Can you please help with issue I have with CRS125 and simple VLAN scenario where ethernet-1 is a trunk port with vlans 1,100 and port8 should be access port for vlan 1 and port16 access port for vlan100.
Unfortunately I cannot make a port as an ACCESS port on this switch, when I mirror the traffic leaving the eth6 and eth16, i can see all the traffic from eth1 with all the tagging.
I believe this is due to dynamically created vlans I have found on the switch but I cannot delete them .
An answers for the following questions would be very appreciated :
1.Why I see these dynamically created vlans [4095,4089]on CRS and how can I get rid of them
2.How can I strip the VLAN tag as the traffic leaving the access port
(on a mikrotik router I can see vlan-mode and VLAN-HEADER [leave,strip,add if missing] options under the switching)
3.What doest the Egress VLAN mode and VLAN type do under switch ports ? As if I change it between [unmodified/untagged] I cannot see any difference and the access ports are still egressing all vlans and all tagged.
/interface ethernet switch egress-vlan-tag print Flags: X - disabled, I - invalid, D - dynamic # VLAN-ID TAGGED-PORTS 0 D 4095 1 D 4089 2 1 ether1-gateway switch1-cpu 3 100 ether1-gateway
/interface ethernet switch vlan print Flags: X - disabled, I - invalid, D - dynamic # VLAN-ID PORTS SVL LEARN FLOOD INGRESS-MIRROR QOS-GROUP 0 D 4095 ether23-slave-local no no no no none ether24 sfp1-gateway switch1-cpu 1 X 666 ether23-slave-local no yes yes no none ether24 2 X 900 ether18-master no yes no no none ether23-slave-local 3 D 4089 ether1-gateway no yes no no none ether2-master-local ether3-slave-local ether4-slave-local ether5-slave-local ether6-slave-local ether7-slave-local ether8-slave-local ether9-slave-local ether10-slave-local ether11-slave-local ether12-slave-local ether13-slave-local ether14-slave-local ether15-slave-local ether16-slave-local ether17-master ether18-master ether19-slave-local ether20-slave-local ether21-slave-local ether22-slave-local switch1-cpu 4 1 ether1-gateway no yes no no none ether8-slave-local switch1-cpu 5 100 ether1-gateway no yes no no none ether16-slave-local 6 2 ether2-master-local no yes no no none ether4-slave-local
/interface ethernet switch ingress-vlan-translation print Flags: X - disabled, I - invalid, D - dynamic 0 ports=ether8-slave-local service-vlan-format=any customer-vlan-format=any customer-vid=0 new-customer-vid=1 pcp-propagation=no sa-learning=yes 1 ports=ether16-slave-local service-vlan-format=any customer-vlan-format=any new-customer-vid=100 pcp-propagation=no sa-learning=yes 2 D ports=ether1-gateway,ether2-master-local,ether3-slave-local,ether4-slave-local,ether5-slave-local,ether6-slave-local,ether7-slave-local,ether8-slave-local,ether9-slave-local,ether10-slave-local,ether11- slave-local,ether12-slave-local,ether13-slave-local,ether14-slave-local,ether15-slave-local,ether16-slave-local,ether17-master,ether18-master,ether19-slave-local,ether20-slave-local,ether21-slave-local, ether22-slave-local service-vlan-format=any customer-vlan-format=any new-customer-vid=4089 pcp-propagation=no sa-learning=yes 3 D ports=ether23-slave-local,ether24,sfp1-gateway service-vlan-format=any customer-vlan-format=any new-customer-vid=4095 pcp-propagation=no sa-learning=no
I was trying to follow the simple port-based vlans scenario from the wiki but still cannot achieve vlan isolation and a basic access port functionality.
/interface ethernet print Flags: X - disabled, R - running, S - slave # NAME MTU MAC-ADDRESS ARP MASTER-PORT SWITCH 0 R ;;; Mikrotik 260G - port 2 ether1-gateway 1500 4C:5E:0C:97:A2:57 enabled none switch1 1 RS ;;; NZXT - USB 2 ether2-master-local 1500 4C:5E:0C:97:A2:58 enabled ether1-gateway switch1 2 XS ether3-slave-local 1500 4C:5E:0C:97:A2:59 enabled ether1-gateway switch1 3 XS ;;; ADVA_Management ether4-slave-local 1500 4C:5E:0C:97:A2:5A enabled ether1-gateway switch1 4 XS ether5-slave-local 1500 4C:5E:0C:97:A2:5B enabled ether1-gateway switch1 5 XS ether6-slave-local 1500 4C:5E:0C:97:A2:5C enabled ether1-gateway switch1 6 XS ;;; Mikrotik 751G - port 1 ether7-slave-local 1500 4C:5E:0C:97:A2:5D enabled ether1-gateway switch1 7 XS ;;; Mikrotik 751G - port 2 ether8-slave-local 1500 4C:5E:0C:97:A2:5E enabled ether1-gateway switch1 8 XS ;;; SRX_2 [fe-0/0/0] ether9-slave-local 1500 4C:5E:0C:97:A2:5F enabled ether1-gateway switch1 9 XS ;;; SRX_1 [fe-0/0/0] ether10-slave-local 1500 4C:5E:0C:97:A2:60 enabled ether1-gateway switch1 10 XS ;;; SRX_2 [fe-0/0/1] ether11-slave-local 1500 4C:5E:0C:97:A2:61 enabled ether1-gateway switch1 11 XS ;;; SRX_1 [fe-0/0/1] ether12-slave-local 1500 4C:5E:0C:97:A2:62 enabled ether1-gateway switch1 12 XS ;;; SRX_2 [fe-0/0/2] ether13-slave-local 1500 4C:5E:0C:97:A2:63 enabled ether1-gateway switch1 13 XS ;;; SRX_1 [fe-0/0/2] ether14-slave-local 1500 4C:5E:0C:97:A2:64 enabled ether1-gateway switch1 14 XS ;;; SRX_2 [fe-0/0/3] ether15-slave-local 1500 4C:5E:0C:97:A2:65 enabled ether1-gateway switch1 15 XS ;;; SRX_1 [fe-0/0/3] ether16-slave-local 1500 4C:5E:0C:97:A2:66 enabled ether1-gateway switch1 16 XS ;;; ADVA-port2 ether17-master 1500 4C:5E:0C:97:A2:67 enabled ether1-gateway switch1 17 XS ;;; ADVA-port1 - NETWORK_PORT ether18-master 1500 4C:5E:0C:97:A2:68 enabled ether1-gateway switch1 18 XS ether19-slave-local 1500 4C:5E:0C:97:A2:69 enabled ether1-gateway switch1 19 XS ether20-slave-local 1500 4C:5E:0C:97:A2:6A enabled ether1-gateway switch1 20 XS ether21-slave-local 1500 4C:5E:0C:97:A2:6B enabled ether1-gateway switch1 21 XS ether22-slave-local 1500 4C:5E:0C:97:A2:6C enabled ether1-gateway switch1 22 R ;;; NZXT - USB 1 [captures] ether23-slave-local 1500 4C:5E:0C:97:A2:6D enabled none switch1 23 X ether24 1500 4C:5E:0C:97:A2:6E enabled none switch1 24 X sfp1-gateway 1500 4C:5E:0C:97:A2:6F enabled none switch1
I have disabled majority of the ports for testing and assign them to a single master port but still cannot remove the dynamic vlans.
I don't usually struggle with such a simple task as configuring vlan trunk and access port but on CRS this is very confusion.
Thank you very much in advance.