlan-id=2613

/interface ethernet
set ether1,ether2,ether3,ether4,ether16 l2mtu=10218

/interface vlan
set 2611-MGT mtu=9000
set 2612-vMotion mtu=9000
set 2613-VM mtu=9000

/interface bridge set bridge vlan-filtering=yes ingress-filtering=yes frame-types=admit-only-vlan-tagged

 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19125
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: CRS317 trunk VLAN configuration help

Thu Mar 04, 2021 5:33 am

Which method have you chosen? if its bridge vlan filtering I can be of some assistance but I need to see the entire config not excerpts.
/export hide-sensitive file=anynameyouwish
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11452
Joined: Thu Mar 03, 2016 10:23 pm

Re: CRS317 trunk VLAN configuration help

Thu Mar 04, 2021 9:17 am

One thing: switch (and you're using CRS317 as a switch) doesn't need VLAN interfaces for all VLANs that are passed between switched ports. Meaning you only need interface for management LAN (in your case that's ether1 used as MGMT interface), but you don't need any of vlan 26xx-* interfaces. For OOB management I wouldn't bridge ether1 together with "service" ports.

And since you don't need VLAN interfaces on bridge, bridge interface itself doesn't have to be member of any of VLANs (which is already true according to the above config excerpt).

Do you actually have devices (CCR2004 and CRS317) at hand? If yes, try to configure them (as a lab), see what doesn't work and ask about particular things. And post (non-working) config so we can point out concrete errors. If you don't have the equipment with you yet, then I don't see any point in constructing configuration files because you don't have feedback from device and it's harder for you to learn ROS concepts. We can go on and on with quasi-theoretical discussions but I have a feeling that we wouldn't have to discuss certain things if you could try them hands-on.

Who is online

Users browsing this forum: Adephx, Amazon [Bot], benshirazi and 24 guests