Community discussions

MikroTik App
 
kril
just joined
Topic Author
Posts: 1
Joined: Mon Jan 25, 2021 8:26 am

SwOS assistance with Trunking/Voice/Data

Mon Jan 25, 2021 12:59 pm

Hi All,

Hoping that I can get get some sort of assistance if possible.
I currently have 2 Mikrotik switches:

1x CRS326-24G-2S+
1x CRS328-24P-4S+

I have ran through a multitude if docs and how tos/youtube videos over the past mont and have not had any joy. if someone is able to assist me, I would really appreciate it. I think its something really stupid that I'm missing, as I'm new to Mikrotik.

The situation:

I currently have a L3 switch, connected to a FW
All my Vlans reside on the L3 switch, with a default route to to the interface connected to Port 1 on the FW. The problem with this is that Inter Vlan routing happens without Policies, and all the Vlans can route to each other. The switch is also in the brink of death, hence the replacement and move to Mikrotik.

I have set up the Mikrotik switches in SwOS, as I only want them to do L2 switching, as all the Vlans will be moved to the FW, and traffic between them will be controlled via access lists.
This is a fairly simple setup, and I have done it tons of times with other equipment, mainly Cisco.
The FW will have a single interface with 4 Subinterfaces for each Vlan, and Voice. The DHCP Server will reside in the Server Segment on Vlan on of the Vlans.

Most of the previous occasions, on Cisco, I would Create a trunk on the link connecting to the FW, and allow the specific Vlans to traverse the trunk. Create each Vlan on the switch, and then issue the command (switchport mode access vlan x) and then set the voice vlan with command (voice vlan x)
I believe the concept should be the same in the Mikrotik, but the way it gets done is slightly different, and I think its just a knowledge barrier
What I want to Achieve:
Image

What I have done is the below:

Switch Trunks
Linked the two switches Via Ethernet for now(To bw changed to Fibre at a later stage).
Created all the Vlans on both switches.
For the Trunk between switches, on the VLANs tab, I made all the Vlans a member
I left the Default Vlan to 1 under the VLAN Tab.

Image


For the Access Ports:
For ports that I only wanted to access a single Vlan, I changed the Vlan Mode to "Strict" and under the VLANs tab I specified which port is assigned to which Vlan.(I noticed that I have to change the Default Vlan to the Vlan that I want the port to be a part of for this to work?)
Port isolation and Learning is ticked.
How do I allow a Voice Vlan with a Data Vlan on these ports?
Image
Image

For the Trunk Port to the FW:
I left the Default Vlan ID as 1
Then under the VLANs tab, I ticked all the Vlans that I wanted to go across that port to the Firewall
Image


On the Firewall I assigned a Vlan Tag to each Subinterface, and set the gateway.
I also created a DHCP Relay for DHCP.

What I noticed when Testing:
DHCP relay does not work, unless I change the Default Vlan ID on the Link going to the Firewall to the Vlan that needs DHCP. This would present a problem, as all the Vlans need DHCP.

I'm just trying to figure out where I went off track here.
Any Assistance would be Greatly appreciated.

I have attempted to use Youtube
I have attempted this article as well:
https://wiki.mikrotik.com/wiki/SWOS/CSS326-VLAN-Example

I have also read the user manuals, but seem to be missing something.
I also noticed that SwOS does not have a CLI to test connectivity via pings etc,

Who is online

Users browsing this forum: Google [Bot] and 4 guests