Community discussions

MikroTik App
 
User avatar
dabuv
just joined
Topic Author
Posts: 2
Joined: Thu May 27, 2021 1:57 pm

VLAN configuration on CRS354

Thu May 27, 2021 9:42 pm

We bought a Mikrotik CRS354-48G-4S+2Q+ switch, but I can't manage to set up Layer 2 configuration with static IP from non default VLAN to manage the switch. I don't want it to be a VLAN gateway, but a managed switch with a network 10.10.100.0/20 and gateway of 10.10.100.1

The shortened configuration and suppout.rif is attached in this email.

Things I tried besides the config file:
*using hw=yes on all interfaces belonging to bridge;
*setting up static Routes via IP / Routes to my management network as well as user network
*setting up time;
*restarting device after config;
*resetting the config and reapplying the config;
*adding all possible interfaces to bridge
*unchecking Fast Route on Bridge
*adding bridge to management VLAN
*trying the config on RouterOS firmware v.6.48.2 as well as 6.48.3 which came out yesterday.
*setting up different MTU on ports as well as L2 MTU;
*using crossover cable to connect Mikrotik and D-LINK;
*....read the documentation several times...

Additional information:
*switch is connected to D-LINK DES-1228 to port with tagged traffic from vlan 5 (management) and 1 (default) (any other switches brand were configured while connected to that port without an issue);
*when using the configuration and connecting switches together they auto negotiate 100M full duplex speed which is.. not quite logic as both sides support 1Gbps
*when the switch is connected with config from attachment our AP (WiNG 3600 VX 9000) connected to the same switch (D-LINK DES-1228) - this issue was verified several times;
*switch cannot ping any devices within a subnet and switch cannot be pinged from other devices as well
*once I managed to setup up the device to work as intended but it just stopped functioning properly without a reason and actually I can't recall what I did to make it work;

What We need:
*at least 2 VLANs where
-- VLAN 5 is a management vlan with address 10.10.100.247/20, tagged on port 48 and all sfp ports
-- VLAN 1 is a default VLAN for hosts in network;

I am frustrated with implementing the switch into my existing infrastructure, because I have been struggling with this simple configuration for about a week. We wanted to implement devices into our network and swap old switches with new Mikrotik ones... But the issue We stumbled upon can kill the whole idea.

I need to configure RouterOS instead of swOS because of security reasons.
/interface bridge add name=bridge-LAN vlan-filtering=no
/interface bridge port add bridge=bridge-LAN interface=ether41 hw=no pvid=1
/interface bridge port add bridge=bridge-LAN interface=ether42 hw=no pvid=1
/interface bridge port add bridge=bridge-LAN interface=ether43 hw=no pvid=1
/interface bridge port add bridge=bridge-LAN interface=ether44 hw=no pvid=1
/interface bridge port add bridge=bridge-LAN interface=ether45 hw=no pvid=1
/interface bridge port add bridge=bridge-LAN interface=ether46 hw=no pvid=1
/interface bridge port add bridge=bridge-LAN interface=ether47 hw=no pvid=1
/interface bridge port add bridge=bridge-LAN interface=ether48 hw=no
/interface vlan add interface=bridge-LAN name=MGMT-vlan vlan-id=5
/ip address add address=10.10.100.247/24 interface=MGMT-vlan
/interface bridge vlan add bridge=bridge-LAN tagged=ether48 vlan-ids=5
/interface bridge set bridge-LAN vlan-filtering=yes
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19104
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: VLAN configuration on CRS354

Fri May 28, 2021 4:41 pm

Suggest you actually post the config.
/export hide-senstive file=anynameyouwish.

I prefer vlan bridge filtering because its simple and it works but for those looking at switch chip
have a look at this
https://www.youtube.com/watch?v=Rj9aPoyZOPo
 
tdw
Forum Guru
Forum Guru
Posts: 1843
Joined: Sat May 05, 2018 11:55 am

Re: VLAN configuration on CRS354

Fri May 28, 2021 6:48 pm

@dabuv A configuration fragment you have then added to the switch does not reveal the actual configuration, posting the exported config does.

In that fragment port 48 is also an untagged member of VLAN 1 due to pvid=1 automatically being added as the default, use ingress-filtering=yes frame-types=admit-only-vlan-tagged to make a port tagged-only

You have no communication with the CRS as the implicit bridge-to-CPU port membership has not been included in the /interface bridge vlan configuration, this viewtopic.php?f=2&t=173692 is a good explanation.

The CRS3xx devices only support hardware offloading on one bridge, performance via additional bridges will be significantly less than wire-speed.

@anav the CRS3xx are the only Mikrotik devices which automatically support VLAN-aware hardware offloading, there is no separate switch VLAN configuration.

Who is online

Users browsing this forum: EmuAGR, kwechselberger and 36 guests