I have a crs328-24p-4s+rm and every now and then I switch from swos to routeros to get used to routeros a little bit more. This time due to the fact, that swos doesn't boot anymore - but that's a different story.
My setup is:
Firewall -> Port1 on CRS (Trunk)
I managed to set up all needed vlans on that switch by reseting routeros with "no default config" and "do not backup" and starting from scratch. I connect to CRS via Winbox on a Windows client on Port 24.
Code: Select all
/
# create bridge
interface bridge
add name=bridge1 vlan-filtering=no
# set up Trunk Ports
/interface bridge port
add bridge=bridge1 interface=ether1 hw=yes
add bridge=bridge1 interface=ether6 hw=yes
add bridge=bridge1 interface=ether22 hw=yes
# set up Access Ports
add bridge=bridge1 interface=ether8 hw=yes pvid=100
add bridge=bridge1 interface=ether9 hw=yes pvid=100
add bridge=bridge1 interface=ether16 hw=yes pvid=10
add bridge=bridge1 interface=ether17 hw=yes pvid=2
add bridge=bridge1 interface=ether18 hw=yes pvid=2
add bridge=bridge1 interface=ether19 hw=yes pvid=10
add bridge=bridge1 interface=ether20 hw=yes pvid=2
add bridge=bridge1 interface=ether21 hw=yes pvid=20
add bridge=bridge1 interface=ether23 hw=yes pvid=100
add bridge=bridge1 interface=sfp-sfpplus2 hw=yes pvid=20
add bridge=bridge1 interface=sfp-sfpplus3 hw=yes pvid=100
add bridge=bridge1 interface=sfp-sfpplus4 hw=yes pvid=100
# Assign Ports to Vlans
/interface bridge vlan
add bridge=bridge1 tagged=ether1 vlan-ids=1
add bridge=bridge1 tagged=ether1,ether6,ether22 untagged=ether17,ether18,ether20 vlan-ids=2
add bridge=bridge1 tagged=ether1,ether6,ether22 untagged=ether16,ether19 vlan-ids=10
add bridge=bridge1 tagged=ether1,ether6 untagged=ether21,sfp-sfpplus2 vlan-ids=20
add bridge=bridge1 tagged=ether1,ether6,ether22 untagged=ether8,ether9,ether23,sfp-sfpplus3,sfp-sfpplus4 vlan-ids=100
# Activate Vlan Filtering
/interface bridge
set bridge1 vlan-filtering=yes
Code: Select all
/interface vlan
add interface=bridge1 vlan-id=2 name=MGMT
/ip address
add address=192.168.2.55/24 interface=MGMT
from client on Vlan100 via port sfp-sfpplus4 -> Trunk Port1 on CRS to Firewall -> Firewall back to CRS
Vlan routing for all vlans is done by the firewall and this is set up correctly since I can reach vlan2 clients on ether17, ether18 & ether20 this way.
What am I missing regarding the set up of the ip address?
thx & Best
EDIT:
here's my config:
Code: Select all
# jan/02/1970 00:04:57 by RouterOS 6.44.6
# software id = PCUM-HC59
#
# model = CRS328-24P-4S+
# serial number = C7810C418392
/interface bridge
add name=bridge1 vlan-filtering=yes
/interface vlan
add interface=bridge1 name=MGMT vlan-id=2
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether6
add bridge=bridge1 interface=ether22
add bridge=bridge1 interface=ether8 pvid=100
add bridge=bridge1 interface=ether9 pvid=100
add bridge=bridge1 interface=ether16 pvid=10
add bridge=bridge1 interface=ether17 pvid=2
add bridge=bridge1 interface=ether18 pvid=2
add bridge=bridge1 interface=ether19 pvid=10
add bridge=bridge1 interface=ether20 pvid=2
add bridge=bridge1 interface=ether21 pvid=20
add bridge=bridge1 interface=ether23 pvid=100
add bridge=bridge1 interface=sfp-sfpplus2 pvid=20
add bridge=bridge1 interface=sfp-sfpplus3 pvid=100
add bridge=bridge1 interface=sfp-sfpplus4 pvid=100
/interface bridge vlan
add bridge=bridge1 tagged=ether1 vlan-ids=1
add bridge=bridge1 tagged=ether1,ether6,ether22 untagged=\
ether17,ether18,ether20 vlan-ids=2
add bridge=bridge1 tagged=ether1,ether6,ether22 untagged=ether16,ether19 \
vlan-ids=10
add bridge=bridge1 tagged=ether1,ether6 untagged=ether21,sfp-sfpplus2 \
vlan-ids=20
add bridge=bridge1 tagged=ether1,ether6,ether22 untagged=\
ether8,ether9,ether23,sfp-sfpplus3,sfp-sfpplus4 vlan-ids=100
/ip address
add address=192.168.2.55/24 interface=MGMT network=192.168.2.0
/system routerboard settings
set boot-os=router-os