My understanding is that all VLANs which include IPs used by the CRS326 itself must be tagged in Bridge>VLANs. Because the CRS326 is the default gateway for all of the /24 subnets of each VLAN, I assume that I need to tag the bridge for every VLAN. Likewise, all of my ports except ether22 will be untagged VLAN 1. With the configuration below, as soon as I enable VLAN filtering I lose connection to the CS326. I'm probably missing something very obvious but all of my previous experience has been with RoaS and this is just not getting any clearer as I continue to troubleshoot. Any help would be appreciated. I only started working with Mikrotik devices in the last few months and this is the first time I've completely hit a wall.
Code: Select all
/interface bridge
add name=NullBridge
add admin-mac=08:55:31:6E:F0:B8 auto-mac=no comment=defconf name=bridge
/interface vlan
add interface=bridge name=vlan99-Management vlan-id=99
add interface=bridge name=vlan110-Server vlan-id=110
add interface=bridge name=vlan120-Printers vlan-id=120
/interface bonding
add mode=802.3ad name=bonding1 slaves=ether23,ether24 transmit-hash-policy=layer-2-and-3
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=192.168.10.100-192.168.10.200
add name=dhcp_pool1 ranges=192.168.20.2-192.168.20.20
add name=dhcp_pool2 ranges=192.168.1.100-192.168.1.150
add name=dhcp_pool3 ranges=192.168.99.2-192.168.99.254
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=vlan110-Server name=dhcp1-Servers
add address-pool=dhcp_pool1 disabled=no interface=vlan120-Printers name=dhcp2-Printers
add address-pool=dhcp_pool2 disabled=no interface=bridge name=dhcp3-Primary
add address-pool=dhcp_pool3 disabled=no interface=vlan99-Management name=dhcp4-Management
/routing ospf instance
set [ find default=yes ] distribute-default=always-as-type-1 redistribute-connected=as-type-1 redistribute-static=as-type-1 router-id=10.254.254.254
/user group
set full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp
/interface bridge port
add bridge=bridge comment=defconf interface=ether1
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=ether10
add bridge=bridge comment=defconf interface=ether11
add bridge=bridge comment=defconf interface=ether12
add bridge=bridge comment=defconf interface=ether13
add bridge=bridge comment=defconf interface=ether14
add bridge=bridge comment=defconf interface=ether15
add bridge=bridge comment=defconf interface=ether16
add bridge=bridge comment=defconf interface=ether17
add bridge=bridge comment=defconf interface=ether18
add bridge=bridge comment=defconf interface=ether19
add bridge=bridge comment=defconf interface=ether20
add bridge=bridge comment=defconf interface=ether21
add bridge=bridge comment=defconf interface=sfp-sfpplus1
add bridge=bridge comment=defconf interface=sfp-sfpplus2
add bridge=bridge interface=bonding1
add bridge=bridge interface=ether22
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface bridge vlan
add bridge=bridge tagged=bridge untagged=ether22 vlan-ids=99
add bridge=bridge tagged=bridge vlan-ids=110
add bridge=bridge tagged=bridge vlan-ids=120
add bridge=bridge tagged=bridge untagged=ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,ether11,ether12,ether13,ether14,ether15,ether16,ether17,ether18,ether19,ether20,ether21 vlan-ids=1
/ip address
add address=192.168.10.1/24 interface=vlan110-Server network=192.168.10.0
add address=192.168.1.2/24 interface=bridge network=192.168.1.0
add address=192.168.1.2/24 interface=bridge network=192.168.1.0
add address=10.254.254.254 interface=NullBridge network=10.254.254.254
add address=192.168.20.1/24 interface=vlan120-Printers network=192.168.20.0
add address=192.168.99.1/24 interface=vlan99-Management network=192.168.99.0
/ip dhcp-client
add interface=bridge
/ip dhcp-server network
add address=192.168.1.0/24 gateway=192.168.1.254
add address=192.168.10.0/24 dns-server=192.168.1.202,8.8.8.8 gateway=192.168.10.1
add address=192.168.20.0/24 dns-server=192.168.1.202,8.8.8.8 gateway=192.168.20.1
add address=192.168.99.0/24 gateway=192.168.99.1
/ip dns
set servers=192.168.1.202,8.8.8.8
/ip route
add distance=1 gateway=192.168.1.254
/ip service
set telnet disabled=yes
set ftp disabled=yes
/routing ospf interface
add interface=bridge network-type=point-to-point
/routing ospf network
add area=backbone network=192.168.1.0/24
/system routerboard settings
set boot-os=router-os