Community discussions

MikroTik App
 
lnulzer
just joined
Topic Author
Posts: 5
Joined: Wed Oct 14, 2020 9:38 am

Internet fiber on switch to router

Fri Jun 04, 2021 10:08 am

I have a question how one would connect and configure the following setup:
A RB4011iGS+RM as router and CRS328-24P-4S+RM as switch.
I want to connect internet through fiber and connect the switch to the router through fiber.

The RB4011 only has one SFP+ cage.
So I would use that one to connect to the CRS328.

Can I connect the internet fiber to the CRS328 (who has 4 SFP+ ports) and configure the RB4011 to use that as default destination?
This would however mean that all traffic from LAN to WAN has to go through the CRS328 - RB4011 connection to be routed and back to go to the internet.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Internet fiber on switch to router

Fri Jun 04, 2021 10:39 am

You can do, no problem
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11433
Joined: Thu Mar 03, 2016 10:23 pm

Re: Internet fiber on switch to router

Fri Jun 04, 2021 2:42 pm

Can I connect the internet fiber to the CRS328 (who has 4 SFP+ ports) and configure the RB4011 to use that as default destination?
This would however mean that all traffic from LAN to WAN has to go through the CRS328 - RB4011 connection to be routed and back to go to the internet.

Assuming internet comes without VLAN tags, you configure WAN port on CRS as access port of a VLAN (e.g. VLAN ID 100). Then use another VLAN ID for LAN (e.g. 200). The interconnect between RB4011 and CRS will be all-tagged (trunk) port for VLANs 100 and 200. The rest of CRS ports will be access ports for LAN (VLAN ID 200). If ISP provides internet via VLAN taged, you proceed in similar manner, the difference is that you can't choose VLAN ID for WAN (and you possibly have to select another VLAN ID for LAN) and you make WAN port on CRS to be all-tagged port for that particular VLAN.

As to configuration on RB4011 it depends whether you want to use ether ports as LAN ports or they won't be used at all. As RB4011 doesn't HW offload VLAN stuff, it would best be to forget about ether ports on RB4011 because traffic between those and LAN ports on CRS will hit RB4011 CPU. So if you'll use only SFP+ port on RB4011, take it out of any bridge, create VLAN interfaces (/interface vlan ...) for both VLANs (100 and 200), configure IP settings on each of vlan interfaces, make them members of interface lists WAN and LAN ... and if you stick to default firewall configuration, this should be enough to get you going. From RB4011 default there will be some redundant configuration (bridge setup and related IP setup) which should be reviewed and partly removed.

Your wording ("configure the RB4011 to use that as default destination") indicates that you think you should configure CRS as a kind of a router. Don't even think about it, it'll kill all the performance. Keep using it as VLAN-aware switch in manner outlined above.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Internet fiber on switch to router

Fri Jun 04, 2021 4:25 pm

MKX is spot on, as usual!
I would keep at least one ethernet on the RB4011 as a separate different subnet, for the purposes of easy access to the router for config purposes.
I suppose by removing the 200 vlan from any bridge it keeps the RB4011 out of any extra flow altogether and the RB4011 is mostly just a conduit to the internet.
I suppose the other time it would need use is to resolve DNS for internet traffic and any firewall rules set in the RB4011 that affect flow between devices on the switch (but all on same vlan so unlikely).
 
lnulzer
just joined
Topic Author
Posts: 5
Joined: Wed Oct 14, 2020 9:38 am

Re: Internet fiber on switch to router

Fri Jun 04, 2021 5:01 pm

A question regarding not using the ethernet ports of the router.
To my knowledge all inter VLAN traffic has to go through the router and the firewall to be routed. So it costs CPU.

If my pc is on VLAN 300
Internet is on 200
Router and Switch on 100

If my pc is connected to eth of router and traffic has to go to internet it will pass CPU.
If my pc is connected to eth of switch and traffic has to go to the internet then it will first have to be send to the router to be routed (NAT), send back to the switch to go to the internet.

So I don't see the win in not using the eth ports of the router.
(unless you do a lot of local file transfers to a NAS for example then if the NAS and pc are in the same VLAN then you wouldn't put CPU load on the router)


What I meant with "configure the RB4011 to use that as default destination" is that I would have to add a route 0.0.0.0/0 to the IP given to the SFP+ port in the router in order for the router to know where to send traffic to?
The ISP gives a DHCP address but I don't think it is possible to give the DHCP address to the SFP+ port that connects the router to the switch? So if I can't enable DHCP client for the SFP+ port, the router would not learn a default gateway through DHCP. For that reason I would have to add the route.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Internet fiber on switch to router

Fri Jun 04, 2021 5:14 pm

Well the purpose of a high powered switch is because you have huge gobs of traffic between devices behind the switch, be it database accesses, servers, streaming etc, that have nothing to do with the internet. Going out to the internet and back to a device is something that is not avoidable and the RB4011 can handle this and dhcp with ease.

To be clear, you need to be clear with your requirements and the design will fall out naturally]
You have created your own PC on vlan300, what other surprizes are there LOL.

In other words
1.
2.
3.
4.
infinity.

Should have a list of every requirement for users and devices, such that one can gauge the need and number of vlans, on which ports attached and to which devices etc.....
without a plan you are always chasing and pissing off those trying to help.
Requirements + network diagram = config success.
 
lnulzer
just joined
Topic Author
Posts: 5
Joined: Wed Oct 14, 2020 9:38 am

Re: Internet fiber on switch to router

Fri Jun 04, 2021 5:54 pm

I was trying to understand the trade-offs and reasoning. I was not trying to offend the people kind enough to help me.

I have the following VLANS:

10 = HOME
11 = WIFI for phones
20 = TV
21 = PI
99 = MGT
100 = ADMIN
101 = SERVER

ADMIN can access SERVER and PI (music device)
SERVER has no internet access
The home network is for the wife pc and the family NAS. HOME can access PI.

So I have to add a new VLAN for the WAN.
The router and switch are currently connected on VLAN 99.
I used the following guide to setup the VLANs viewtopic.php?t=143620
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Internet fiber on switch to router

Fri Jun 04, 2021 6:26 pm

Well, I would hook up vlans and devices on the SWITCH where you anticpate the heaviest SUBNET TO SUBNET traffic (or traffic within a subnet but on different switch ports) and dont worry about users going to the internet.
The rest if small can be where you want them, router or switch.
 
Dillton
just joined
Posts: 2
Joined: Sun Oct 29, 2023 8:58 pm

Re: Internet fiber on switch to router

Mon Oct 30, 2023 10:52 pm

Can I connect the internet fiber to the CRS328 (who has 4 SFP+ ports) and configure the RB4011 to use that as default destination?
This would however mean that all traffic from LAN to WAN has to go through the CRS328 - RB4011 connection to be routed and back to go to the internet.

Assuming internet comes without VLAN tags, you configure WAN port on CRS as access port of a VLAN (e.g. VLAN ID 100). Then use another VLAN ID for LAN (e.g. 200). The interconnect between RB4011 and CRS will be all-tagged (trunk) port for VLANs 100 and 200. The rest of CRS ports will be access ports for LAN (VLAN ID 200). If ISP provides internet via VLAN taged, you proceed in similar manner, the difference is that you can't choose VLAN ID for WAN (and you possibly have to select another VLAN ID for LAN) and you make WAN port on CRS to be all-tagged port for that particular VLAN.

As to configuration on RB4011 it depends whether you want to use ether ports as LAN ports or they won't be used at all. As RB4011 doesn't HW offload VLAN stuff, it would best be to forget about ether ports on RB4011 because traffic between those and LAN ports on CRS will hit RB4011 CPU. So if you'll use only SFP+ port on RB4011, take it out of any bridge, create VLAN interfaces (/interface vlan ...) for both VLANs (100 and 200), configure IP settings on each of vlan interfaces, make them members of interface lists WAN and LAN ... and if you stick to default firewall configuration, this should be enough to get you going. From RB4011 default there will be some redundant configuration (bridge setup and related IP setup) which should be reviewed and partly removed.

Your wording ("configure the RB4011 to use that as default destination") indicates that you think you should configure CRS as a kind of a router. Don't even think about it, it'll kill all the performance. Keep using it as VLAN-aware switch in manner outlined above.
Hello guys.

First of all sorry my unproffessional question that will follow but I am basically learning by doing and I am new to VLANs just read the documentation how it works in general.

So now to this specific topic.
Could you give me more details about this setup please?
I am currently in the same scenario but I am not sure how exactly I can achieve this.

I have prepared the VLANS on CRS that was not a big problem and I have RB5009 as router where I'd like to use all ethernet ports as LAN.
I am not sure if the VLANs should be created on bridge or on SFP port? If I understood correctly then it should be on SFP otherwise all ports contained in bridge would act as trunk right?
Then the addresses is something I am thinking about and don't understand for 100%. So every VLAN every time must have address list with DHCP?
If so then how the correct configuration should look like?

Note that I don't want to make any additional VLANs to separate traffic in my network all I am looking for is how to access the internet with ISP connected through CRS to RB.
Thanks in advance for any hints and tips.

Who is online

Users browsing this forum: BioMax, mszru, shadarim and 42 guests