Community discussions

MikroTik App
 
User avatar
grumpazoid
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 77
Joined: Tue Nov 19, 2019 1:32 pm

VLAN setup for CCR1016 and CRS226

Fri Mar 05, 2021 5:20 pm

I plan to set up VLANS on these and would be interested to hear the recommended method.
The CCR will handle routing and a trunk to CRS with approx. 3 VLANS

I have previously used the excellent forum guide viewtopic.php?t=143620 with my HAP devices.
Should I still be using bridge VLAN filtering with these devices (i.e. no hardware offload) or other methods as mentioned here https://wiki.mikrotik.com/wiki/Manual:C ... s_examples
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: VLAN setup for CCR1016 and CRS226

Fri Mar 05, 2021 5:39 pm

SInce I believe those are mainly switches and may be able to take advantage of switch chips etc......
THis is also an excellent guide for the other way.............
https://www.youtube.com/watch?v=Rj9aPoyZOPo
 
tdw
Forum Guru
Forum Guru
Posts: 1841
Joined: Sat May 05, 2018 11:55 am

Re: VLAN setup for CCR1016 and CRS226

Fri Mar 05, 2021 5:46 pm

Or other methods as mentioned here https://wiki.mikrotik.com/wiki/Manual:C ... s_examples
Yes, for the CRS226 to retain wire-speed switching. As the CCR1016 doesn't have a hardware switch just use the usual VLAN-aware bridge setup for that.
 
User avatar
grumpazoid
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 77
Joined: Tue Nov 19, 2019 1:32 pm

Re: VLAN setup for CCR1016 and CRS226

Fri Mar 05, 2021 7:11 pm

Thanks for the replies and clarification. I had noticed that YouTube video before so will spend some time on it now I can use it.

So the wiki states "For more complex setups (for example, VLAN filtering) you should use the port isolation feature instead."
I assume that means I can follow the Port Based VLAN section on that page?
 
tdw
Forum Guru
Forum Guru
Posts: 1841
Joined: Sat May 05, 2018 11:55 am

Re: VLAN setup for CCR1016 and CRS226

Fri Mar 05, 2021 7:30 pm

AFAIK that refers to private VLANs which are different to 802.1Q virtual LANs, the latter are what most people are referring to VLANs.

The switch chip in CRS1xx/2xx devices can be programmed to do either, and also protocol or MAC-based VLANs neither of which are particularly common these days.
 
User avatar
grumpazoid
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 77
Joined: Tue Nov 19, 2019 1:32 pm

Re: VLAN setup for CCR1016 and CRS226

Fri Mar 05, 2021 8:18 pm

AFAIK that refers to private VLANs which are different to 802.1Q virtual LANs, the latter are what most people are referring to VLANs.

The switch chip in CRS1xx/2xx devices can be programmed to do either, and also protocol or MAC-based VLANs neither of which are particularly common these days.
Thanks. I should have read further down the page to see there is a separate port based isolation section.
That makes things much clearer - Essentially I want a setup like shown example 1 under port based VLAN. Hopefully that will match up to what is said in the Youtube video - saving that excitement for tomorrow!
 
User avatar
grumpazoid
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 77
Joined: Tue Nov 19, 2019 1:32 pm

Re: VLAN setup for CCR1016 and CRS226

Sat Mar 06, 2021 2:12 pm

I have watched the video. It is a nice and straightforward, but there are a couple of differences to my setup:

1. In the video he just sets up the router with port based VLAN. I will be using bridge VLAN filtering as this is now the recommended way?
2. His switch configuration is nice and simple but differs from that shown at https://wiki.mikrotik.com/wiki/Manual:C ... Based_VLAN.
I assume that's because that is specific to the CRS2xx switch chip so I should use this way?
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: VLAN setup for CCR1016 and CRS226

Sat Mar 06, 2021 3:26 pm

1. Port-based VLAN versus bridge vlan filtering depends whether you want to use device as router/switch combo or as plain router. The guy in video is using leftmost device as plain router and bridge is not needed at all. If you want to use multiple ports on CCR to carry same (V)LAN, then you should use bridge with vlan-filtering.

2. Switch-chip setup is highly dependant on actual switch chip used. Guy in video is using hAP lite with AR8227 switch chip while yours is CRS226 with QCA8519 (or whatever name it's known under since QCA8519 is a SoC). So yes, you should follow the document you linked in your last post to properly configure your device.
 
User avatar
grumpazoid
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 77
Joined: Tue Nov 19, 2019 1:32 pm

Re: VLAN setup for CCR1016 and CRS226

Sat Mar 06, 2021 5:12 pm

Fantastic. All makes sense now. Thanks everybody.
 
User avatar
grumpazoid
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 77
Joined: Tue Nov 19, 2019 1:32 pm

Re: VLAN setup for CCR1016 and CRS226

Thu Apr 08, 2021 9:02 pm

I have this set up and working now. I can connect into the desired VLAN port on the switch and receive an appropriate DHCP address for that VLAN.

As it stands now I have router on a stick. CCR does all the routing with a single trunk to CRS acting as a switch.
Now I want to make sure I can get maximum speed between certain VLANS. If I am not mistaken, the trunk is going to be a bottleneck and I need some inter VLAN routing on the CRS.

https://wiki.mikrotik.com/wiki/Manual:C ... AN_Routing
Looks like I need to add some IPs to the VLANS on the CRS and add the switch1-CPU to the required VLANS?
 
tdw
Forum Guru
Forum Guru
Posts: 1841
Joined: Sat May 05, 2018 11:55 am

Re: VLAN setup for CCR1016 and CRS226

Thu Apr 08, 2021 9:20 pm

You could but it isn't worth it:
The various client devices would require static routes to the VLAN IP addresses on the CRS as they will send all traffic not destined for their subnet to their gateway address on the CCR.
You can easily end up with firewall issues stemming from triangular routes.
As CRS devices are intended to be switches, not routers, forwarding using the CPU may well be slower than the 1Gbps link to the CCR.

You might consider bonding, the CRS2xx devices do not support LACP but you can create a static link aggregation group https://wiki.mikrotik.com/wiki/Manual:C ... ith_Trunks
 
User avatar
grumpazoid
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 77
Joined: Tue Nov 19, 2019 1:32 pm

Re: VLAN setup for CCR1016 and CRS226

Thu Apr 08, 2021 10:57 pm

@tdw - thanks, very good point about the client machines gateway. I think things could get messy quite quickly if I start configuring firewall rules and routes on the CSR.
The link aggregation looks good. I will study the wiki page you have listed and try and implement that.
 
User avatar
grumpazoid
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 77
Joined: Tue Nov 19, 2019 1:32 pm

Re: VLAN setup for CCR1016 and CRS226

Fri Apr 09, 2021 4:13 pm

So I set up port trunking today as per the guide - I am using two ports on each device

I have tested client to client speed across VLANS by running iperf. I get an average of about 940Mbps. Interestingly if I remove one of the trunk cables. the speed stays the same?
Why does in not decrease? This implies all the data is not going through the router.
Maybe I should have tested first, but at least I have some redundancy.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: VLAN setup for CCR1016 and CRS226

Fri Apr 09, 2021 6:09 pm

Documentation about switch trunks, supported by CRS1xx/CRS2xx, is slightly scarce, but judging from configuration example shown in this document it is possible to assume it's similar to bonding with layer2-and-3 transmit policy. And with this kind of bonds pair of hosts (same pair of MAC addresses - L2 - and same pair of IP addresses - L3) always use single (and same) physical link (not necessarily same in both directions though). So trunk/bond doesn't speed up connections between single pair of network devices, it offers higher overall throughput (e.g. when multiple pairs are communicating at the same time) as traffic gets statistically distributed over all available physical links. At the same time trunk/bond offers redundancy, in case of failure of one link traffic gets (more or less) seamlessly redistributed/migrated to the rest of links.
 
User avatar
grumpazoid
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 77
Joined: Tue Nov 19, 2019 1:32 pm

Re: VLAN setup for CCR1016 and CRS226

Fri Apr 09, 2021 7:11 pm

Documentation about switch trunks, supported by CRS1xx/CRS2xx, is slightly scarce, but judging from configuration example shown in this document it is possible to assume it's similar to bonding with layer2-and-3 transmit policy. And with this kind of bonds pair of hosts (same pair of MAC addresses - L2 - and same pair of IP addresses - L3) always use single (and same) physical link (not necessarily same in both directions though). So trunk/bond doesn't speed up connections between single pair of network devices, it offers higher overall throughput (e.g. when multiple pairs are communicating at the same time) as traffic gets statistically distributed over all available physical links. At the same time trunk/bond offers redundancy, in case of failure of one link traffic gets (more or less) seamlessly redistributed/migrated to the rest of links.

Thanks for the explanation. I am getting near Gigabit speeds between 2 laptops so I can't ask for much more. I used documentation as linked by tdw above and explains setting up the crs and also the router.

Who is online

Users browsing this forum: BinaryTB, raphaps, rplant and 67 guests