CRS advice on VLANS and HW switch

Nehalem · Wed Feb 18, 2015 11:21 am

Hi,

im new to forums and ill be happy for any advices, because im pretty confused with new versions and settings.
Last i worked with v5 i think ?.

I bought Cloud Router Switch CRS125-24G-1S and i want to do this:

1) My WAN connection, what will be masqueraded is Ethernet port 23
2) I need two VLANs: 20 and 30
3) Port 1-8 will be in HW switch and will have port based acces VLAN 30 set
4) Port 9-16 will be in HW switch and will have port based acces VLAN 40 set
5) SFP port will be connected to next access switch, so its need to be trunk port with both VLANS
6) I need two virtual ESSIDs, one joined into VLAN 30 and second into VLAN 40
7) This router will route packets trough masq or other vlans.

How i need to set this ?
Should i :
1) Set port 1 master port : none
2) Set port 2-8 to master port: port 1
3) Set port 9 master port : none
4) Set port 10-16 to master port: port 9
5) Set port 23 to master port: none
6) Set VLAN 30 to master port 1, Set VLAN 40 to master port 9
7) Create Virtual AP 1, AP 2
8.) Create bridge 1 and join Virtual AP 1, Port 1 and SFP
9) Create bridge 2 and join Virtual AP 2, Port 9 and SFP

Whats bridge type (customer vlan/service vlan), should i use some ingress/egress settings ? I tried to look into
http://wiki.mikrotik.com/wiki/Manual:CR ... Based_VLAN but im still confused on my setting.

Wed Feb 18, 2015 4:23 pm

Start by configuring one switch port group for all ports with one master-port to able to properly configure VLANs in CRS switch-chip.
Then follow this example: http://wiki.mikrotik.com/wiki/Manual:CR ... AN_Routing

Nehalem · Wed Feb 18, 2015 5:12 pm

Thank you for response,
Both vlans on CRS are working now and ill get address from DHCP.
BUT:
Master port is now SFP, and if i will not connect client to some port inside CRS vlan40 rj45, ip route from that subnet is unreachable).
If ill connect it to some port from VLAN40, its ok.

I have connected other switch with same trunk port and VLANS 30 and 40 to that SFP trunk port.
So i will not get any address from DHCP (from CRS) if ill connect client to other switch.
I cannot also ping switch ip (VLAN40) from CRS.


/interface ethernet
set [ find default-name=sfp1 ] comment=Warehouse name=SFP-WAREHOUSE

/interface vlan
add interface=SFP-WAREHOUSE l2mtu=1584 name=VLAN30 vlan-id=30
add interface=SFP-WAREHOUSE l2mtu=1584 name=VLAN40 vlan-id=40

/interface ethernet
set [ find default-name=ether1 ] master-port=SFP-WAREHOUSE name=ETHER-1
set [ find default-name=ether2 ] master-port=SFP-WAREHOUSE name=ETHER-2
set [ find default-name=ether3 ] master-port=SFP-WAREHOUSE name=ETHER-3
set [ find default-name=ether4 ] master-port=SFP-WAREHOUSE name=ETHER-4
set [ find default-name=ether5 ] master-port=SFP-WAREHOUSE name=ETHER-5
set [ find default-name=ether6 ] master-port=SFP-WAREHOUSE name=ETHER-6
set [ find default-name=ether7 ] master-port=SFP-WAREHOUSE name=ETHER-7
set [ find default-name=ether8 ] master-port=SFP-WAREHOUSE name=ETHER-8
set [ find default-name=ether9 ] master-port=SFP-WAREHOUSE name=ETHER-9
set [ find default-name=ether10 ] master-port=SFP-WAREHOUSE name=ETHER-10
set [ find default-name=ether11 ] master-port=SFP-WAREHOUSE name=ETHER-11
set [ find default-name=ether12 ] master-port=SFP-WAREHOUSE name=ETHER-12
set [ find default-name=ether13 ] master-port=SFP-WAREHOUSE name=ETHER-13
set [ find default-name=ether14 ] master-port=SFP-WAREHOUSE name=ETHER-14
set [ find default-name=ether15 ] master-port=SFP-WAREHOUSE name=ETHER-15
set [ find default-name=ether16 ] master-port=SFP-WAREHOUSE name=ETHER-16


/interface ethernet switch egress-vlan-tag
add tagged-ports=SFP-WAREHOUSE,switch1-cpu vlan-id=30
add tagged-ports=SFP-WAREHOUSE,switch1-cpu vlan-id=40

/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=30 ports=\
    ETHER-1,ETHER-2,ETHER-3,ETHER-4,ETHER-5,ETHER-6,ETHER-7,ETHER-8 \
    sa-learning=yes
add customer-vid=0 new-customer-vid=40 ports=\
    ETHER-9,ETHER-10,ETHER-11,ETHER-12,ETHER-13,ETHER-14,ETHER-15,ETHER-16 \
    sa-learning=yes

/interface ethernet switch vlan
add ports="ETHER-1,ETHER-2,ETHER-3,ETHER-4,ETHER-5,ETHER-6,ETHER-7,ETHER-8,SFP\
    -WAREHOUSE,switch1-cpu" vlan-id=30
add ports="ETHER-9,ETHER-10,ETHER-11,ETHER-12,ETHER-13,ETHER-14,ETHER-15,ETHER\
    -16,SFP-WAREHOUSE,switch1-cpu" vlan-id=40

/ip address
add address=10.15.30.1/24 interface=VLAN30 network=10.15.30.0
add address=10.15.40.1/24 interface=VLAN40 network=10.15.40.0

/ip pool
add name=Vlan40 ranges=10.15.40.11-10.15.40.100
add name=Vlan30 ranges=10.15.30.11-10.15.30.100

/ip dhcp-server
add address-pool=Vlan30 disabled=no interface=VLAN30 lease-time=1d name=\
    "VLAN 30"
add address-pool=Vlan40 disabled=no interface=VLAN40 lease-time=1d name=\
    "VLAN 40"

/ip dhcp-server network
add address=10.15.30.0/24 dhcp-option-set="Vlan 30" dns-server=10.15.30.1 \
     gateway=10.15.30.1 netmask=24 ntp-server=10.15.30.1
add address=10.15.40.0/24 dhcp-option-set=\
    "Vlan 40" dns-server=10.15.40.1 gateway=10.15.40.1 \
    netmask=24 ntp-server=10.15.40.1

Nehalem · Thu Feb 19, 2015 1:07 pm

If i will set egress on trunk port, rotuer will disconnect me and i cannot connect to it again.
I need to remove egress tag to connect.

/interface ethernet switch egress-vlan-tag
add tagged-ports=SFP-WAREHOUSE,switch1-cpu vlan-id=40

Why ?

Nehalem · Thu Feb 19, 2015 3:09 pm

Sorry, you can close this topic..

Issue was created by second switch which was propagating link-up, but its wasnt.

Connection is now working ok, thanks for the first advice tho.

CRS advice on VLANS and HW switch

CRS advice on VLANS and HW switch

Re: CRS advice on VLANS and HW switch

Re: CRS advice on VLANS and HW switch

Re: CRS advice on VLANS and HW switch

Re: CRS advice on VLANS and HW switch

Who is online