Community discussions

MUM Europe 2020
 
anubisg1
just joined
Topic Author
Posts: 5
Joined: Sat Feb 23, 2019 1:29 pm
Contact:

Basic vlan layer 2 config on CRS317-1G-16S+

Wed Feb 12, 2020 2:55 pm

Hello everyone,

i come from a Cisco/Juniper/Arista background and i am really just starting to play with Mikrotik in our lab.
I have a CRS317-1G-16S+ which we want to use as a media converter or "cloud" simulation between our Cisco Nexus or Juniper QFX devices.

I'm trying to make a very simple layer 2 setup (no inter-vlan routing what so ever) but i am struggling and i really cannot understand what is the logic behind the Router OS.

my goal is to do the following:

* create vlan 100,200 and 3921
* on port sfp-sfpplus3 i want to make it a trunk and ONLY allow vlan 3921 tagged
* on port sfp-sfpplus5 and sfp-sfpplus6, i want to make it a trunk and allow ONLY vlan 100,200 and 3921 with vlan 100 as native
* on port sfp-sfpplus7 i want to make it a trunk and allow all vlans so that i don't have to edit that interface everytime i create new vlans

in cisco terms what i would do is

vlan 100
vlan 200
vlan 3921

interface eth1/3
switchport mode trunk
switchport trunk allowed vlan 3921

interface eth1/5
switchport mode trunk
switchport trunk native vlan 100
switchport trunk allowed vlan 100,200,3921

interface eth1/6
switchport mode trunk
switchport trunk native vlan 100
switchport trunk allowed vlan 100,200,3921

interface eth1/7
switchport mode trunk
switchport trunk allowed vlan all


----

Can someone please help me out to figure out how this config would be done?
what if i wanted one port to be an access port?

thanks a lot!
------------------------------------------
Andrea Florio - Senior Network Architect
CCIE R&S #46985
------------------------------------------
 
mkx
Forum Guru
Forum Guru
Posts: 3745
Joined: Thu Mar 03, 2016 10:23 pm

Re: Basic vlan layer 2 config on CRS317-1G-16S+  [SOLVED]

Wed Feb 12, 2020 4:31 pm

This tutorial should help you with ROSish ...
BR,
Metod
 
anubisg1
just joined
Topic Author
Posts: 5
Joined: Sat Feb 23, 2019 1:29 pm
Contact:

Re: Basic vlan layer 2 config on CRS317-1G-16S+

Wed Feb 12, 2020 4:37 pm

Thanks, let me read it out.
If i get it working i will paste here my config that mirrors the cisco one
------------------------------------------
Andrea Florio - Senior Network Architect
CCIE R&S #46985
------------------------------------------
 
User avatar
IPANetEngineer
Trainer
Trainer
Posts: 1161
Joined: Fri Aug 10, 2012 6:46 am
Location: Jackson, MS, USA
Contact:

Re: Basic vlan layer 2 config on CRS317-1G-16S+

Wed Feb 12, 2020 4:42 pm

This article I wrote will probably be very helpful since you're familiar with Cisco. It translates cisco switching configs for VLANs to the MikroTik equivalent.

https://stubarea51.net/2019/02/06/cisco ... and-vlans/
Global - MikroTik Support & Consulting - English | Francais | Español | Portuguese +1 855-645-7684
https://iparchitechs.com/services/mikro ... l-support/ mikrotiksupport@iparchitechs.com
 
anubisg1
just joined
Topic Author
Posts: 5
Joined: Sat Feb 23, 2019 1:29 pm
Contact:

Re: Basic vlan layer 2 config on CRS317-1G-16S+

Wed Feb 12, 2020 5:25 pm

Guys you are my saviours!

i will publish here my config once done but i begin to see the light :)

one thing that seems to be very annoying is that if i had vlan 100-300 to port1 , and then i go to add vlan 100 to port2, it will complain as vlan is already added.
[admin@MKTK-SW02] /interface bridge vlan> add bridge=bridge1 tagged=port-channel1 vlan-ids=100-300
[admin@MKTK-SW02] /interface bridge vlan> add bridge=bridge1 tagged=eth5 vlan-ids=100                 
failure: vlan already added
i am trying to understand if i really have to create 1 entry per vlan, or if i will have to find some way to optimize this in something like
[admin@MKTK-SW02] /interface bridge vlan> add bridge=bridge1 tagged=port-channel1,eth5 vlan-ids=100                 
[admin@MKTK-SW02] /interface bridge vlan> add bridge=bridge1 tagged=port-channel1 vlan-ids=101-300

it seems to be overly complicated for no real reason..


for the moment the config i have is like this (no way to be final)
/interface bridge
add name=bridge1 protocol-mode=none vlan-filtering=yes
/interface ethernet
set [ find default-name=sfp-sfpplus1 ] l2mtu=9216 mtu=9000 name=eth1
set [ find default-name=sfp-sfpplus2 ] l2mtu=9216 mac-address=CC:2D:E0:A2:70:99 mtu=9000 name=eth2
set [ find default-name=sfp-sfpplus3 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full,10000M-full comment="ETH3 - Connection to Juniper" l2mtu=9216 mtu=9000 name=eth3
set [ find default-name=sfp-sfpplus4 ] l2mtu=9216 mtu=9000 name=eth4
set [ find default-name=sfp-sfpplus5 ] l2mtu=9216 mtu=9000 name=eth5
set [ find default-name=sfp-sfpplus6 ] l2mtu=9216 mtu=9000 name=eth6
set [ find default-name=sfp-sfpplus7 ] l2mtu=9216 mtu=9000 name=eth7
set [ find default-name=sfp-sfpplus8 ] l2mtu=9216 mtu=9000 name=eth8
set [ find default-name=sfp-sfpplus9 ] l2mtu=9216 mtu=9000 name=eth9
set [ find default-name=sfp-sfpplus10 ] l2mtu=9216 mtu=9000 name=eth10
set [ find default-name=sfp-sfpplus11 ] l2mtu=9216 mtu=9000 name=eth11
set [ find default-name=sfp-sfpplus12 ] l2mtu=9216 mtu=9000 name=eth12
set [ find default-name=sfp-sfpplus13 ] l2mtu=9216 mtu=9000 name=eth13
set [ find default-name=sfp-sfpplus14 ] l2mtu=9216 mtu=9000 name=eth14
set [ find default-name=sfp-sfpplus15 ] l2mtu=9216 mtu=9000 name=eth15
set [ find default-name=sfp-sfpplus16 ] l2mtu=9216 mtu=9000 name=eth16
set [ find default-name=ether1 ] l2mtu=9216 mtu=9000 name=mgmt0
/interface bonding
add mode=802.3ad mtu=9000 name=port-channel1 slaves=eth1,eth2 transmit-hash-policy=layer-2-and-3

/interface bridge port
add bridge=bridge1 frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=port-channel1
add bridge=bridge1 frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=eth3
add bridge=bridge1 frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=eth5
add bridge=bridge1 frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=eth6
add bridge=bridge1 frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=eth4
add bridge=bridge1 frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=eth7
add bridge=bridge1 frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=eth8
add bridge=bridge1 frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=eth9
add bridge=bridge1 frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=eth10
add bridge=bridge1 frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=eth11
add bridge=bridge1 frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=eth12
add bridge=bridge1 frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=eth13
add bridge=bridge1 frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=eth14
add bridge=bridge1 frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=eth15
add bridge=bridge1 frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=eth16
/interface bridge vlan
add bridge=bridge1 tagged=eth3,eth5,eth6,port-channel1 vlan-ids=3921
------------------------------------------
Andrea Florio - Senior Network Architect
CCIE R&S #46985
------------------------------------------
 
mkx
Forum Guru
Forum Guru
Posts: 3745
Joined: Thu Mar 03, 2016 10:23 pm

Re: Basic vlan layer 2 config on CRS317-1G-16S+

Wed Feb 12, 2020 10:56 pm

It seems that in /interface bridge vlan one can only add config lines with unique combination of bridge=<bridge name> vlan-ids=<VID> ... so defining a config line with range of VIDs complicates things later when one wants to make setup a tad more complex. Simplifying your example into 200 config lines doesn't make much sense either.

BTW, if we constrain ourselves to slightly simpler example: you have a trunk port with a couple of VLANs and you later on decide to add another port with single VLAN, you' do it like this:
#initial setup
/interface bridge vlan
add bridge=bridge1 vlan-ids=100 tagged=port-channel1
add bridge=bridge1 vlan-ids=200-300 tagged=port-channel1
# later addition
set bridge=bridge1 vlan-ids=100 tagged=port-channel1,eth5

Note use of set instead of add as you're changing an existing entity rather than adding a new one.
BR,
Metod

Who is online

Users browsing this forum: CZFan, dmcdon, GiedriusK, ingdaka, McSee, MSN [Bot] and 129 guests