Community discussions

 
barkas
Member Candidate
Member Candidate
Topic Author
Posts: 260
Joined: Sun Sep 25, 2011 10:51 pm

Switching with RouterOS / CRS Questions

Fri Jul 19, 2013 9:34 pm

The announced CRS is to be the first real switch from Mikrotik. Unfortunately RouterOS switching support is very limited at the moment.

On select models with specific switch chips (mostly Atheros 8327 and 8316), VLAN Trunking and VLAN Access Ports are supported.

The most glaring omission is any sort of spanning tree support for switching - spanning tree is only supported for bridges, if poorly - only stp and rstp are supported, no mst or pvst / rapid-pvst.
Also, no port channels or any of the other nice features we have come to expect from managed switches, even if it's the low cost stuff from netgear.

That raises some questions:

- Is CRS with the present software support useable for the enterprise scenarios we have become used to using routerboards for?
- Is extended switching support planned for future RouterOS releases?
- Was CRS delayed because of this - can we hope for better switching support with the CRS release?
 
barkas
Member Candidate
Member Candidate
Topic Author
Posts: 260
Joined: Sun Sep 25, 2011 10:51 pm

Re: AW: Switching with RouterOS / CRS Questions

Thu Oct 24, 2013 12:59 am

I have to bump this now that crs seems to be here.

So what is the functionality of this?
 
cheeze
Member Candidate
Member Candidate
Posts: 146
Joined: Tue Jul 31, 2012 7:44 am

Re: Switching with RouterOS / CRS Questions

Thu Oct 24, 2013 1:08 am

So, just to add some info here. PVST is Cisco proprietary. Other vendors (Juniper) do it also (they call it Virtual Spanning Tree or VSTP) but they have to license that crap out. Not sure Mikrotik wants to do that. I don't blame em either. You shouldn't expect PVST. I can understand expecting MST though. Even then though, who REALLY uses RSTP in large networks. Not really anyone (if they have sense in actually designing a scalable network). For what it's worth, it's NOT worth having layer 2 be anything past the access layer....and even then I personally recommend going layer 3 right down to the access layer.

From what I've seen so far.....if I remember right.....the RouterOS supports port channels/LAGs/LACP bundles/port aggregation here.
 
barkas
Member Candidate
Member Candidate
Topic Author
Posts: 260
Joined: Sun Sep 25, 2011 10:51 pm

Re: AW: Switching with RouterOS / CRS Questions

Thu Oct 24, 2013 9:15 am

Ok, the first question here, is CRS a router or a switch?

In my opinion, it's a switch, the CPU is much too weak for so many ports. And I do mean switch here, not bridge. That means the usage scenario is datacenter or access layer and it means primarily L2 through the hardware switching functionality.

In routeros as we know it, switching doesn't support ANY spanning tree. Even proper VLAN support was only added in ROS 6. If it's a switch, I expect it to be usable as one, and the way it stands now, it probably isn't.

So the question stands, what are the new switching features added to ROS for CRS.
 
jbaird
newbie
Posts: 48
Joined: Tue May 10, 2011 6:11 am

Re: Switching with RouterOS / CRS Questions

Tue Nov 05, 2013 12:55 am

I would like some clarification as well. What makes the CRS a more capable L3 switch compared to any other ROS device?

I found this:

http://wiki.mikrotik.com/wiki/Manual:CRS_examples

Which leads me to believe nothing has changed at all. The VLAN functionality is still just as convultued as ever. I was hoping to be able to replace some small Cisco L3 switches with the CRS, but it doesn't look like that is going to happen. I need multiple L3 VLAN interfaces, and I need to easily be able to configure them as either tagged (trunk) or untagged (access) on any given switch interface.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24264
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Switching with RouterOS / CRS Questions

Tue Nov 05, 2013 9:44 am

Currently we are still adding Switching features for the CRS. Right now you get only basic Switch functionality, but the hardware allows for much more, and new features will be added with every software update.

Please give us examples of the most important switch functions that you want us to make.
No answer to your question? How to write posts
 
User avatar
Caci99
Forum Guru
Forum Guru
Posts: 1064
Joined: Wed Feb 21, 2007 2:26 pm
Location: Tirane
Contact:

Re: Switching with RouterOS / CRS Questions

Tue Nov 05, 2013 12:26 pm

In my opinion, it's a switch, the CPU is much too weak for so many ports.
I am not familiar at all with switching configuration, so sorry for the question but is a 600MHz CPU too small for a switch?
-Toni-
Don't crash the ambulance, whatever you do
 
onnoossendrijver
Member
Member
Posts: 418
Joined: Mon Jul 14, 2008 11:10 am
Location: The Netherlands

Re: Switching with RouterOS / CRS Questions

Tue Nov 05, 2013 1:34 pm

If you want to do heavy routing (more than several-hundreds of mbit/s) it is not enough. For management tasks and light routing tasks it is more than enough.
If you want wirespeed layer 3 switching/routing you should consider a CCR.
Linux/network engineer: ITIL, LPI1, CCNA R+S, CCNP R+S, JNCIA, JNCIS-SEC
 
tywtyw2002
just joined
Posts: 2
Joined: Mon Nov 04, 2013 6:50 am

Re: Switching with RouterOS / CRS Questions

Tue Nov 05, 2013 9:16 pm

HI,
is crs-125 now support port mirror, QinQ, port base qos?

In other word, we can say is crs125 same as which seriers of cisco L3 switch? 3725, 4500?
 
Neilson
Member Candidate
Member Candidate
Posts: 174
Joined: Tue Nov 06, 2012 10:42 pm
Location: Auckland, New Zealand

Re: Switching with RouterOS / CRS Questions

Wed Nov 06, 2013 5:28 am

@Normis

The examples look great on the examples page (along with some Winbox screens to implement them please)

Some setups I would like to see:
- Trunk Ports with optional "Native" VLAN (drop down box to select native from all defined VLANS

- Allow us a "VLAN's" section of the cli / Winbox where we define VLANs for the switch
something like / switch vlans add name="VLAN Name" vlan-id=1234 S-VLAN=yes/no

- Use the VLAN's defined to then add to a trunk port with the VLAN' on it like we add channel scan into wireless

- Allow VLAN Groups like frequency scan groups to easily make regular trunks for deployment (like we have 3 VLANS we deploy on most ports)

These are just my very first ideas. mostly making the system much more simple to deploy them onto the ports.

Regards
Alexander
 
User avatar
lamersons
just joined
Posts: 7
Joined: Tue Dec 11, 2007 10:34 am

Re: Switching with RouterOS / CRS Questions

Wed Nov 06, 2013 1:39 pm

Being huge fan of MT i get almost every MT new product to check it out and to play around. This time i got CSR125 ros6.5, and boy...

after spending 5hours trying to acomplish the most generic switching tasks i felt stupid as faq because i failed:
1. didnt find an easy way to assign vlan to a port or easly configure a trunk link and permit all vlans. The way from examples(to match default VID with a "In.Vlan Tran" rule and to apply a different VID) feels complicated. Couldnt get "VLAN" and "VLAN Tagging" tabs to work at all :(
2. didnt find a way to terminate vlan on a switch(SVI)
3. unclear with STP configuration beeing only for bridge interfaces
4. Lack of documentation on switching functions

Putting my new CSR125 on a shelf for some time, unusable...
MTCRE, HuaweiCNP, CCNP RS, CEHv7
 
jbaird
newbie
Posts: 48
Joined: Tue May 10, 2011 6:11 am

Re: Switching with RouterOS / CRS Questions

Wed Nov 06, 2013 3:45 pm

MT's VLAN configuration has always been overly-complicated and confusing. An example of what the CRS should be able to do (using Cisco):

interface vlan10
ip address 10.1.1.1/24
!
interface vlan20
ip address 10.2.1.1/24
!
interface gigabitethernet0/1
desc trunk to another switch (tagged)
switchport mode trunk
switchport trunk allowed vlan 10,20
!
interface gigabitethernet0/2
desc uplink to PC (untagged)
switchport
switchport mode access
switchport access vlan 10
!

So, we create two L3 VLAN's and assign IP addresses to them (an "SVI" in Cisco). This enables routing between the two VLANs. Next, we turn Port1 into a dot1q trunk port which tags both VL10 and VL20. Port 2 is an access port (untagged). In this configuration, I can easily assign VL10 or VL20 to any switchport on the switch, tagged or untagged. MT needs to be able to do this, ESPECIALLY on a product that you are calling a "fully capable L3 switch."' Otherwise, it's just another MT router.

Until this functionality exists, I won't be purchasing any of these, and I won't recommend them to anyone that is looking for a L3 switch.
 
User avatar
omega-00
Forum Guru
Forum Guru
Posts: 1167
Joined: Sat Jun 06, 2009 4:54 am
Location: Australia
Contact:

Re: Switching with RouterOS / CRS Questions

Thu Nov 07, 2013 7:43 am

While there are plenty of new options I can concur that the interface and configuration still seems a bit odd and I haven't had much luck getting the example configs working.

For starters the example listings for port based vlan (what I'm interested in) are incorrect on the wiki:

ros code

/interface ethernet switch ingress-vlan-translation
add switch=switch1 port=ether6 customer-vid=0 new-customer-vid=200
Should be:

ros code

/interface ethernet switch ingress-vlan-translation
add switch=switch1 port=ether6 match-customer-vid=0 new-customer-vid=200
Here's the listing from the switch itself of some of the new options:
CRS-switch.PNG
You do not have the required permissions to view the files attached to this post.
brightwifi.com | mikrotik-routeros.com | MTCNA,MTCWE.MTCTCE | Give karma where due
 
User avatar
omega-00
Forum Guru
Forum Guru
Posts: 1167
Joined: Sat Jun 06, 2009 4:54 am
Location: Australia
Contact:

Re: Switching with RouterOS / CRS Questions

Thu Nov 07, 2013 7:47 am

Along with this it's not really clear how pulling things back to vlan 0 is support to work for configs.

IE:
If I want tagged/trunked vlans 20,30,40 coming in on ether1 and
vlan 20 untagged out ether2
vlan 30 untagged out ether3
vlan 40 untagged out ether4

I would assume I should:
1. accept tagged vlans 20,30,40 on ether1
2. ensure traffic in ether2,ether3,ether4 is tagged as it comes in with the respective vlan (20,30,40)
3. ensure traffic passing out ether2,ether3,ether4 is untagged as it passes out with the respective vlan (20,30,40)

But this does not align with how I configure the ports.
brightwifi.com | mikrotik-routeros.com | MTCNA,MTCWE.MTCTCE | Give karma where due
 
User avatar
omega-00
Forum Guru
Forum Guru
Posts: 1167
Joined: Sat Jun 06, 2009 4:54 am
Location: Australia
Contact:

Re: Switching with RouterOS / CRS Questions

Thu Nov 07, 2013 8:12 am

Please give us examples of the most important switch functions that you want us to make.
Perhaps a graphical configuration model for ease of setup which would then allow us to export configs and see what they're supposed to look like?

IE:
48PS_27_Modify_VLAN.jpg
or
vlans.PNG
U = Untagged
T = Tagged
X = Not included in vlan group

Along with these options:
  • DHCP Snooping,
    Multicast and Unicast traffic filtering,
    port-based mac-address limiting (with a recovery timeout of some sort)
    the switch based ACL/firewall options also appear to have gone from the switch config page on the CRS too
You do not have the required permissions to view the files attached to this post.
brightwifi.com | mikrotik-routeros.com | MTCNA,MTCWE.MTCTCE | Give karma where due
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24264
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Switching with RouterOS / CRS Questions

Thu Nov 07, 2013 8:55 am

Omega, OK about the first image, but the second is really confusing :)
No answer to your question? How to write posts
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24264
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Switching with RouterOS / CRS Questions

Thu Nov 07, 2013 9:01 am

The manual mistakes are not really mistakes, the syntax changed for v6.6
No answer to your question? How to write posts
 
jbaird
newbie
Posts: 48
Joined: Tue May 10, 2011 6:11 am

Re: Switching with RouterOS / CRS Questions

Thu Nov 07, 2013 3:53 pm

Also, if it's a Layer3 switch, we really need to [easily] be able to terminate L3 VLAN's (SVI) on the switch it's self.

ie, create a VLAN interface, assign an IP address to it, then be able to assign that VLAN to multiple physical interfaces (tagged or untagged). This would also enable routing between VLANs.

The features that Omega said are most definitely needed, but those are typically found in any off-the-shelf managed L2 switch.
 
CTrain
Frequent Visitor
Frequent Visitor
Posts: 66
Joined: Thu Nov 07, 2013 4:41 am

Re: Switching with RouterOS / CRS Questions

Fri Nov 08, 2013 2:26 am

Is it possible on the cloud router switch to perform bonding/link aggregation/teaming using protocols such as 802.3ad (LACP). I know it is possible to perform the bond using the routerOS functions however that requires a CPU based bond. is it possible to perform the bond with the layer 3 switch chip for wire speed channel bonding? I would like to use the switching hardware because the CPU generally maxes out prior to 1Gb/s throughput thus bonding is actually slowing the network down. Also managed switches from most other vendors support this functionality.
 
Basdno
Member Candidate
Member Candidate
Posts: 118
Joined: Wed Feb 17, 2010 10:11 pm

Re: Switching with RouterOS / CRS Questions

Fri Nov 08, 2013 12:09 pm

The new CRS Switches look very interesting.

I was wondering if there are plans for a "Multiple SFP" CRS switch soon. F.ex. 24 Gig SFP ports (and maybe 4-8 gig etherports, preferably without combo share with SFP ports. But if only possibility with combo for etherports).

An "all" SFP switch is very useful in central points of Optical networks and in distributionpoints of f.ex. FTH.

Could we be seeing such a product in near future? :)

Also it could be nice with atleast 2 SFP ports on normal CRS switch, so it is possible to have both an inlink AND an outlink on optical SFP port.
 
User avatar
omega-00
Forum Guru
Forum Guru
Posts: 1167
Joined: Sat Jun 06, 2009 4:54 am
Location: Australia
Contact:

Re: Switching with RouterOS / CRS Questions

Mon Nov 11, 2013 1:17 am

Omega, OK about the first image, but the second is really confusing :)
Was just some examples, as any sort of bulk changes right now are time consuming.
brightwifi.com | mikrotik-routeros.com | MTCNA,MTCWE.MTCTCE | Give karma where due
 
User avatar
nz_monkey
Forum Guru
Forum Guru
Posts: 1821
Joined: Mon Jan 14, 2008 1:53 pm
Location: Straya
Contact:

Re: Switching with RouterOS / CRS Questions

Mon Nov 11, 2013 2:42 am

Currently we are still adding Switching features for the CRS. Right now you get only basic Switch functionality, but the hardware allows for much more, and new features will be added with every software update.

Please give us examples of the most important switch functions that you want us to make.
- 802.3af POE output on all ports :) With this, it would make an excellent "branch office" router.
- Sane configuration of L2 functions


Thanks!
http://thebrotherswisp.com/ | Mikrotik MTCNA, MTCRE, MTCINE | Fortinet FTCNA, FCNSP, FCT | Extreme Networks ENA
 
rjickity
Member Candidate
Member Candidate
Posts: 212
Joined: Sat Jul 17, 2010 10:40 am
Location: Perth, Australia

Re: Switching with RouterOS / CRS Questions

Mon Nov 11, 2013 3:09 am

I think Omega's comments are a good place to start. The tagging functionality should be straight forward on the CRS, a simple GUI window with Tag, Untag, Forbid options would be good. Alot of vendors have straight forward illustrations of this (HP, Dell and many others).

Some key features I would like to see (many have already been said already) in order to begin using it is:
- L2 VLAN membership management.
- LAG's (LACP, RR various others. LACP is probably the best to start with. HP do these groupings quite well, super simple)
- SVI's/L3 VLAN management for VLAN routing
- Correct use of a FIB + TCAM in the chip ** this to me is probably the main function that the CRS requires.
- 802.1s MSTP
- UDLD
- BDPU detection/protection
- Jumbo frames (i dont know the chip/chips being used and haven't used a CRS yet, may already be supported)

Of course none of the above should go anywhere near that 600Mhz CPU if possible

After basics have been worked out:
- QoS policies (full 802.1p support if possible)
- CoS policies
- ACL's
- LLDP
- IGMP snooping

And when you get your 802.3at spec CRS's out for the corp/ent offices ;):
- LLDP-Med
- 802.1x

Nice to haves :) :
-Wifi (CAPWAP) controller
-Virtual stacking (management and when you get bigger xconnect interfaces maybe even backplane)
-full openflow
 
ropebih
Member Candidate
Member Candidate
Posts: 109
Joined: Tue May 22, 2007 5:35 pm

Re: Switching with RouterOS / CRS Questions

Mon Nov 11, 2013 6:41 pm

We also need port isolation option.
 
misza
just joined
Posts: 5
Joined: Tue Nov 12, 2013 12:14 pm

Re: Switching with RouterOS / CRS Questions

Tue Nov 12, 2013 12:17 pm

Hi

What is the difference between service VLAN i customer VLAN (or VID)?

M.
 
User avatar
lamersons
just joined
Posts: 7
Joined: Tue Dec 11, 2007 10:34 am

Re: Switching with RouterOS / CRS Questions

Tue Nov 12, 2013 2:11 pm

Well, service tag is outer tag and customer tag is inner from qinq perspective.
MTCRE, HuaweiCNP, CCNP RS, CEHv7
 
misza
just joined
Posts: 5
Joined: Tue Nov 12, 2013 12:14 pm

Re: Switching with RouterOS / CRS Questions

Tue Nov 12, 2013 2:18 pm

Thx for info

Anybody configured tagged vlans on CRS125? Example shown here do not work for me: http://wiki.mikrotik.com/wiki/Manual:CRS_examples

Mikrotik guys? When full manual about new switch features will be available?

M.
 
seany
newbie
Posts: 31
Joined: Fri Sep 18, 2009 1:14 pm

Re: Switching with RouterOS / CRS Questions

Thu Nov 14, 2013 5:13 am

Over 5 hours in trying to get this to work too...
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24264
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Switching with RouterOS / CRS Questions

Thu Nov 14, 2013 7:45 am

Please let us know what you are trying to do, and what didn't work exactly.
No answer to your question? How to write posts
 
seany
newbie
Posts: 31
Joined: Fri Sep 18, 2009 1:14 pm

Re: Switching with RouterOS / CRS Questions

Thu Nov 14, 2013 7:08 pm

Please let us know what you are trying to do, and what didn't work exactly.
Hi Normis,

I have attached a badly drawn diagram which should explain what I'm trying to do. Essentially I just want 2x trunk ports and a couple of access ports.
CRS.png
The example on the Wiki just doesn't seem to work. I can't seem to get isolation working and the Ports, VLAN and VLAN Tagging settings in winbox appear to do nothing most of the time (or interact weirdly with other settings).

Eventually, I want the CRS to do some simple L3 routing instead of the RB450G as written in red text - it's not clear how to do this with the CRS.

Thanks for your help.
You do not have the required permissions to view the files attached to this post.
 
seany
newbie
Posts: 31
Joined: Fri Sep 18, 2009 1:14 pm

Re: Switching with RouterOS / CRS Questions

Thu Nov 14, 2013 11:18 pm

Ok, something weird...

I am seeing RX/TX overflows and pauses between the RB450G and CRS. I managed to temporarily fix this, presumably there is some sort of bug.

In /interface ethernet switch vlan, I attempt to set isolation-profile=isolated (through winbox). Upon hitting apply it immediately switches back to promiscuous however the overflows and pauses disappear and throughput jumps from ~7mbit to 'line rate' ~40mbit.

In /interface ethernet switch port, I changed the isolation profile and some other rules for a couple of ports to find they too have now reverted.

I have since somehow managed to get it to revert back to the state where I'm getting overflows and pauses and can no longer fix it by doing what I did above.

Lastly, when I set set forward-invalid-vlan=no I lose all access to the switch. How can I configure it in such a way that things work properly with this set to no?

I'm going to send a supout to support and see where I get.
 
seany
newbie
Posts: 31
Joined: Fri Sep 18, 2009 1:14 pm

Re: Switching with RouterOS / CRS Questions

Fri Nov 15, 2013 11:03 pm

Ok, I figured out why I am getting slow speeds. It's a 10mbit port as part of the switch group (VoIP adapter). Not figured out how to fix it as of yet.
 
ryanhaver
just joined
Posts: 11
Joined: Fri Nov 01, 2013 10:52 pm

Re: Switching with RouterOS / CRS Questions

Sun Nov 17, 2013 7:12 pm

Being huge fan of MT i get almost every MT new product to check it out and to play around. This time i got CSR125 ros6.5, and boy...

after spending 5hours trying to acomplish the most generic switching tasks i felt stupid as faq because i failed:
1. didnt find an easy way to assign vlan to a port or easly configure a trunk link and permit all vlans. The way from examples(to match default VID with a "In.Vlan Tran" rule and to apply a different VID) feels complicated. Couldnt get "VLAN" and "VLAN Tagging" tabs to work at all :(
2. didnt find a way to terminate vlan on a switch(SVI)
3. unclear with STP configuration beeing only for bridge interfaces
4. Lack of documentation on switching functions

Putting my new CSR125 on a shelf for some time, unusable...
I received my CRS on Friday and have been fumbling through different configurations all weekend. I am definitely frustrated with the lack of switching features that aren't there yet, although I am happy that they have committed to adding features with every update. Coming from other hardware/software that I've used in the past I find the current implementation rather convoluted, but I am new to RouterOS so I guess I should expect the learning curve.

I'll be requesting some help with my failed attempts to configure this bad boy! Hopefully I'm overlooking something simple. I'll post in the "Beginner Basics" forum rather than hijack this thread.
 
lashguti
Frequent Visitor
Frequent Visitor
Posts: 79
Joined: Sat Apr 21, 2012 7:42 am

Re: Switching with RouterOS / CRS Questions

Sun Nov 17, 2013 8:31 pm

Well,

Basic L2 managed switch functionality:

1.Vlan access ports ( should be done simply by creating vlan and setting port mode to access and to make it member of this vlan)
2.Vlan trunk ports (should be done by choosing port mode to be trunk)
3.Port isolation (choose with one click)

Advanced L2 switch functionality:
1. to be able exclude vlans from trunk ports(should be done by simply adding/removing vlans from trunk, by default all vlans should be member of the trunk)
2.mac-port binding(and alert administrator on changing incoming src mac on that port and temporary block traffic, Cisco port-security)

L3 switch
1. Inter Vlan routing( create vlans, assign it to interface and set ip address/mask)
2.DHCP server with dynamic arp access-lists
3.make a port L2 or L3 (like cisco command "no switchport")
4. dynamic routing protocol, OSPF or EIGRP would be preferred(I am not sure but heard it is now open for other vendors too)

API should be supported if not now


That's quite simple task, Mikrotik should do it,,
Configurations like now is not logical and is confusing so that you loose motivation to configure such device
 
kitt1977
just joined
Posts: 3
Joined: Mon Nov 11, 2013 4:32 pm

Re: Switching with RouterOS / CRS Questions

Tue Nov 19, 2013 5:00 am

This is the config of my simple managed 3com/hp switch ..

Image
Image
Image

I'm struggling for hours to get this same setup working on my mikrotik ..

Tagged vlans are working fine between mikrotik & esxi or other vlan aware devices ..

But defining acces port ( untagged only ) or hybrid ports ( untagged in different vlan + tagged ) .. i can't figure it out :(

http://wiki.mikrotik.com/wiki/Manual:CRS_examples

Tryed the port based lan several times ( with clean config ) .

I have a VLAN81 on other mikrotik device with DHCP , on the crs VLAN0 ( default vlan ) i have also a DHCP running .

I config the acces port to VLAN81 .. connect a laptop to it and sometimes i get lease from VLAN81 when release and renew i get from VLAN 0 .. ( it really is flipping between 2 vlans ) .

Realy hope Mikrotik comes with a more clear/better way to config vlans .. CRS is a real nice device ..when vlans are working like on a competitor managed switch like we are use to ..

For now i made a bridge for the access ports ( removed ports from switch and bridged them with tagged vlan on masterport ) but then traffic goes over over the CPU ...
 
scampbell
Trainer
Trainer
Posts: 458
Joined: Thu Jun 22, 2006 5:20 am
Location: Wellington, NZ
Contact:

Re: Switching with RouterOS / CRS Questions

Wed Nov 27, 2013 10:26 pm

Along with this it's not really clear how pulling things back to vlan 0 is support to work for configs.

IE:
If I want tagged/trunked vlans 20,30,40 coming in on ether1 and
vlan 20 untagged out ether2
vlan 30 untagged out ether3
vlan 40 untagged out ether4

I would assume I should:
1. accept tagged vlans 20,30,40 on ether1
2. ensure traffic in ether2,ether3,ether4 is tagged as it comes in with the respective vlan (20,30,40)
3. ensure traffic passing out ether2,ether3,ether4 is untagged as it passes out with the respective vlan (20,30,40)

But this does not align with how I configure the ports.
For sure.

I looked at this and would have thought you would use ingress rules for ether2,3 &4 to tag the packets entering the switch (PVID) and egress rules to remove the tags on these ports exiting the switch. To remove the tags via an ingress rule on ether1 seems counter-intuitive ??

The menu has the (normally) expected PORT, VLAN and VLAN Tagging options present but they certainly do not appear to work as one would expect....
 
pingus
newbie
Posts: 34
Joined: Fri Aug 24, 2007 10:04 am

Re: Switching with RouterOS / CRS Questions

Tue Dec 10, 2013 5:13 pm

I usually use Cisco, HP L3/L2 Switches and Fortigates.

I had many hours to find out how to tag a port or how to get a LACP trunk between two devices. Most of what I tried didn't work. Maybe it's me not clever enough, maybe it's not yet implemented (couldn't believe that the first time I read it) and some of it is because the CLI syntax is, I would say, specially.

For me and maybe also for others it would help much if the CLI syntax would be like HP or Cisco to configure those great Mikrotik Switches and Routers.
 
ryanhaver
just joined
Posts: 11
Joined: Fri Nov 01, 2013 10:52 pm

Re: Switching with RouterOS / CRS Questions

Tue Dec 10, 2013 8:06 pm

I usually use Cisco, HP L3/L2 Switches and Fortigates.

I had many hours to find out how to tag a port or how to get a LACP trunk between two devices. Most of what I tried didn't work. Maybe it's me not clever enough, maybe it's not yet implemented (couldn't believe that the first time I read it) and some of it is because the CLI syntax is, I would say, specially.

For me and maybe also for others it would help much if the CLI syntax would be like HP or Cisco to configure those great Mikrotik Switches and Routers.

It isn't properly implemented yet. Currently you need to bridge any LACP (802.3ad) trunks with the master port of any switch group you've configured before they'll work, effectively nullifying any bandwidth improvements and taxing the CRS CPU like crazy. I struggled for hours as well in attempts to get things working. I'll admit that the Mikrotik way, as it stands is very counterintuitive and apparently not yet finished.

Here is a response from Mikrotik on a thread I started where they state that it is not yet implemented: http://forum.mikrotik.com/viewtopic.php ... 37#p396537
 
Moogman
just joined
Posts: 13
Joined: Sat Nov 24, 2012 2:03 am

Re: Switching with RouterOS / CRS Questions

Wed Dec 11, 2013 2:31 pm

I want to buy a CRS for my project.
But i would really need 803.2ad link aggregation.

Setup is:
2x Server with 4x LAN Port in LAG mode for a fault tolerance system with vmware.

Is there a date when this feature will be available?
 
User avatar
CyberTod
Long time Member
Long time Member
Posts: 511
Joined: Wed Jan 25, 2012 10:23 am

Re: Switching with RouterOS / CRS Questions

Sun Dec 22, 2013 12:30 pm

I have a CRS for two days now and I'm even scared to put it in the network.

I want to use it as an L2 switch so when I first connected to it I removed the default configuration which was switching ports 2-24 and using ether1 as wan. Then I upgraded the CRS with the latest router os v6.7
My main concern is that when i go the see the mac-address table (Unicast FDB) a see all entries as invalid. I've tried to reset the configuration a few times and every time it acts differently. Some times I see all entries in vlan42, sometimes in vlan69, i've had one reset where every single mac was shown twice - once in some of these random vlans and once in vlan 0. Keep in mind that the CRS is connected to a vlan unaware switch at the moment so it should not be seeing any vlans and especially these two which are not present in my network at all.
As default the switch is configured as a 'service vlan bridge' and the other option is 'customer vlan bridge' - i can not find any documentation on the difference between the two. When I've changed it to 'customer vlan bridge' in the mac table it sees all macs in vlan 0, but they still show as invalid.

update : I am confused. I downgraded the CRS to v6.5 - The setting of bridge type reverted by itself and again mac address table shows all stations in vlan 42, but at least they are not invalid anymore. I don't see any configuration in the switch for this vlan. I switched to 'customer vlan bridge' from cli and all macs showed in vlan 0. Then I decided to reboot it - after the reboot it is again 'service vlan bridge' with vlan 42. I tried switching the bridge type from winbox and the current state is that I lost all connectivity to the CRS. As I said before I'm afraid now to put it in the network because I am not sure when I will need to do factory reset.
 
nkukard
just joined
Posts: 6
Joined: Tue Sep 16, 2008 3:46 pm
Contact:

Re: Switching with RouterOS / CRS Questions

Wed Jan 08, 2014 8:37 am

In /interface ethernet switch vlan, I attempt to set isolation-profile=isolated (through winbox). Upon hitting apply it immediately switches back to promiscuous
Did you manage to solve this? right now setting ports 2-24 in a group as per the examples ends up in a hub-like behavior with traffic transmitted on all ports for all ports.
AllWorldIT.com - Sponsors and maintainers of opensource radius server SMRadius.
Commercial support, customizations & SLA's available.
 
User avatar
CyberTod
Long time Member
Long time Member
Posts: 511
Joined: Wed Jan 25, 2012 10:23 am

Re: Switching with RouterOS / CRS Questions

Wed Jan 08, 2014 9:41 am

Anyone tried port mirroring ? It doesn't seem to work.
There are 2 mirror targets defined - mirror0 and mirror1 and they default to sending the traffic to cpu. That is exactly what I need so I can 'torch' the traffic on a port i choose. I select both ingress and egress mirroring then go to 'torch' but traffic is not seen. I'm not sure at which port should I look since it is copied to 'cpu'.
I did a test to mirror the traffic to another port and not the cpu, but no traffic goes there.
 
Roberto21
just joined
Posts: 4
Joined: Sat Sep 08, 2007 6:20 pm

Re: Switching with RouterOS / CRS Questions

Sat Jan 18, 2014 5:18 am

good night!

Could anyone teach me how to do the insulation of doors CRS​​?

thank you
 
whoknew
Member Candidate
Member Candidate
Posts: 145
Joined: Wed Oct 13, 2010 8:51 pm

Re: Switching with RouterOS / CRS Questions

Fri Feb 21, 2014 5:58 pm

What exactly did they change in RouterOS to make this a switch over say an RB-2011 etc?
 
ncd
just joined
Posts: 11
Joined: Sun Feb 23, 2014 10:18 pm

Re: Switching with RouterOS / CRS Questions

Sun Feb 23, 2014 11:22 pm

I've a very similar problem to the OP - Has anyone got the CRS to work with two trunk ports? I'm trying to create something like:

routerX ==trunked vlans== CRS125 ==trunked vlans==RB2011

I've created a master port which is effectively the trunk port and then added bridging of that to another but it only seems to traverse traffic in one direction.

ether9 -> master for ether10-24
trunked vlans appear as expected on ether9 when setup as per http://wiki.mikrotik.com/wiki/Manual:CR ... Based_VLAN

If I try and create the second trunk by bridging ether9 to another port (ether8) I see the traffic come in on the trunk, bridged across to ether9 and appear at routerX. In my example I see arp requests make their way from the RB2011 into ether8, bridged to ether9 and appear correctly tagged at routerX which then replies and I see the reply come back in on ether9 (I can see this with /tool/sniffer quick interface=etherX)

Should this work? or is there another better way of creating two identical vlan trunks out of the CRS125? I don't mind if it goes to the CPU to do this.
 
User avatar
AnRkey
Member Candidate
Member Candidate
Posts: 119
Joined: Tue Sep 15, 2009 6:01 pm

Re: Switching with RouterOS / CRS Questions

Wed Mar 19, 2014 11:05 am

What exactly did they change in RouterOS to make this a switch over say an RB-2011 etc?
The CRS has a single switch chip that can handle all ports. Other routers like the 2011 have two switch chips, one for the gigabit ports and one for the fast ethernet ports. On the 2011, there is no way to have all 10 ports on a single master port. The CRS fixes this by giving you 24ether + 1sfp port, all can be used on the same switch chip.

All we need now is for it to work and for them to release a manual so that we know what the hell is going on.
MTCNA
 
User avatar
AnRkey
Member Candidate
Member Candidate
Posts: 119
Joined: Tue Sep 15, 2009 6:01 pm

Re: Switching with RouterOS / CRS Questions

Thu Mar 20, 2014 2:03 pm

For those needing the manual for these switches: http://wiki.mikrotik.com/wiki/Manual:CRS_features

@Mikrotik: The table of contents does not yet list this link. Can you guys update it please?

R
MTCNA
 
asdewq
just joined
Posts: 6
Joined: Mon Apr 12, 2010 9:15 am

Re: Switching with RouterOS / CRS Questions

Tue Apr 01, 2014 11:48 pm

hello all!
for me are needed three functions:
- fully functionally RSTP (HW, no on bridge)
- broadcast storm controll
- loopback detection/protection

is possible to add this futures to Mikrotik CRS? Thanks

Boris
 
PastuhMedvedey
newbie
Posts: 40
Joined: Fri Jan 13, 2012 1:42 pm
Location: Ukraine

Re: Switching with RouterOS / CRS Questions

Wed Apr 02, 2014 2:49 pm

hello all!
for me are needed three functions:
- broadcast storm controll
- loopback detection/protection
is possible to add this futures to Mikrotik CRS? Thanks
Boris
UP !
RB751U-2HnD, RB2011LS, RB1100AH, RB433, RB411GL, RBSXT, CCR1016
 
asdewq
just joined
Posts: 6
Joined: Mon Apr 12, 2010 9:15 am

Re: Switching with RouterOS / CRS Questions

Mon Apr 07, 2014 6:14 pm

Normis, i write my post on 1. April but it wasnt joke :). Please can you write, can or not be added this functions on CRS?.
 
michaelahess
just joined
Posts: 17
Joined: Thu Nov 11, 2010 4:56 am

Re: Switching with RouterOS / CRS Questions

Sat Apr 19, 2014 12:35 am

I spent a few hours now trying to setup vlan tagging on my CRS125-24G-1S-2HnD-IN. See rough sketch below.

I have the default config with minor changes for wireless. I can get a dhcp lease via the wireless interface. I've done the below config's mirroring the example on the site, but when I plug my laptop into port 3, it won't pull an address from my DMZ scope. I want that port untagged, and I want port 7 which goes to a Cisco 1140G access point, tagged as I have two SSID's each on their own vlan from that device. Any help in making this work would be appreciated. I'm also curious, the master port, since so much "stuff" is tied to it, is it best not to use it for anything or can I make sure it's only actually accessible via a single vlan?
CRS Example.jpg
[admin@blackwidow] /interface ethernet> print
Flags: X - disabled, R - running, S - slave 
 #    NAME          MTU MAC-ADDRESS       ARP        MASTER-PORT      SWITCH     
 0 R  1 - WAN      1500 D4:CA:6D:CE:29:22 enabled    none             switch1    
 1 RS 2 - APC ...  1500 D4:CA:6D:CE:29:23 enabled    none             switch1    
 2 RS 3 - Work...  1500 D4:CA:6D:CE:29:24 enabled    2 - APC 1500 ... switch1    
 3  S 4 - KM24...  1500 D4:CA:6D:CE:29:25 enabled    2 - APC 1500 ... switch1    
 4  S 5 - Back...  1500 D4:CA:6D:CE:29:26 enabled    2 - APC 1500 ... switch1    
 5  S 6 - Schw...  1500 D4:CA:6D:CE:29:27 enabled    2 - APC 1500 ... switch1    
 6  S 7 - 1140...  1500 D4:CA:6D:CE:29:28 enabled    2 - APC 1500 ... switch1    
 7  S 8 - Spac...  1500 D4:CA:6D:CE:29:29 enabled    2 - APC 1500 ... switch1    
 8  S 9 - Mike...  1500 D4:CA:6D:CE:29:2A enabled    2 - APC 1500 ... switch1    
 9  S 10 - Eri...  1500 D4:CA:6D:CE:29:2B enabled    2 - APC 1500 ... switch1    
10  S 11 - Vau...  1500 D4:CA:6D:CE:29:2C enabled    2 - APC 1500 ... switch1    
11  S 12 - Ray...  1500 D4:CA:6D:CE:29:2D enabled    2 - APC 1500 ... switch1    
12  S 13 - Liv...  1500 D4:CA:6D:CE:29:2E enabled    2 - APC 1500 ... switch1    
13  S 14 - Bed...  1500 D4:CA:6D:CE:29:2F enabled    2 - APC 1500 ... switch1    
14  S 15 - Bed...  1500 D4:CA:6D:CE:29:30 enabled    2 - APC 1500 ... switch1    
15  S 16 - Del...  1500 D4:CA:6D:CE:29:31 enabled    2 - APC 1500 ... switch1    
16  S ether17-...  1500 D4:CA:6D:CE:29:32 enabled    2 - APC 1500 ... switch1    
17  S ether18-...  1500 D4:CA:6D:CE:29:33 enabled    2 - APC 1500 ... switch1    
18  S ether19-...  1500 D4:CA:6D:CE:29:34 enabled    2 - APC 1500 ... switch1    
19  S ether20-...  1500 D4:CA:6D:CE:29:35 enabled    2 - APC 1500 ... switch1    
20  S ether21-...  1500 D4:CA:6D:CE:29:36 enabled    2 - APC 1500 ... switch1    
21  S ether22-...  1500 D4:CA:6D:CE:29:37 enabled    2 - APC 1500 ... switch1    
22  S ether23-...  1500 D4:CA:6D:CE:29:38 enabled    2 - APC 1500 ... switch1    
23  S ether24-...  1500 D4:CA:6D:CE:29:39 enabled    2 - APC 1500 ... switch1    
24 XS sfp1-gat...  1500 D4:CA:6D:CE:29:3A enabled    none             switch1


[admin@blackwidow] /interface ethernet switch egress-vlan-tag> print
Flags: X - disabled, I - invalid, D - dynamic 
 #   VLAN-ID TAGGED-PORTS                                             
 0 D    4095
 1       100 switch1-cpu                                              
 2       300 switch1-cpu                                              
 3       400 switch1-cpu


[admin@blackwidow] /interface ethernet switch ingress-vlan-translation>
Flags: X - disabled, I - invalid, D - dynamic 
 0   ports=3 - Workbench service-vlan-format=any customer-vlan-format=a
     new-customer-vid=300 pcp-propagation=no sa-learning=yes 

 1   ports=7 - 1140G - AP service-vlan-format=any customer-vlan-format=
     new-customer-vid=100 pcp-propagation=no sa-learning=yes 

 2   ports=7 - 1140G - AP service-vlan-format=any customer-vlan-format=
     new-customer-vid=400 pcp-propagation=no sa-learning=yes 

 3 D ports=1 - WAN,sfp1-gateway service-vlan-format=any customer-vlan-f
     new-customer-vid=0 pcp-propagation=no sa-learning=no


[admin@blackwidow] /interface vlan> print
Flags: X - disabled, R - running, S - slave 
 #    NAME                      MTU ARP        VLAN-ID INTERFACE                   
 0 R  vlan100                  1500 enabled        100 2 - APC 1500 - UPS          
 1 R  vlan300                  1500 enabled        300 2 - APC 1500 - UPS          
 2 R  vlan400                  1500 enabled        400 2 - APC 1500 - UPS


[admin@blackwidow] /ip address> print
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         INTERFACE                                  
 0   ;;; default configuration
     192.168.88.1/24    192.168.88.0    2 - APC 1500 - UPS                         
 1   10.51.25.1/24      10.51.25.0      vlan300                                    
 2 X 10.54.25.1/24      10.54.25.0      vlan100                                    
 3   10.52.25.1/24      10.52.25.0      vlan400                                    
 4 D 10.54.25.33/24     10.54.25.0      1 - WAN

[admin@blackwidow] /interface ethernet switch vlan> print
Flags: X - disabled, I - invalid, D - dynamic 
 #   VLAN-ID PORTS             SVL LEARN FLOOD INGRESS-MIRRO
 0 D    4095 1 - WAN           no  no    no    no           
             sfp1-gateway     
             switch1-cpu      
 1       300 3 - Workbench     no  yes   no    no           
             switch1-cpu      
 2       100 7 - 1140G - AP    no  yes   no    no           
             switch1-cpu      
 3       400 7 - 1140G - AP    no  yes   no    no           
             switch1-cpu


[admin@blackwidow] /interface ethernet switch> print
                                                     name: switch1
                                                     type: QCA-8513L
                                              bridge-type: customer-vid-used-as-lo
                                                           okup-vid
                      drop-if-no-vlan-assignment-on-ports: 
  drop-if-invalid-or-src-port-not-member-of-vlan-on-ports: 
                                 unknown-vlan-lookup-mode: svl
                                     forward-unknown-vlan: no
                          use-svid-in-one2one-vlan-lookup: no
                          use-cvid-in-one2one-vlan-lookup: yes
                                      mac-level-isolation: yes
                                    multicast-lookup-mode: dst-ip-and-vid-for-ipv4
                         override-existing-when-ufdb-full: no
                                      unicast-fdb-timeout: 5m
                                          ingress-mirror0: switch1-cpu,unmodified
                                          ingress-mirror1: switch1-cpu,unmodified
                                     ingress-mirror-ratio: 1/1
                                           egress-mirror0: switch1-cpu,modified
                                           egress-mirror1: switch1-cpu,modified
                                      egress-mirror-ratio: 1/1
                                                 fdb-uses: mirror0
                                                vlan-uses: mirror0
                        mirror-egress-if-ingress-mirrored: no
                                 mirror-tx-on-mirror-port: no
                             mirrored-packet-qos-priority: 0
                          mirrored-packet-drop-precedence: green
                           bypass-vlan-ingress-filter-for: 
                         bypass-ingress-port-policing-for: 
                      bypass-l2-security-check-filter-for:

[admin@blackwidow] /ip dhcp-server> print
Flags: X - disabled, I - invalid 
 #   NAME       INTERFACE      RELAY           ADDRESS-POOL      LEASE-TIME ADD-ARP
 0   default    bridge-local                   dhcp              3d        
 1   DHCP-DMZ   vlan300                        DMZ_DHCP_Pool     1d        
 2 X DHCP-LAN   (unknown)                      LAN_DHCP_Pool     3d        
 3   DHCP-Guest vlan400                        Guest_DHCP_Pool   1d
You do not have the required permissions to view the files attached to this post.
 
ners
Frequent Visitor
Frequent Visitor
Posts: 99
Joined: Tue Mar 12, 2013 4:30 pm

Re: Switching with RouterOS / CRS Questions

Mon Apr 21, 2014 11:08 am

Has anyone figured out how to set ip a management IP on a CRS in the native VLAN?

Simply adding an IP to the physical master port is not enough, apparently.

172.16.16.8 is unpingable and no other hosts in the network see 172.16.16.8.
the ARP table is also empty.

ros code

/ip address
add address=172.16.16.8/24 interface=ether24 network=172.16.16.0
[admin@MikroTik] /ip address> /int ether exp
# jan/06/2002 03:19:38 by RouterOS 6.12
# software id = IKDF-GH6M
#
/interface ethernet
set [ find default-name=sfp1 ] master-port=ether24
set [ find default-name=ether1 ] master-port=ether24
set [ find default-name=ether2 ] master-port=ether24
set [ find default-name=ether3 ] master-port=ether24
set [ find default-name=ether4 ] master-port=ether24
set [ find default-name=ether5 ] master-port=ether24
set [ find default-name=ether6 ] master-port=ether24
set [ find default-name=ether7 ] master-port=ether24
set [ find default-name=ether8 ] master-port=ether24
set [ find default-name=ether9 ] master-port=ether24
set [ find default-name=ether10 ] master-port=ether24
set [ find default-name=ether11 ] master-port=ether24
set [ find default-name=ether12 ] master-port=ether24
set [ find default-name=ether13 ] master-port=ether24
set [ find default-name=ether14 ] master-port=ether24
set [ find default-name=ether15 ] master-port=ether24
set [ find default-name=ether16 ] master-port=ether24
set [ find default-name=ether17 ] master-port=ether24
set [ find default-name=ether18 ] master-port=ether24
set [ find default-name=ether19 ] master-port=ether24
set [ find default-name=ether20 ] master-port=ether24
set [ find default-name=ether21 ] master-port=ether24
set [ find default-name=ether22 ] master-port=ether24
set [ find default-name=ether23 ] master-port=ether24
/interface ethernet switch
set drop-if-invalid-or-src-port-not-member-of-vlan-on-ports="ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,\
    ether11,ether12,ether13,ether14,ether15,ether16,ether17,ether18,ether19,ether20,ether21,ether22,ether23,ether24" \
    forward-unknown-vlan=no
/interface ethernet switch egress-vlan-tag
add tagged-ports=ether24 vlan-id=59
/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=59 ports=ether1 sa-learning=yes
/interface ethernet switch vlan
add ports=ether1,ether24 vlan-id=59
 
becs
MikroTik Support
MikroTik Support
Posts: 479
Joined: Thu Jul 07, 2011 8:26 am

Re: Switching with RouterOS / CRS Questions

Tue Apr 22, 2014 11:40 am

michaelahess,

The follwing Cloud Router Switch configuration should be applied for your setup:

1) Add VLAN tagging on CPU port and ether7 port according to diagram:
/interface ethernet switch egress-vlan-tag
add tagged-ports=ether7-slave-local,switch1-cpu vlan-id=100
add tagged-ports=switch1-cpu vlan-id=300
add tagged-ports=ether7-slave-local,switch1-cpu vlan-id=400
2) Ingress VLAN translation rules are necessary only on VLAN access ports to define initial VLAN assigment for untagged packets:
/interface ethernet switch ingress-vlan-translation
add customer-vlan-format=untagged-or-tagged new-customer-vid=100 ports=\
    ether2-master-local,ether4-slave-local,ether5-slave-local,ether6-slave-local,ether8-slave-local,ether9-slave-local,ether10-slave-local sa-learning=\
    yes service-vlan-format=untagged-or-tagged
add customer-vlan-format=untagged-or-tagged new-customer-vid=300 ports=ether3-slave-local sa-learning=yes service-vlan-format=untagged-or-tagged
3) For security disable invalid VLAN forwarding globally or on each port separately like this:
/interface ethernet switch
set drop-if-invalid-or-src-port-not-member-of-vlan-on-ports="ether2-master-local,ether3-slave-local,ether4-slave-local,ether5-slave-local,ether6-slave-lo\
    cal,ether7-slave-local,ether8-slave-local,ether9-slave-local,ether10-slave-local"
4) VLAN table should contain all ports which accept particular VLAN as valid:
/interface ethernet switch vlan
add ports="ether2-master-local,ether4-slave-local,ether5-slave-local,ether6-slave-local,ether7-slave-local,ether8-slave-local,ether9-slave-local,ether10-\
    slave-local,switch1-cpu" vlan-id=100
add ports=ether3-slave-local,switch1-cpu vlan-id=300
add ports=ether7-slave-local,switch1-cpu vlan-id=400
 
becs
MikroTik Support
MikroTik Support
Posts: 479
Joined: Thu Jul 07, 2011 8:26 am

Re: Switching with RouterOS / CRS Questions

Tue Apr 22, 2014 11:41 am

ners,

You should add a VLAN interface to master-port in RouterOS and add IP address to it.
From switch point there is switch1-cpu port, not the master-port.
/interface vlan add name=vlan59 vlan-id=59 interface=ether24
/interface ethernet switch egress-vlan-tag
add tagged-ports=switch1-cpu vlan-id=59
/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=59 ports=ether1 sa-learning=yes
/interface ethernet switch vlan
add ports=ether1,switch1-cpu vlan-id=59
 
ners
Frequent Visitor
Frequent Visitor
Posts: 99
Joined: Tue Mar 12, 2013 4:30 pm

Re: Switching with RouterOS / CRS Questions

Tue Apr 22, 2014 12:49 pm

ners,

You should add a VLAN interface to master-port in RouterOS and add IP address to it.
From switch point there is switch1-cpu port, not the master-port.
/interface vlan add name=vlan59 vlan-id=59 interface=ether24
/interface ethernet switch egress-vlan-tag
add tagged-ports=switch1-cpu vlan-id=59
/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=59 ports=ether1 sa-learning=yes
/interface ethernet switch vlan
add ports=ether1,switch1-cpu vlan-id=59
But my management IPs reside not in a VLAN, but rather in the native VLAN, which is not a 802.1q VLAN at all, it is just normal untagged traffic, this is why I put the IP address on the physical master-port (ether24 in my case).
[admin@MikroTik] /ip address> set 0 interface=switch1-cpu
input does not match any value of interface
I can only add IPs to physical ports or VLANs.
Last edited by ners on Tue Apr 22, 2014 12:53 pm, edited 2 times in total.
 
ners
Frequent Visitor
Frequent Visitor
Posts: 99
Joined: Tue Mar 12, 2013 4:30 pm

Re: Switching with RouterOS / CRS Questions

Tue Apr 22, 2014 12:52 pm

michaelahess,

The follwing Cloud Router Switch configuration should be applied for your setup:

3) For security disable invalid VLAN forwarding globally or on each port separately like this:
/interface ethernet switch
set drop-if-invalid-or-src-port-not-member-of-vlan-on-ports="ether2-master-local,ether3-slave-local,ether4-slave-local,ether5-slave-local,ether6-slave-lo\
    cal,ether7-slave-local,ether8-slave-local,ether9-slave-local,ether10-slave-local"
How do you disable it globally, without listing each individual port in the "drop-if-invalid-or-src-port-not-member-of-vlan-on-ports" setting?
 
becs
MikroTik Support
MikroTik Support
Posts: 479
Joined: Thu Jul 07, 2011 8:26 am

Re: Switching with RouterOS / CRS Questions

Tue Apr 22, 2014 1:27 pm

But my management IPs reside not in a VLAN, but rather in the native VLAN, which is not a 802.1q VLAN at all, it is just normal untagged traffic, this is why I put the IP address on the physical master-port (ether24 in my case).
IP address on the master-port is correct for untagged traffic, but in that case you need to ensure untagged traffic is not being filtered as invalid VLAN.
VLAN 0 needs to be added in switch-chip VLAN table.
/interface ethernet switch vlan
add vlan-id=0 ports=ether1,ether2,...,switch1-cpu
How do you disable it globally, without listing each individual port in the "drop-if-invalid-or-src-port-not-member-of-vlan-on-ports" setting?
/interface ethernet switch set forward-unknown-vlan=no
 
ners
Frequent Visitor
Frequent Visitor
Posts: 99
Joined: Tue Mar 12, 2013 4:30 pm

Re: Switching with RouterOS / CRS Questions

Tue Apr 22, 2014 2:17 pm

But my management IPs reside not in a VLAN, but rather in the native VLAN, which is not a 802.1q VLAN at all, it is just normal untagged traffic, this is why I put the IP address on the physical master-port (ether24 in my case).
IP address on the master-port is correct for untagged traffic, but in that case you need to ensure untagged traffic is not being filtered as invalid VLAN.
VLAN 0 needs to be added in switch-chip VLAN table.
/interface ethernet switch vlan
add vlan-id=0 ports=ether1,ether2,...,switch1-cpu
How do you disable it globally, without listing each individual port in the "drop-if-invalid-or-src-port-not-member-of-vlan-on-ports" setting?
/interface ethernet switch set forward-unknown-vlan=no
I did exactly that and now the switch will not pass traffic anymore and will not let me see the configuration (reboot does not help):

ros code

[admin@MikroTik] > /int ethernet
[admin@MikroTik] /interface ethernet> switch
[admin@MikroTik] /interface ethernet switch> exp
# jan/02/1970 00:00:26 by RouterOS 6.12
# software id = IKDF-GH6M
#
#error exporting /interface ethernet switch
#interrupted
[admin@MikroTik] /interface ethernet switch> print

action timed out - try again, if error continues contact MikroTik support and send a supout file (13)
[admin@MikroTik] /interface ethernet switch>
I will be resetting the configuration and configuring everything from scratch again :-/
 
ners
Frequent Visitor
Frequent Visitor
Posts: 99
Joined: Tue Mar 12, 2013 4:30 pm

Re: Switching with RouterOS / CRS Questions

Tue Apr 22, 2014 2:40 pm

After resetting the configuration and configuring it from scratch it hangs again after issuing /export and also does not pass any traffic:

The configuration is as following:

ros code

/interface ethernet
set [ find default-name=sfp1 ] master-port=ether24
set [ find default-name=ether1 ] master-port=ether24
set [ find default-name=ether2 ] master-port=ether24
set [ find default-name=ether3 ] master-port=ether24
set [ find default-name=ether4 ] master-port=ether24
set [ find default-name=ether5 ] master-port=ether24
set [ find default-name=ether6 ] master-port=ether24
set [ find default-name=ether7 ] master-port=ether24
set [ find default-name=ether8 ] master-port=ether24
set [ find default-name=ether9 ] master-port=ether24
set [ find default-name=ether10 ] master-port=ether24
set [ find default-name=ether11 ] master-port=ether24
set [ find default-name=ether12 ] master-port=ether24
set [ find default-name=ether13 ] master-port=ether24
set [ find default-name=ether14 ] master-port=ether24
set [ find default-name=ether15 ] master-port=ether24
set [ find default-name=ether16 ] master-port=ether24
set [ find default-name=ether17 ] master-port=ether24
set [ find default-name=ether18 ] master-port=ether24
set [ find default-name=ether19 ] master-port=ether24
set [ find default-name=ether20 ] master-port=ether24
set [ find default-name=ether21 ] master-port=ether24
set [ find default-name=ether22 ] master-port=ether24
set [ find default-name=ether23 ] master-port=ether24
/interface ethernet switch
set forward-unknown-vlan=no
/interface ethernet switch egress-vlan-tag
add tagged-ports=ether24 vlan-id=59
/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=59 ports=ether1 sa-learning=yes
/interface ethernet switch vlan
add ports=ether24,switch1-cpu
add ports=ether1,ether24 vlan-id=59
/ip address
add address=172.16.16.8/24 interface=ether24
 
michaelahess
just joined
Posts: 17
Joined: Thu Nov 11, 2010 4:56 am

Re: Switching with RouterOS / CRS Questions

Tue Apr 22, 2014 6:08 pm

michaelahess,

The following Cloud Router Switch configuration should be applied for your setup:

...
Thanks becs! I'll try this when I get home tonight. One thing I'm still worried about though, the master port of the switch group, is it best to not actually use that port for a real link since it has all that other "stuff" on it?
 
michaelahess
just joined
Posts: 17
Joined: Thu Nov 11, 2010 4:56 am

Re: Switching with RouterOS / CRS Questions

Wed Apr 23, 2014 7:15 pm

Still not working. I applied a dhcp server to vlan300 but when I plug a laptop into port 3 I get nothing, like literally no packets coming to the laptop. I verified the port works fine with the laptop when on the default bridge with it's dhcp server. Do I need to do anything with the vlan tab on the ethernet section? Can I apply the dhcp server to port 3 maybe?
 
mcdebugger
newbie
Posts: 49
Joined: Mon Oct 03, 2011 11:10 am

Re: Switching with RouterOS / CRS Questions

Sat Jul 12, 2014 1:42 pm

Is L3 switching planned? I mean wire speed L3 switching or at least on-switch-chip arp proxying that is fast as a demon?
Really nice to see it on aggregation to enable fast switching between clients sitting each on his own vlan.
 
xcom
Frequent Visitor
Frequent Visitor
Posts: 80
Joined: Sat Jul 05, 2014 8:59 pm

Re: Switching with RouterOS / CRS Questions

Sat Jul 12, 2014 7:03 pm

michaelahess,

The following Cloud Router Switch configuration should be applied for your setup:

...
Thanks becs! I'll try this when I get home tonight. One thing I'm still worried about though, the master port of the switch group, is it best to not actually use that port for a real link since it has all that other "stuff" on it?

I see your post is old and so is this thread so I suppose you gave up?

My setup is similar to yours except I got two gateways. one goes to my firewall/dchp server and one goes out through the CSR gateway port 1.

I cant make the switch hand out ip's on my vlan10.
 
carlo1980
just joined
Posts: 4
Joined: Mon Jun 23, 2014 10:58 am

Re: Switching with RouterOS / CRS Questions

Tue Jul 15, 2014 12:38 pm

I want to buy a CRS 125 for my home.

I seen CRS125 has 8513L switch chip, but i haven't found any information about host table , rule table e vlan table in hardware like AR8327, AR8316 ?. Does Crs125 support in future for L3 hardware or the switch chip dont support function?
 
xcom
Frequent Visitor
Frequent Visitor
Posts: 80
Joined: Sat Jul 05, 2014 8:59 pm

Re: Switching with RouterOS / CRS Questions

Thu Jul 17, 2014 4:00 pm

michaelahess,

The following Cloud Router Switch configuration should be applied for your setup:

...
Thanks becs! I'll try this when I get home tonight. One thing I'm still worried about though, the master port of the switch group, is it best to not actually use that port for a real link since it has all that other "stuff" on it?

I see your post is old and so is this thread so I suppose you gave up?

My setup is similar to yours except I got two gateways. one goes to my firewall/dchp server and one goes out through the CSR gateway port 1.

I cant make the switch hand out ip's on my vlan10.

I wanted to report that I fixed my issue.
All is working well now.

Thanks!
 
User avatar
yarda
Frequent Visitor
Frequent Visitor
Posts: 73
Joined: Tue May 22, 2007 4:58 pm
Location: Czech Republic - Southern Bohemia
Contact:

Re: Switching with RouterOS / CRS Questions

Fri Aug 08, 2014 10:12 am

After resetting the configuration and configuring it from scratch it hangs again after issuing /export and also does not pass any traffic:

The configuration is as following:

ros code

/interface ethernet
set [ find default-name=sfp1 ] master-port=ether24
set [ find default-name=ether1 ] master-port=ether24
set [ find default-name=ether2 ] master-port=ether24
set [ find default-name=ether3 ] master-port=ether24
set [ find default-name=ether4 ] master-port=ether24
set [ find default-name=ether5 ] master-port=ether24
set [ find default-name=ether6 ] master-port=ether24
set [ find default-name=ether7 ] master-port=ether24
set [ find default-name=ether8 ] master-port=ether24
set [ find default-name=ether9 ] master-port=ether24
set [ find default-name=ether10 ] master-port=ether24
set [ find default-name=ether11 ] master-port=ether24
set [ find default-name=ether12 ] master-port=ether24
set [ find default-name=ether13 ] master-port=ether24
set [ find default-name=ether14 ] master-port=ether24
set [ find default-name=ether15 ] master-port=ether24
set [ find default-name=ether16 ] master-port=ether24
set [ find default-name=ether17 ] master-port=ether24
set [ find default-name=ether18 ] master-port=ether24
set [ find default-name=ether19 ] master-port=ether24
set [ find default-name=ether20 ] master-port=ether24
set [ find default-name=ether21 ] master-port=ether24
set [ find default-name=ether22 ] master-port=ether24
set [ find default-name=ether23 ] master-port=ether24
/interface ethernet switch
set forward-unknown-vlan=no
/interface ethernet switch egress-vlan-tag
add tagged-ports=ether24 vlan-id=59
/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=59 ports=ether1 sa-learning=yes
/interface ethernet switch vlan
add ports=ether24,switch1-cpu
add ports=ether1,ether24 vlan-id=59
/ip address
add address=172.16.16.8/24 interface=ether24

How did you solve your problem? I have same problem. Freezing CRS on export. It freeze on bridge section. CPU 100%. By profile it look on ipsec service on ROS 6.10 or managment on 6.17. If I take snmpwalk on CRS it freeze on 100% CPU. By profile on ROS 6.10 it is on ipsec too.
 
hamid1626
just joined
Posts: 2
Joined: Fri Aug 27, 2010 2:43 pm

Re: Switching with RouterOS / CRS Questions

Wed Feb 11, 2015 6:58 pm

Hi all
I have a scenario with crs126 with cloud router 1009
We have some wireless device on the tower that connected to Ethernet port in crs 126
mikrotik switch connected with one cable to mikrotik router in server room

how to configure crs126 that Ethernet port be isolated but have connectivity with router mikrotik 1009
http://wiki.mikrotik.com/wiki/Manual:CRS_features
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 1743
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: Switching with RouterOS / CRS Questions

Sun May 10, 2015 11:01 pm

hello all!
for me are needed three functions:
- broadcast storm controll
- loopback detection/protection
is possible to add this futures to Mikrotik CRS? Thanks
Boris
UP !
broadcast storm can be do with ingress policy

http://wiki.mikrotik.com/wiki/Manual:CR ... rm_Control

enabling on port configuration "drop dynamic mac move" prevents unicast fdb poisoning
 
User avatar
SoundGuyFYI
Frequent Visitor
Frequent Visitor
Posts: 74
Joined: Wed Jun 05, 2013 12:43 am

Re: Switching with RouterOS / CRS Questions

Tue May 19, 2015 5:45 am

Currently we are still adding Switching features for the CRS. Right now you get only basic Switch functionality, but the hardware allows for much more, and new features will be added with every software update.

Please give us examples of the most important switch functions that you want us to make.
I know this is probably already in the works but I really would like to see LAG implemented soon in the CRS.

Mainly I would like to see the matching options from the MikroTik bonding options. Secondly the complete 802.3ad support.

Is there any update on this?
Sound Guy FYI
 
strelokr
just joined
Posts: 16
Joined: Wed Dec 09, 2015 12:11 pm
Location: Ukraine

Re: Switching with RouterOS / CRS Questions

Tue Jan 26, 2016 3:16 pm

hello all!
for me are needed three functions:
- broadcast storm controll
- loopback detection/protection
is possible to add this futures to Mikrotik CRS? Thanks
Boris
UP !
Append to "chechito" message
Read here http://forum.mikrotik.com/viewtopic.php ... 20#p517620
 
User avatar
alexap
Frequent Visitor
Frequent Visitor
Posts: 65
Joined: Thu Nov 05, 2015 3:20 pm

Re: Switching with RouterOS / CRS Questions

Wed Feb 17, 2016 3:26 pm

to today's date possible stp hardware switch?
 
alexjhart
Member Candidate
Member Candidate
Posts: 192
Joined: Thu Jan 20, 2011 8:03 pm

Re: Switching with RouterOS / CRS Questions

Wed Jul 20, 2016 6:27 pm

Currently we are still adding Switching features for the CRS. Right now you get only basic Switch functionality, but the hardware allows for much more, and new features will be added with every software update.

Please give us examples of the most important switch functions that you want us to make.
How many more updates until we will see spanning tree support?
-----
Alex Hart

The Brothers WISP
 
User avatar
alexap
Frequent Visitor
Frequent Visitor
Posts: 65
Joined: Thu Nov 05, 2015 3:20 pm

Re: Switching with RouterOS / CRS Questions

Fri Sep 09, 2016 5:01 am

when spanning tree support?
 
User avatar
ploquets
Member Candidate
Member Candidate
Posts: 128
Joined: Tue Nov 17, 2015 12:49 pm
Location: Uruguaiana, RS, Brazil
Contact:

Re: Switching with RouterOS / CRS Questions

Tue Mar 07, 2017 11:23 pm

But my management IPs reside not in a VLAN, but rather in the native VLAN, which is not a 802.1q VLAN at all, it is just normal untagged traffic, this is why I put the IP address on the physical master-port (ether24 in my case).
Did you solve this problem ? I'm trying to acheive exactly the same.


EDIT:
Here is the magic.

Now it works.

/interface ethernet switch vlan
add ports=$masterport,switch1-cpu vlan-id=0

/ip address add address=$ip-you-want interface=$masterport
Last edited by ploquets on Wed Mar 08, 2017 10:48 pm, edited 1 time in total.
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 1743
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: Switching with RouterOS / CRS Questions

Wed Mar 08, 2017 12:10 am

Recently i had to board this topic in a config and finally i think i understand how this work:
i will try to do this as a tutorial with 3 vlans for integrated switch on hap and rb951 series not for CRS, this tutorial was tested on rb951ui rb951g and hap lite and works ok:

In this case ether1 is the master port for ether2 to ether5

1. On switch add vlan0 with VID 0 as your native vlan, i chose vlan0 but it can be any number you want, add all ports you want to work with that vlan as native vlan and the switch cpu port to ensure management and default gateway functionality of the router for that vlan, in my case i want the native vlan to work on all ports
switch 1.jpg
2. add any other vlan you need and add the ports where you want that vlan to work (tagged) in and the switch cpu port to ensure management and default gateway functionality of the router for that vlan, in my case i added vlan10 with VID 10 and vlan 20 with VID 20 only want ether1 and switch cpu to be in that vlan, ether1 will be like the trunk port
switch2.jpg
switch3.jpg
Continue in next post i cannot add more images
You do not have the required permissions to view the files attached to this post.
Last edited by chechito on Wed Mar 08, 2017 12:30 am, edited 2 times in total.
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 1743
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: Switching with RouterOS / CRS Questions

Wed Mar 08, 2017 12:20 am

continuing:

my vlan list looks like this:
switch4.jpg
now configure the ports:
switch5.jpg
First thing to do is configure native vlan as default vlan on all ports you want, including switch cpu port in this case all ports use vlan0 as native vlan.
Then configure vlan header= always strip on accessports using only one vlan for end devices in this case ether2 to ether5
Configure vlan header= leave as is on trunk ports and switch cpu port, in this case ether1 is a trunk
and finally configure vlan mode=secure to enforce your configuration

Now add your vlan interfaces to configure router ip address using master port of the switch as the physical interface for this vlans:
switch6.jpg
from now on you can do what you want with your vlans, for example add a vlan to a bridge to another interface like virtual ap to use this vlan on a separate wireless lan, or configure dhcp server etc etc.

i invested several hours trying to understand this, i hope this can help somebody to do vlans quickly and take advantage of this nice functionality.

any doubt, errata or comment please comment i will be happy to answer
You do not have the required permissions to view the files attached to this post.
 
ik3umt
Member Candidate
Member Candidate
Posts: 248
Joined: Tue Jul 08, 2014 3:58 pm

Re: Switching with RouterOS / CRS Questions

Thu Mar 09, 2017 10:23 am

I join this post as I'm trying to setup Vlans on CRS125

Summarizing. if I'm right there are these steps to follow:

1: declare untagged (access) ports , I've seen three methods to do it :

/interface ethernet switch ingress-vlan-translation
add ports=ether6 customer-vid=0 new-customer-vid=200 sa-learning=yes
(crs wiki)

/interface ethernet switch ingress-vlan-translation
add ports=ether6 new-customer-vid=200 sa-learning=yes
(many internet examples)

/interface ethernet switch ingress-vlan-translation
add ports=ether6 customer-vlan-format=untagged-or-tagged new-customer-vid=200 sa-learning=yes service-vlan-format=untagged-or-tagged
(becs suggestion on this post)

What's the best one ?

2: declared tagged port(s) for Vlan trunk :

/interface ethernet switch egress-vlan-tag
add tagged-ports=ether2 vlan-id=200
add tagged-ports=ether2 vlan-id=300
add tagged-ports=ether2 vlan-id=400
(crs wiki)

3: declare Vlan membership definitions :

/interface ethernet switch vlan
add ports=ether2,ether6 vlan-id=200 learn=yes
add ports=ether2,ether7 vlan-id=300 learn=yes
add ports=ether2,ether8 vlan-id=400 learn=yes
(crs wiki)

4: if inter-vlan routing or Vlan to wan routing is needed, add switch1-cpu port to tagged vlan and create the Vlan interface with its own ip address :

/interface ethernet switch egress-vlan-tag
add tagged-ports=switch1-cpu vlan-id=200
add tagged-ports=switch1-cpu vlan-id=300
add tagged-ports=switch1-cpu vlan-id=400
/interface vlan
add name=vlan200 interface=ether2 vlan-id=200
add name=vlan300 interface=ether2 vlan-id=300
add name=vlan400 interface=ether2 vlan-id=400
/ip address
add address=192.168.20.1/24 interface=vlan200 network=192.168.20.0
add address=192.168.30.1/24 interface=vlan300 network=192.168.30.0
add address=192.168.40.1/24 interface=vlan400 network=192.168.40.0
(crs wiki)

Just two questions please:

What are the purpose of the following declarations , as I have the system working without them ??

/interface ethernet switch vlan
add ports=ether2,ether6 vlan-id=200 learn=yes
add ports=ether2,ether7 vlan-id=300 learn=yes
add ports=ether2,ether8 vlan-id=400 learn=yes


/interface ethernet switch
set drop-if-invalid-or-src-port-not-member-of-vlan-on-ports=ether2,ether6,ether7,ether8

(or)
/interface ethernet switch
set forward-unknown-vlan=no



Thank you
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 1743
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: Switching with RouterOS / CRS Questions

Thu Mar 09, 2017 6:29 pm

i have not configured CRS since 2015 i dont remember very well

i remember you need to uncheck the option forward invalid vlans on switch settings --> vlan tab be carefull you can lost management!!!

that's the way you know if your config are filtering vlas in appropiate way or not, be careful you can lost management
 
chenier
just joined
Posts: 10
Joined: Wed Dec 23, 2009 3:42 pm

Re: Switching with RouterOS / CRS Questions

Tue Apr 25, 2017 4:19 am

But my management IPs reside not in a VLAN, but rather in the native VLAN, which is not a 802.1q VLAN at all, it is just normal untagged traffic, this is why I put the IP address on the physical master-port (ether24 in my case).
Did you solve this problem ? I'm trying to acheive exactly the same.


EDIT:
Here is the magic.

Now it works.

/interface ethernet switch vlan
add ports=$masterport,switch1-cpu vlan-id=0

/ip address add address=$ip-you-want interface=$masterport
My problem:
Native vlan Management network
Master port is in a bridge so the CRS wifi will work properly with CAPSMAN. However, with a recent update, I
can no longer add a DHCP client on the Master port because my master port is slave to the bridge, and I cannot get cpu management to pass to bridge IP

Ideas on how to solve? I believe I a) need bridge to pass traffic to CAP b) can no longer pass cpu management to bridge IP from switch port but c) cannot create management IP on master port as it is slave to the bridge. So stuck since one of the recent updates. Ideas?

p.s. I've managed to lock myself out of switch management on one of my CRS109s after a software update because of this. It is still performing well otherwise while I figure this out.
 
User avatar
AnRkey
Member Candidate
Member Candidate
Posts: 119
Joined: Tue Sep 15, 2009 6:01 pm

Re: Switching with RouterOS / CRS Questions

Tue Apr 25, 2017 5:37 pm

The master Ethernet port for your switch is a slave to the software bridge as far as I can understand from your post. To fix DHCP, change DHCP server to run from the bridge interface.
MTCNA
 
chenier
just joined
Posts: 10
Joined: Wed Dec 23, 2009 3:42 pm

Re: Switching with RouterOS / CRS Questions

Fri Apr 28, 2017 4:25 am


My problem:
Native vlan Management network
Master port is in a bridge so the CRS wifi will work properly with CAPSMAN. However, with a recent update, I
can no longer add a DHCP client on the Master port because my master port is slave to the bridge, and I cannot get cpu management to pass to bridge IP

Ideas on how to solve? I believe I a) need bridge to pass traffic to CAP b) can no longer pass cpu management to bridge IP from switch port but c) cannot create management IP on master port as it is slave to the bridge. So stuck since one of the recent updates. Ideas?

p.s. I've managed to lock myself out of switch management on one of my CRS109s after a software update because of this. It is still performing well otherwise while I figure this out.
I have figured out my problem. All is working well now. I had a couple config errors in the switch chip setup.
a) I was over-using the /interface ethernet switch egress-vlan-tag -- This only needs to be added for trunk ports when the switch has an edge port for that vlan and is not required for pass through vlans or when you have a virtual AP controlled by CAPSMAN
b) I was including switch1-cpu when it should not be in /interface ethernet switch set drop-if-invalid-or-src-port-not-member-of-vlan-on-ports=...

My setup: CRS109 with wireless setup as CAP with multiple vlans/vAPs, all ports switched, first 4 ports and sfp as pass through trunk ports and last 4 ethernet ports as edge ports for one of the vlans. Management network on native or vlan0

My setup looks like:
/interface bridge
add name=bridge1

/ip dhcp-client
disabled=no interface=bridge1

/interface wireless cap 
set bridge=bridge1 caps-man-addresses=10.20.0.1 enabled=yes interfaces=wlan1

/interface ethernet
set [ find default-name=ether2 ] name=ether2m
set [ find default-name=ether3 ] master-port=ether2m
set [ find default-name=ether4 ] master-port=ether2m
set [ find default-name=ether5 ] master-port=ether2m
set [ find default-name=ether6 ] master-port=ether2m
set [ find default-name=ether7 ] master-port=ether2m
set [ find default-name=ether8 ] master-port=ether2m
set [ find default-name=sfp1 ] master-port=ether2m
set [ find default-name=ether1 ] master-port=ether2m

/interface bridge port
add bridge=bridge1 interface=ether2m
add bridge=bridge1 interface=wlan1

/interface ethernet switch vlan
add ports=ether1,ether2m,ether3,ether4,sfp1,switch1-cpu vlan-id=0
add ports=ether1,ether2m,ether3,ether4,sfp1,switch1-cpu vlan-id=110
add ports=ether1,ether2m,ether3,ether4,sfp1,switch1-cpu vlan-id=120
add ports=ether1,ether2m,ether3,ether4,ether5,ether6,ether7,ether8,sfp1,switch1-cpu vlan-id=150

/interface ethernet switch egress-vlan-tag
add tagged-ports=ether1,ether2m,ether3,ether4,sfp1,switch1-cpu vlan-id=150

/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=150 ports=ether5,ether6,ether7,ether8

/interface ethernet switch
set drop-if-invalid-or-src-port-not-member-of-vlan-on-ports=ether3,ether4,ether5,ether6,ether7,ether8,sfp1,ether1,ether2m \
    drop-if-no-vlan-assignment-on-ports=ether5,ether6,ether7,ether8 \
    forward-unknown-vlan=no

Edit: adding photo of above setup
CRS109 Setup Example (1).jpg
You do not have the required permissions to view the files attached to this post.
 
chenier
just joined
Posts: 10
Joined: Wed Dec 23, 2009 3:42 pm

Re: Switching with RouterOS / CRS Questions

Mon May 01, 2017 11:48 pm

Here are my notes on how to achieve the above setup with least possible steps (except some added configuration enhancements).
Aquí están mis notas sobre cómo lograr la configuración anterior con pasos menos posibles (excepto algunas mejoras de configuración agregadas).
took some trial and error to not do stupid things like lock myself out of Webfig. Hope this helps someone else.
Selection_267.jpg
Selection_268.jpg
You do not have the required permissions to view the files attached to this post.

Who is online

Users browsing this forum: No registered users and 138 guests