Community discussions

MikroTik App
 
jo205395
just joined
Topic Author
Posts: 9
Joined: Sun Aug 01, 2021 5:12 am

CRS317-1G-16S+RM HELP REQUESTED!

Sun Sep 05, 2021 11:57 pm

I am very new to the Mikrotik RouterOS/SwitchOS. I purchased the Cloud Router Switch CRS317-1G-16S+ and have over 20 hours reading about RouterOS on the Fourms, Wiki.Mikrotik, and from any other source trying to configure the Router without any success. Only processes I have accomplished is getting into the router, upgrading the Firmware & BootOS and nothing else. I have purchased 5 sfp+ modules, and have them plugged into the ports 1, 3, 5, 7, 9. as if I boot into SwitchOS, I can see them under devices, the router see's all the sfp+ modules correctly. Even in SwitchOS, I cannot get any of these to work as LAN devices, and same in RouterOS. Im stuck!
I know there is a huge learning curve but I have tried every configuration I could find on Mikrotik website, and on the internet without any configuration specific to the CRS317-1G-16S+, not even a basic configuration.
I would appreciate help with either pointing me to the correct online help or help with directing me to get this Router/Switch working.
I want to configure the Mikrotik as follows:
a. Replace my ISP's Router with the Mikrotik Router Switch.
a. My ISP is Verizon and they issue Dynamic IP from their network.
b. On the Mikrotik, I wanted 3 VLANS.
a. Vlan 3 with an Network IP of 10.10.0.0/24
b. Vlan 2 with an Network IP of 192.168.1.0/24
c. Vlan 1 with an Network IP of 192.168.88.0/24
c. Setup SFP+1 port as the WAN port.
d. Ether1 port as the Admin/Management Port.
Thanks in advance.
 
ConnyMercier
Forum Veteran
Forum Veteran
Posts: 723
Joined: Tue Dec 17, 2019 1:08 pm

Re: CRS317-1G-16S+RM HELP REQUESTED!

Sun Sep 12, 2021 12:49 am

Answers to Question A: Replace my ISP's Router with the Mikrotik Router Switch.
You will need RouterOS and NOT SwitchOS installed on your CRS

Disclaimer:
The Hardware of the CRS317-1G-16S+ isn't optimized for Routing but for Switching.
Depending on Load (Firewall,Routing, WAN-Speed) it may be a bottleneck.

Answers to Question B: On the Mikrotik, I wanted 3 VLANS.
Step 1: You will need to configure a bridge with all SFP+ as members*.
**EXCEPT WAN / SFP+1
/interface bridge
add name=bridge1 

/interface bridge port
add bridge=bridge1 interface=sfp-sfpplus2
add bridge=bridge1 interface=sfp-sfpplus3
...
Step 2: Add VLAN-Interfaces
/interface vlan
add interface=bridge1 name=bridge1_vlan1 vlan-id=1
add interface=bridge1 name=bridge1_vlan2 vlan-id=2
add interface=bridge1 name=bridge1_vlan3 vlan-id=3
Step 3: Add Address & DHCP-Servers

Answers to Question C: Setup SFP+1 port as the WAN port

Step 1: Secure Router (Firewall, Passwords etc..)

Step 2: DHCP-Client**
/ip dhcp-client
add disabled=no interface=sfp-sfpplus1
** Usually PPOE ist used and not just DHCP-Client von ISP-Auth.
Last edited by ConnyMercier on Fri Sep 17, 2021 10:41 am, edited 1 time in total.
 
jo205395
just joined
Topic Author
Posts: 9
Joined: Sun Aug 01, 2021 5:12 am

Re: CRS317-1G-16S+RM HELP REQUESTED!

Sun Sep 12, 2021 3:39 am

Thank you for the help and info. Its much appreciated and I will be giving your info a go tonight or tomorrow. Again Thanks for the response! I will let you know how I am making out with the config.
 
jo205395
just joined
Topic Author
Posts: 9
Joined: Sun Aug 01, 2021 5:12 am

Re: CRS317-1G-16S+RM HELP REQUESTED!

Thu Sep 16, 2021 10:36 pm

Ok, your post does not work, i factory defaulted the crs317-1g-16s, left it in bridge mode, no joy with your scripts.
2. I again factory reset, changed to Router in Quick Set, applied your configurations, again no joy.
3. Even tried the above with selecting "No Configuration" on factory reset, applied the configurations, no joy on either method.
4. Last resort, started SwitchOS for laughs, applied the configurations, no joy.

I assume your assuming that Mikrotik has some default configuration on factory reset that defaults the etherboot port as the WAN, and any SFP+ port that has a module plugged into it as a LAN Device?

The CRS317-1G-16S only has the etherboot port configured for WAN / Admin access. None of the other SFP+ ports are configured for anything. They do show up in bridge or router mode as slaves but nothing else. I have 5 SPF+ modules inserted, in different slots, and if I look in "Interfaces and select any port that has a module plugged into it, show the module correctly. Any port without a module shows nothing. Oh, yes, I do have ethernet cables plugged into the ports going to my home switch that would give it a DHCP or allow the try and assign an IP address, but I'm not even seeing lights on any of the panel above the module light up.

I know this all is my lack of understanding, and all the things I have read including Mikrotik RouterOS Manual is written for their routers that are configured out of the box. I am very frustrated with this switch and do not want to give up, but I am at wits end with it.

I need someone for at least once walk me thru for this switch that has no out of the box configuration other than on the etherboot port, and down to pointing out step by step, do I click bridge or router, or something else. I would be happy to get it working as a dumb switch at this point so I can get some idea of how it works.

Thanks for trying to work with an idiot.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: CRS317-1G-16S+RM HELP REQUESTED!

Thu Sep 16, 2021 10:57 pm

We assign conny to all the 'special' cases;. You are in good hands!
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: CRS317-1G-16S+RM HELP REQUESTED!

Thu Sep 16, 2021 11:01 pm

There are two ways to configure switches in the MT world.
This is the reference for the vlan filtering method
viewtopic.php?f=23&t=143620

This is another way to make use of switch chips but to complex for me, however it may make sense depending upon your unit.
https://www.youtube.com/watch?v=Rj9aPoyZOPo
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: CRS317-1G-16S+RM HELP REQUESTED!

Thu Sep 16, 2021 11:25 pm

There are two ways to configure switches in the MT world.

For CRS3xx (OP mentioned CRS317), only the first one is the right one.
 
ConnyMercier
Forum Veteran
Forum Veteran
Posts: 723
Joined: Tue Dec 17, 2019 1:08 pm

Re: CRS317-1G-16S+RM HELP REQUESTED!

Fri Sep 17, 2021 1:38 am

Mikrotik as a steep learning curve, but don't worry it's worth it =)
Step by Step Instruction :

Basic Setup
Step 1: Boot CRS317 into RouterOS
Step 2: Connect via Winbox a reset configuration (no Backup & no default Config)
configreset.png
Step 3: After reboot , reconnect via Winbox
Step 4: Setup Password for "admin"

----------------------------------------------------------------------
Milestone #1 achieved
----------------------------------------------------------------------
IPv4 WAN Setup
Step 5: Setup Basic Firewall
here's an exemple of a very, very basic Firewall setup.
/interface list
add name=WAN
/interface list member
add interface=sfp-sfpplus1 list=WAN

/ip firewall filter
add action=accept chain=input comment=\
    "Accept : Established & Related (Internet --> Router )" connection-state=\
    established,related in-interface-list=WAN
add action=drop chain=input comment=\
    "Drop : Everything Else (Internet --> Router)\r\
    \n" in-interface-list=WAN
Step 6: Connect SFP / SFP+ module in sfp-sfpplus1interface
Step 7: Create DHCP-Client on sfp-sfpplus1 Interface
In Winbox navigate to IP -> DHCP-Client -> Add (+)
Select sfp-sfpplus1 as interface and apply
dhcpclient.jpg
Step 8: Check IP-Address
In Winbox navigate to IP -> Addresses
sfp-sfpplus1 should now have an IP-Address
Ipaddresses.jpg
Step 9: Check Internet connectivity
In Winbox navigate to IP -> Ping
and enter for exemple 1.1.1.1 as Target ("Ping to" value)
ping.png
----------------------------------------------------------------------
Milestone #2 achieved
Router is Online
----------------------------------------------------------------------

When you get this far, i will help you get the Bridge working
You do not have the required permissions to view the files attached to this post.
Last edited by ConnyMercier on Fri Sep 17, 2021 10:58 am, edited 7 times in total.
 
ConnyMercier
Forum Veteran
Forum Veteran
Posts: 723
Joined: Tue Dec 17, 2019 1:08 pm

Re: CRS317-1G-16S+RM HELP REQUESTED!

Fri Sep 17, 2021 1:38 am

We assign conny to all the 'special' cases;. You are in good hands!
merci =)
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: CRS317-1G-16S+RM HELP REQUESTED!

Fri Sep 17, 2021 8:34 am

I suggest executing step #8 (setting admin password) right after step #3 (reconnecting after configuration reset). This step should thus become new step #4. It is extremely dangerous to get router connected to internet without first having at least admin password set.

It would be advisable to make step #9 before configuring WAN interface as well.

Failing to do both steps early in setup procedure makes possibility of getting router hacked unacceptable high. I'm aware that the order I suggested might be unattractive to a new user because specially step #9 (firewall setup) takes some time without apparent progress, but makes life altogether a bit merrier.
 
ConnyMercier
Forum Veteran
Forum Veteran
Posts: 723
Joined: Tue Dec 17, 2019 1:08 pm

Re: CRS317-1G-16S+RM HELP REQUESTED!

Fri Sep 17, 2021 10:02 am

@mkx --> Thanks for the feedback

To make sure there is no misunderstanding later,
I eddited your suggestion into the Step-by-Step instructions.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: CRS317-1G-16S+RM HELP REQUESTED!

Fri Sep 17, 2021 10:55 am

Just one more correction needed: the last item is numbered as bullet #7 while it should be #9.
 
jo205395
just joined
Topic Author
Posts: 9
Joined: Sun Aug 01, 2021 5:12 am

Re: CRS317-1G-16S+RM HELP REQUESTED!

Fri Sep 17, 2021 8:42 pm

Wow! Thanks for all the help and Config steps!
I will be working on this over the weekend so I will post how its going with the first part! Looking forward to having this working! Again, I really appreciate all the help and posts and wish I could resipricate in some way! Maybe in future I can be some help to others once I have a better understanding of Mikrotik's RouterOS and Hardware!
 
jo205395
just joined
Topic Author
Posts: 9
Joined: Sun Aug 01, 2021 5:12 am

Re: CRS317-1G-16S+RM HELP REQUESTED!

Fri Sep 17, 2021 9:58 pm

I just got some free time and followed the instructions. I completed up to and including Step #7 and as you can see, its telling me the spf-spfplus1 is stopped in red. So I went back to the terminal window and copied the complete command and re-ran the configuration there, and as you can see, it was completed the first time. module is still stopped. Any suggestions ? I did after failure look in Quick Set and it shows I am in RouterOS, Router Mode not Bridge. Is this correct?
 
ConnyMercier
Forum Veteran
Forum Veteran
Posts: 723
Joined: Tue Dec 17, 2019 1:08 pm

Re: CRS317-1G-16S+RM HELP REQUESTED!

Fri Sep 17, 2021 10:13 pm

What kind of SFP / SFP+ module are you using ?
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: CRS317-1G-16S+RM HELP REQUESTED!

Sat Sep 18, 2021 4:16 am

Please post your config
/export hide-sensitive file=anynameyouwish
 
jo205395
just joined
Topic Author
Posts: 9
Joined: Sun Aug 01, 2021 5:12 am

Re: CRS317-1G-16S+RM HELP REQUESTED!

Sat Sep 18, 2021 10:46 pm

Configuration file below, info on the five modules below that:

# jan/02/1970 00:20:51 by RouterOS 6.48.4
# software id = 6IKB-W9E9
#
# model = CRS317-1G-16S+
# serial number = D7EC0E92A3C7
/interface list
add name=WAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface list member
add interface=sfp-sfpplus1 list=WAN
/ip dhcp-client
add disabled=no interface=sfp-sfpplus1
/ip firewall filter
add action=accept chain=input comment=\
"Accept : Established & Related (Internet --> Router )" connection-state=\
established,related in-interface-list=WAN
add action=drop chain=input comment=\
"Drop : Everything Else (Internet --> Router)\r\
\n" in-interface-list=WAN
add action=accept chain=input comment=\
"Accept : Established & Related (Internet --> Router )" connection-state=\
established,related in-interface-list=WAN
add action=drop chain=input comment=\
"Drop : Everything Else (Internet --> Router)\r\
\n" in-interface-list=WAN
add action=accept chain=input comment=\
"Accept : Established & Related (Internet --> Router )" connection-state=\
established,related in-interface-list=WAN
add action=drop chain=input comment=\
"Drop : Everything Else (Internet --> Router)\r\
\n" in-interface-list=WAN
add action=accept chain=input comment=\
"Accept : Established & Related (Internet --> Router )" connection-state=\
established,related in-interface-list=WAN
add action=drop chain=input comment=\
"Drop : Everything Else (Internet --> Router)\r\
\n" in-interface-list=WAN
/system routerboard settings
set boot-os=router-os

Module # 1: Vendor Name: 10Gtek
1000Base T SFP-RJ-45
Vendor PN#: SFP-GE-T
OM4 Link Length: 100m
Manuf. Date: 17-01-22
Wavelength: 8224 32 nm

Module #2: Vendor Name: 10Gtek
1000Base T SFP COPPER RJ-45
Vendor PN#: SFP-GE-T
OM4 Link Length: 100m
Manuf. Date: 21-03-08
Wavelength: Not Reported

Module #3: Vendor Name: 10GTEK
AXS85-192-M3
Vendor PN#: SFP-10G-SR
OM4 Link Length: 100m
Manuf. Date: 17-02-01
Wavelength: 850.00 nm
THIS MODULE SHOWS OM1/OM2/OM3 LINK LENGTH, VOLTAGE, TX BIAS CURRENT, TX & RX POWER NUMBERS WHEN INSERTED INTO SLOT

Module #4: Vendor Name: 10GTEK
AXS85-192-M3 10GBASE SR SFP+ 850NM 300M
Vendor PN#: SFP-10G-SR
OM4 Link Length: 100m
Manuf. Date: 17-02-01
Wavelength: 850.00 nm
THIS MODULE SHOWS OM1/OM2/OM3 LINK LENGTH, VOLTAGE, TX BIAS CURRENT, TX & RX POWER NUMBERS WHEN INSERTED INTO SLOT

Module #5: Vendor Name: 10GTEK
AXS85-192-M3 10GBASE SR SFP+ 850NM 300M
Vendor PN#: SFP-10G-SR
OM4 Link Length: 100m
Manuf. Date: 17-02-01
Wavelength: 850.00 nm
THIS MODULE SHOWS OM1/OM2/OM3 LINK LENGTH, VOLTAGE, TX BIAS CURRENT, TX & RX POWER NUMBERS WHEN INSERTED INTO SLOT

Again, Thanks for all your help and advise getting this crs317 working!
 
ConnyMercier
Forum Veteran
Forum Veteran
Posts: 723
Joined: Tue Dec 17, 2019 1:08 pm

Re: CRS317-1G-16S+RM HELP REQUESTED!

Sat Sep 18, 2021 11:41 pm

New Step by Step instruction

Step A: Connect to Router via Winbox
Step B: Connect SFP/SFP+ Module in sfp-sfpplus1
Step C: Connect ISP Kabel to SFP/SFP+ Module
Step D: In Winbox navigate to IP -> DHCP-Client
If status in "bound", Retry original Steps 8 and 9
If status of dhcp-client is still "stopped", continue to Step E
Step E: In Winbox navigate to Interfaces -> sfp-sfpplus1 -> Ethernet
Deactivate "auto-negotiate" and select Speed 1Gbps and apply
18-09-_2021_22-31-04.png

Interface should now be up and running
Retry original Steps 8 and 9 to make sure the Router is connected to the internet.
You do not have the required permissions to view the files attached to this post.
 
jo205395
just joined
Topic Author
Posts: 9
Joined: Sun Aug 01, 2021 5:12 am

Re: CRS317-1G-16S+RM HELP REQUESTED!

Sun Sep 19, 2021 3:02 am

Thank You! Thank You! We now have sfp-sfpplus1 working! it's even pulling an IP address AND I can ping and get responses back!
Wow! You Obviously know this model and RouterOS.......
Now I am set for part two (I think!!).....
I plugged the other rj45 into sfp-sfpplus3 and just took the check out of Auto Neg and checked only 1gig and now that one is lit and active (no ethernet cable plugged into it).
I also plugged in the other 3 modules into sfp-sfpplus5, sfp-sfpplus7, and sfp-sfpplus9 and they are showing up in Interfaces/SFP.

Again, thanks and I am bowing to the king (you) and await the next set of instuctions!
 
ConnyMercier
Forum Veteran
Forum Veteran
Posts: 723
Joined: Tue Dec 17, 2019 1:08 pm

Re: CRS317-1G-16S+RM HELP REQUESTED!

Sun Sep 19, 2021 3:37 am

New Step-by-Step Instruction 19.09.2020

Step 1: Create Bridge
/interface bridge
add name=bridge1 
Step 2: Assign Interfaces to bridge
/interface bridge port
add bridge=bridge1 interface=sfp-sfpplus2
add bridge=bridge1 interface=sfp-sfpplus3
add bridge=bridge1 interface=sfp-sfpplus4
add bridge=bridge1 interface=sfp-sfpplus5
add bridge=bridge1 interface=sfp-sfpplus6
add bridge=bridge1 interface=sfp-sfpplus7
add bridge=bridge1 interface=sfp-sfpplus8
add bridge=bridge1 interface=sfp-sfpplus9
add bridge=bridge1 interface=sfp-sfpplus10
add bridge=bridge1 interface=sfp-sfpplus11
add bridge=bridge1 interface=sfp-sfpplus12
add bridge=bridge1 interface=sfp-sfpplus13
add bridge=bridge1 interface=sfp-sfpplus14
add bridge=bridge1 interface=sfp-sfpplus15
add bridge=bridge1 interface=sfp-sfpplus16
Step 3: Create VLAN-Interfaces on Router
/interface vlan
add interface=bridge1 name=bridge1_vlan1 vlan-id=1
add interface=bridge1 name=bridge1_vlan2 vlan-id=2
add interface=bridge1 name=bridge1_vlan3 vlan-id=3
Step 4: Add Network-Addresses
/ip address
add address=192.168.88.1/24 interface=bridge1_vlan1 network=192.168.88.0
add address=192.168.1.1/24 interface=bridge1_vlan2 network=192.168.1.0
add address=10.10.0.1/24 interface=bridge1_vlan3 network=10.10.0.0
Step 5: Allow DNS-Requests
/ip dns set allow-remote-requests=yes
Step 6: Create DHCP-Servers
/ip pool
add name=dhcp_pool_vlan1 ranges=192.168.88.2-192.168.88.99
add name=dhcp_pool_vlan2 ranges=192.168.1.2-192.168.1.99
add name=dhcp_pool_vlan3 ranges=10.10.0.2-10.10.0.99

/ip dhcp-server network
add address=192.168.88.0/24 dns-server=192.168.88.1 gateway=192.168.88.1
add address=192.168.1.0/24 dns-server=192.168.1.1 gateway=192.168.1.1
add address=10.10.0.0/24 dns-server=10.10.0.1 gateway=10.10.0.1

/ip dhcp-server
add address-pool=dhcp_pool_vlan1 disabled=no interface=bridge1_vlan1 name=dhcp_vlan1
add address-pool=dhcp_pool_vlan2 disabled=no interface=bridge1_vlan2 name=dhcp_vlan2
add address-pool=dhcp_pool_vlan3 disabled=no interface=bridge1_vlan3 name=dhcp_vlan3
Step 7: Create NAT/Masquerade for WAN
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
 
ConnyMercier
Forum Veteran
Forum Veteran
Posts: 723
Joined: Tue Dec 17, 2019 1:08 pm

Re: CRS317-1G-16S+RM HELP REQUESTED!

Sun Sep 19, 2021 3:41 am

It's of course a basic Config,

No Firewall to protect Clients
No Queues or QoS
No VLAN-Filtering activ on bridge
No Ingress or Egress Port Tagging
etc...
 
jo205395
just joined
Topic Author
Posts: 9
Joined: Sun Aug 01, 2021 5:12 am

Re: CRS317-1G-16S+RM HELP REQUESTED!

Sun Sep 19, 2021 4:57 pm

Thank you again! I will be add these either tonight or tomorrow and will post results. Thank you for going above & beyond to help a novice with Mikrotik hardware-software.
 
jo205395
just joined
Topic Author
Posts: 9
Joined: Sun Aug 01, 2021 5:12 am

Re: CRS317-1G-16S+RM HELP REQUESTED!

Thu Sep 23, 2021 3:35 am

ConnyMercier,
I just got some time to work on it, and I want to tell you it is working as per your configuration posted!
I thank you and appreciate all your help and time you spent putting this together to help a Mikrotik novice past the first "road blocks" getting this working.

I will continue working on the other parts of the configuration, now setting up the Firewall to protect Clients, Queues, QoS, Vlan Filtering activity on bridge, and Ingress / Egress Port Tagging, but one step at a time!

I also hope to help others getting into Mikrotik Routers/Switch's like myself, who are setting up Emergency Communications over mesh networks. We currently are using the Mikrotik HAP AC Lite routers and once we get them deployed, they work great. A number of us due to this have started getting into the larger and more advanced routers & switches and see that the learning curve is going to require more work than anticipated, but we are up to learning. I am very happy about the level of support there is out there and especially the support you have shown.

Again, Thank You, and I will keep in touch with you as I progress with this project.

Joe
 
ConnyMercier
Forum Veteran
Forum Veteran
Posts: 723
Joined: Tue Dec 17, 2019 1:08 pm

Re: CRS317-1G-16S+RM HELP REQUESTED!

Thu Sep 23, 2021 8:29 am

Thank you for the feedback
I'm glad we could help :D

Looking foward seeing the results of your Emergency-Mesh Project

Who is online

Users browsing this forum: rplant and 49 guests