Page 1 of 1

CRS documentation

Posted: Wed Jan 29, 2014 10:47 am
by normis
We have created a CRS feature description document that should clarify many things that the CRS can do, and how to do them:
http://wiki.mikrotik.com/wiki/Manual:CRS_features

We also have an example page here:
http://wiki.mikrotik.com/wiki/Manual:CRS_examples

We are still expanding and updating these documents, so please let us know what questions you have about the CRS, so we can answer them in the article updates later this week.

Re: CRS documentation

Posted: Wed Jan 29, 2014 11:52 am
by honzam
Thanks !!!

Re: CRS documentation

Posted: Wed Jan 29, 2014 12:27 pm
by andriys
It'll be nice if you deploy one CRS as a demo system (similar to demo.mt.lv and demo2.mt.lv) so that the community can see what's the switch management looks like in the UI on a live system.

Re: CRS documentation

Posted: Wed Jan 29, 2014 1:39 pm
by honzam
It'll be nice if you deploy one CRS as a demo system (similar to demo.mt.lv and demo2.mt.lv) so that the community can see what's the switch management looks like in the UI on a live system.
+1

Re: CRS documentation

Posted: Thu Jan 30, 2014 10:36 pm
by ditonet
It'll be nice if you deploy one CRS as a demo system (similar to demo.mt.lv and demo2.mt.lv) so that the community can see what's the switch management looks like in the UI on a live system.
+1

Regards,

Re: CRS documentation

Posted: Thu Jan 30, 2014 11:27 pm
by efaden
It'll be nice if you deploy one CRS as a demo system (similar to demo.mt.lv and demo2.mt.lv) so that the community can see what's the switch management looks like in the UI on a live system.
+1

Regards,
Looking good. I think more examples... ... basic examples of what each setting does along with more descriptions. Also complex examples.

A comparison to the switch config for the RB2011 series would be helpful. For example on the RB2011 I would set the port to secure and then add the vlans to a table... how would I accomplish the same thing on the CRS.

Normis: Any help with http://forum.mikrotik.com/viewtopic.php?f=2&t=81327

Re: CRS documentation

Posted: Sat Feb 01, 2014 4:34 am
by Roberto21
Hello! The door insulation is not working in version 6.9, the isolation of active ports for level 1 (isolated) do logout mikrotik when it is back again at 0 (promiscuous).

(google translator) :(

Re: CRS documentation

Posted: Thu Feb 06, 2014 5:17 am
by infused
What do you need to be able to direct console in to the crs?

Re: CRS documentation

Posted: Fri Feb 07, 2014 9:43 pm
by steen
Hello Folks!

The documentation is great, exept I do not understand what all stuff do, it is to deep down in layer 2 stuff, got to get a book and try translate it but had no time yet. Recommendation is to make a much more simple interface to deal with basic vlan, trunking, bonding, etherchannel etc. but I guess you like me, is very occupied with stuff and upper management asks for that and that all the time :-)

Anyhow we tried everyting now, still the CRS leaks traffic and hence can not be put in to production.

I do not know to much about vlan and layer 2 stuff, but I have all the years being able handling the same on Cisco and HP switches without problems.

With everything means:
1. A brand new untouched CRS was taken ount from shelf.
2. All packages disabled: hotspot, mpls, ppp, routing, wireless.
3. The device was resetted fully with no scripts to be run at boot to configure it.
4. Mac address access to the device was performed
5. IP Settings was fully disabled, ip forward, send redirects, secure redirects, allow fast path.
6. dhcp client was enabled on ether1
Then the device as accessed using the dhcp address on ether1.

The device as then upgraded to RoS6.9 and step 3 -> 6 was repeated and we continued with below steps.

Following mikrotik examples by the book for CRS (http://wiki.mikrotik.com/wiki/Manual:CRS_examples) we put ether2 as "trunk port", by our understanding it will accept all ethernet traffic coming in or going out without exeptions like ALL VLANS trunk something. Must say I do not really understand point 9 below, how can the switch know that ether3 is belonging to vlan 200, does it come from sa-learning, what is that by the way ?

7. switchport ether2 was set as master for ether3
/interface ethernet set ether3 master-port=ether2
8. Tag all ethernet packages coming in to ether3 to vlan 200
/interface ethernet switch ingress-vlan-translation add port=ether3 customer-vid=0 new-customer-vid=200 sa-learning=yes
9. And the reverse, remove vlan tags for traffic going out on ether3.
/interface ethernet switch egress-vlan-translation add port=ether3 customer-vid=200 new-customer-vid=0

That wasnt to hard, now we connected the CRS ether2 to the trunk line containing very many vlans.
Last we connected one RedHat dhcp client to ether3, in a blink it got IP address from our dhcp server on vlan 200.

tcpdump was started on the RedHat dhcp client to see what is going on in vlan 200, sadly we saw a lot of arp requests and other oddities leaking from all other vlans. But it is isolated in some way, because we could not ping servers in other vlans that was not routed to vlan 200 from the RedHat client neither did we got any arp addresses from other vlans so that is positive.

We then went further trying to activate port isolation, but it goes back to promiscues all the time, not possible to change.

Am I doing somthing wrong in the setup ?

It could actually work this way, if it does not cause any conflicts and other oddities.
I would really like to throw out our slow Cisco switches and go gigabit now, also have noted the CRS does not consume by far as much energy as the cisco:s.

What do you experts say, is it safe to go into production with CRS at this stage if you can live with the little leakage ?
I have not experienced any port flapping etc or other problems in our environments for a very long time, and the few we had was sorted out by disabling snmp and the lcd display, and it was on CCR not CRS. Also our RB2011 has performed without any problems.

Re: CRS documentation

Posted: Fri Feb 07, 2014 10:24 pm
by honzam
Hello Folks!

We then went further trying to activate port isolation, but it goes back to promiscues all the time, not possible to change.
We have the same problem in 6.9
MT team, it is bug? Will be fixed in 6.10?

Re: CRS documentation

Posted: Fri Feb 14, 2014 10:34 pm
by DLNoah
For CRS units that were running a version in the 6.5-6.7 range, you need to do ONE of the following two steps in order to fix the port isolation:

1) Factory reset the unit, do not keep user configuration (obviously not suitable for units in the field)
2) Follow the instructions here: http://forum.mikrotik.com/viewtopic.php ... 00#p407466
-- Just in case the link dies:
[Resetting the unit] was only necessary for CRS125 to prevent speed issues and behaviour of a hub.
Alternatively you can enter this command:
Code:

/interface ethernet switch port set [find] learn-restricted-unknown-sa=yes

Re: CRS documentation

Posted: Sat Feb 15, 2014 8:25 am
by steen
Hello Folks!

CRS still leaks in RoS6.10, exactly like before.

Tested after resetting CRS, followed by the suggested steps in first mikrotik exampe port based.
For simplicity we used one "trunk port" ether2 and one "access port" ether3.
Running tcpdump on a redhat llinux based server connected to ether3 show arp requests from ALL vlans and other traffic.

Please, can anyone come up with a working non leaking example configuration, how to do it so to say, we badly need going gigabit now ?

Re: CRS documentation

Posted: Wed Feb 26, 2014 1:35 pm
by omidkosari

Re: CRS documentation

Posted: Wed Mar 05, 2014 10:09 am
by omidkosari
Hello Folks!

CRS still leaks in RoS6.10, exactly like before.

Tested after resetting CRS, followed by the suggested steps in first mikrotik exampe port based.
For simplicity we used one "trunk port" ether2 and one "access port" ether3.
Running tcpdump on a redhat llinux based server connected to ether3 show arp requests from ALL vlans and other traffic.

Please, can anyone come up with a working non leaking example configuration, how to do it so to say, we badly need going gigabit now ?
This is not just a small bug . This is a huge security vulnerability . Mikrotik should inform users to don't use CRS in production .

Re: CRS documentation

Posted: Tue Mar 11, 2014 2:26 pm
by beercha
Hello Folks!

CRS still leaks in RoS6.10, exactly like before.

Tested after resetting CRS, followed by the suggested steps in first mikrotik exampe port based.
For simplicity we used one "trunk port" ether2 and one "access port" ether3.
Running tcpdump on a redhat llinux based server connected to ether3 show arp requests from ALL vlans and other traffic.

Please, can anyone come up with a working non leaking example configuration, how to do it so to say, we badly need going gigabit now ?
This is not just a small bug . This is a huge security vulnerability . Mikrotik should inform users to don't use CRS in production .
Totally agree, CRS without normal documentation and VLAN operation, is useless. Now my two CRS125 will stand on a shelf until bugs are fixed and CRS is normally documented.

Re: CRS documentation

Posted: Wed Mar 12, 2014 10:54 am
by normis
and CRS is normally documented.
the original topic in this post asks what features do you wish to be documented in more detail. the original post is about documentation!

Re: CRS documentation

Posted: Wed Mar 12, 2014 10:48 pm
by janel
Hello,

I just would like some more configuration examples such as a basic L3 switch with inter-VLAN routing. The way how a VLAN interface interacts with the switch is pretty unclear for me.

Thanks!

Re: CRS documentation

Posted: Wed Mar 19, 2014 3:07 pm
by Bitto
Finally we have our new CRS125-24G-1S-RM in our hands, but switch menu changed there is a menu about mirroring makes none sense it seems cpu is mirroring all traffic to one port.
I couldn't find examples and manuals in wiki can any one send a configuration example of where ether2 is fully mirrored to ether3 (ingress and egress) ?

Re: CRS documentation

Posted: Wed Mar 19, 2014 3:19 pm
by timberwolf
Hello,

I just would like some more configuration examples such as a basic L3 switch with inter-VLAN routing. The way how a VLAN interface interacts with the switch is pretty unclear for me.

Thanks!
AFAIK you can only route via the embedded CPU, so inter-VLAN routing is achieved by switching the affected traffic through the 1G-CPU-Uplink, forwarding is then done in software and the packet is sent back though the same 1G-CPU-Uplink to the switching silicon. Besides MT claiming otherwise, the CRS isn't a L3 switch is a switch combined with a "router on a stick" in networkers terminology.

Re: CRS documentation

Posted: Sat Mar 22, 2014 1:18 am
by janel
@timberwolf: I totally agree with you, it is not al true L3 switch, but however, some nice examples about L3 inter-VLAN routing would help. I have managed to do it myself, but I guess that others may find this very helpful, especially if we consider that this new switch chip is rather different from the previous ones.

Re: CRS documentation

Posted: Mon Mar 24, 2014 10:06 pm
by dsobin
Over on this thread is a very basic documentation discussion regarding the operation of the switch chip and the meaning of master and slave ports.

Normis, the vlan questions and issues that people are asking here are very important. I would suggest also that missing from the documentation is a clear, unambiguous, understandable description of the meaning of the master and slave designation.

Maybe this is clear to everyone else, but the questions on the post referenced above show that at least some users cannot understand how this supposed to work from the existing documentation.

Re: CRS documentation

Posted: Tue Mar 25, 2014 7:33 pm
by trn76
Oh thank God it's not only me seeing that "leak"!
Using CRS ROS 6.11 - I'm not able to ping, but I can gladly see other MT on other VLAN's with WinBox, also sniffing traffic with Wireshark and I see it leaks traffic.

Seriously.... fucking great! ... I now have (yet again) 8 CRS that are useless

Re: CRS documentation

Posted: Tue Mar 25, 2014 7:38 pm
by efaden
Oh thank God it's not only me seeing that "leak"!
Using CRS ROS 6.11 - I'm not able to ping, but I can gladly see other MT on other VLAN's with WinBox, also sniffing traffic with Wireshark and I see it leaks traffic.

Seriously.... fucking great! ... I now have (yet again) 8 CRS that are useless
Did you reset to defaults after upgrade to 6.10 or 6.11? ...

-Eric

Re: CRS documentation

Posted: Tue Mar 25, 2014 8:24 pm
by trn76

Did you reset to defaults after upgrade to 6.10 or 6.11? ...

-Eric
upgraded firmware, and i always "system reset-configuration no-default=yes"

so by following: http://wiki.mikrotik.com/wiki/Manual:CRS_examples Port Based VLAN, If I connect to eth6 using wireshark, and connect another computer to eth7 I can see wireshark scrolling away.

Re: CRS documentation

Posted: Tue Mar 25, 2014 9:23 pm
by efaden
Sigh. Thought they solved it. Maybe not

Sent from my SCH-I545 using Tapatalk

Re: CRS documentation

Posted: Wed Mar 26, 2014 12:28 am
by trn76
If I follow the example here: http://wiki.mikrotik.com/wiki/Manual:CRS_examples (Port Based VLAN) and trunk the two CRS, then on VLAN400 i connect a computer with WinBox, and after a while I can see the RB750 pop up in WinBox... - I cannot connect, but I can see it.
If I disconnect the trunk, and connect to VLAN400 on the CRS on the right side.... the WinBox issue won't appear.

Unless I have configured it wrong (following the tutorial), there are still issues...
...Any thoughts? :?

Re: CRS documentation

Posted: Wed Mar 26, 2014 1:40 pm
by janel
@trn76: using the same tutorial I have discovered that the access ports are still receiving tagged traffic from the trunk port. You can verify that for yourself by running a tcpdump -nei enX on the "access" port, you will be able to see the VLAN IDs affected as well.
I think that the approach described in the configuration example is far away from what is expected from a basic L2 switch, and I hope that this issue will be addressed soon by the dev team.

Re: CRS documentation

Posted: Wed Mar 26, 2014 2:25 pm
by trn76
@trn76: using the same tutorial I have discovered that the access ports are still receiving tagged traffic from the trunk port. You can verify that for yourself by running a tcpdump -nei enX on the "access" port, you will be able to see the VLAN IDs affected as well.
I think that the approach described in the configuration example is far away from what is expected from a basic L2 switch, and I hope that this issue will be addressed soon by the dev team.
Yeah, that was my discovery too - Trunk is leaking somehow, like I said, if you disconnect the trunk the problem isnt there (no vlan <-> vlan leak on same CRS).
I've tried changing all kind of parameters, and no go.

Re: CRS documentation

Posted: Wed Mar 26, 2014 3:42 pm
by efaden
@trn76: using the same tutorial I have discovered that the access ports are still receiving tagged traffic from the trunk port. You can verify that for yourself by running a tcpdump -nei enX on the "access" port, you will be able to see the VLAN IDs affected as well.
I think that the approach described in the configuration example is far away from what is expected from a basic L2 switch, and I hope that this issue will be addressed soon by the dev team.
Yeah, that was my discovery too - Trunk is leaking somehow, like I said, if you disconnect the trunk the problem isnt there (no vlan <-> vlan leak on same CRS).
I've tried changing all kind of parameters, and no go.
I just grabbed the latest beta which supposedly has a lot of fixes for the CRS. You may want to test that one.

Re: CRS documentation

Posted: Wed Mar 26, 2014 6:03 pm
by janel
Yeah, that was my discovery too - Trunk is leaking somehow, like I said, if you disconnect the trunk the problem isnt there (no vlan <-> vlan leak on same CRS).
I've tried changing all kind of parameters, and no go.
I guess that is due to the fact that the proposed approach is not a real VLAN encapsulation/decapsulation but a VLAN translation. I would expect a L2 switch to behave in a different manner, but the product is quite young too - perhaps we will see improvement soon.

@efaden: thanks for the heads up, I will give it a go (once I will figure it out how to download it).

Re: CRS documentation

Posted: Thu Mar 27, 2014 4:58 am
by CelticComms
I guess that is due to the fact that the proposed approach is not a real VLAN encapsulation/decapsulation but a VLAN translation.
There are always arguments about whether VLAN tagging or detagging is a decapsulation/encapsulation process. Cisco say it is and technically there is a good argument for saying that it is since the frame and FCS change.

So - if it was successfully VLAN tagging/detagging frames the CRS would be decapsulating/encapsulating as much as any other vendor would.

Re: CRS documentation

Posted: Sun Mar 30, 2014 2:38 am
by janel
Agreed. But in the current CRS documentation the tagging/untagging is just a basic process of VLAN translation:
- Trunk port VID xxx mapped to Access port VID 0
- Access port VID 0 mapped to trunk port VID xxx

That allows all other tagged VIDs to be copied on the access port, and I think that's not what you'll expect at this level.

Re: CRS documentation

Posted: Sun Mar 30, 2014 2:53 am
by efaden
Agreed. But in the current CRS documentation the tagging/untagging is just a basic process of VLAN translation:
- Trunk port VID xxx mapped to Access port VID 0
- Access port VID 0 mapped to trunk port VID xxx

That allows all other tagged VIDs to be copied on the access port, and I think that's not what you'll expect at this level.
The VLAN table and such are getting fixed in 6.12... We'll have to wait until the documentation gets updated to see exactly how it all works.

Re: CRS documentation

Posted: Sun Mar 30, 2014 3:23 pm
by CelticComms
From the descriptions above it sounds like it is the frame forwarding decisions/filters which are not operating as expected.

Re: CRS documentation

Posted: Wed Apr 02, 2014 9:52 pm
by qra77
Since CRS is a switch and a router, I need the following scenario:

On CRS:
ether2-master is a trunk, allowed vlan id's: 100,101
ether3-slave is an access port, vlan100 untagged
CRS's router has vlan100 and vlan101 added on ether2
has IP 10.1.1.3/24 on vlan100

on Router2:
ether5 is linked to ether2 on CRS
on ether5 has vlan100 added (tagged)
has IP 10.1.1.1/24 on vlan100

PC (Windows)
has IP 10.1.1.2/24 on ether (untagged)
it's connected to ether3 on CRS

How to setup switch to get IP's 10.1.1.1, 10.1.1.2, 10.1.1.3 connected?

I've tried different configs using availble manual, but I've never managed to connect CRS with Windows in this scenario.

Post some exaple config, please.

Re: CRS documentation

Posted: Thu Apr 03, 2014 2:39 pm
by andriys
Does anyone else have a feeling that switch chip configuration on CRS is overly complicated?
It looks like Mikrotik decided to expose as much of the switch programming to the end user as possible.
For instance, what's the purpose/benefit of exposing the ability to specify custom TPID values?

Re: CRS documentation

Posted: Thu Apr 03, 2014 8:23 pm
by CelticComms
It could be useful in multi-vendor VLAN situations. Some other vendors do allow the TPID to be specified - often with some restrictions so you don't accidentally set it to something inappropriate.

Re: CRS documentation

Posted: Tue Apr 08, 2014 11:03 am
by wpeople
is this a right place to ask if CRS is capable of trunk group (aka bondig) with LACP (or alike)?
if so, how?

Re: CRS documentation

Posted: Tue Apr 08, 2014 4:00 pm
by efaden
is this a right place to ask if CRS is capable of trunk group (aka bondig) with LACP (or alike)?
if so, how?
I think all bonding/LACP uses the CPU.....

Re: CRS documentation

Posted: Wed Apr 09, 2014 11:34 am
by wpeople
efaden: well, the port bridging (and filtering) can be done at CPU or switch-chip.

My question was: do the switch chip capable of port trunk group (aka bonding) with LACP?
of course, i wish to use ASIC in switch instead of, since the CPU is definitely NOT capable of bonding 2xGigE.

Re: CRS documentation

Posted: Wed May 21, 2014 10:28 am
by joaeri
Seriously, these switches should never have been released. We've had a few for 6 months now, and they've never even been capable of functioning as basic switches. They're not even useful as paper weights because they aren't heavy enough.

We're throwing ours out, and we're def not going to try Mikrotik switches again or recommend them to any clients. It would have been way cheaper from the start to buy Juniper or Cisco considering the massive amount of time wasted on these...

No documentation, no functionality, no support. :/

Re: CRS documentation

Posted: Wed May 21, 2014 7:23 pm
by NetNotGross
How complete is the CRS functionality in the latest firmware? Is it able to perform all the basic functions of a VLAN capable switch at this point?

Thanks

Re: CRS documentation

Posted: Fri May 23, 2014 3:20 am
by cheeze
Seriously, these switches should never have been released. We've had a few for 6 months now, and they've never even been capable of functioning as basic switches. They're not even useful as paper weights because they aren't heavy enough.

We're throwing ours out, and we're def not going to try Mikrotik switches again or recommend them to any clients. It would have been way cheaper from the start to buy Juniper or Cisco considering the massive amount of time wasted on these...

No documentation, no functionality, no support. :/
Please put them on ebay and PM me your name on there. I'll buy them off of you (depending on how many you have). If no ebay, let me know.

Re: CRS documentation

Posted: Fri May 23, 2014 9:29 am
by normis
Seriously, these switches should never have been released. We've had a few for 6 months now, and they've never even been capable of functioning as basic switches. They're not even useful as paper weights because they aren't heavy enough.

We're throwing ours out, and we're def not going to try Mikrotik switches again or recommend them to any clients. It would have been way cheaper from the start to buy Juniper or Cisco considering the massive amount of time wasted on these...

No documentation, no functionality, no support. :/
The first ones were sold as pre-production test units, that was made clear. But now with software upgrades they have been made fully functional. Did you see our latest newsletter? It clarifies all the new features we have added to CRS: http://download2.mikrotik.com/news_58.pdf

Re: CRS documentation

Posted: Fri May 23, 2014 3:32 pm
by NetNotGross
Any estimate on when the wire speed IP forwarding will be implemented?

Re: CRS documentation

Posted: Fri May 23, 2014 7:24 pm
by efaden
Seriously, these switches should never have been released. We've had a few for 6 months now, and they've never even been capable of functioning as basic switches. They're not even useful as paper weights because they aren't heavy enough.

We're throwing ours out, and we're def not going to try Mikrotik switches again or recommend them to any clients. It would have been way cheaper from the start to buy Juniper or Cisco considering the massive amount of time wasted on these...

No documentation, no functionality, no support. :/
The first ones were sold as pre-production test units, that was made clear. But now with software upgrades they have been made fully functional. Did you see our latest newsletter? It clarifies all the new features we have added to CRS: http://download2.mikrotik.com/news_58.pdf
Normis: Why are the ACLs only on the 226?

Re: CRS documentation

Posted: Sat May 24, 2014 4:01 pm
by steen
Hello Folks!

Thanks MT support!
Now the CRS is very useful for us, we did get it working with our classic trunklines and classic access ports, see here for more information abot that: http://forum.mikrotik.com/viewtopic.php?f=3&t=78797 (bottom of link).

There are some remaining questions, how does the switchchip deal with spanning tree and broadcast storms, split horizons etc. I guess many is of these nice to have things is upcoming so to say.

We will put one CRS in production, we had one as a pure switch in production since they came out here in Sweden, that one did work well from start.

However, it now finally work, no leakage between vlans as far we can see.

Re: CRS documentation

Posted: Tue Jul 01, 2014 3:27 am
by janel
Hello,

Just wanted to report that with 6.15 CRS becomes perfectly useable.
Thanks for your efforts!

Re: CRS documentation

Posted: Tue Jul 22, 2014 1:32 am
by kamillo
Hi all,

I hope someone could point me to right direction on how to solve my problem.

I have a CRS125-24G-1S, firmware version 3.12, RouterOS 6.15

I wanted to implement InterVLAN routing and I followed http://wiki.mikrotik.com/wiki/Manual:CR ... AN_Routing

The problem is that on access port I receive tagged packets. So for example if I plug a PC to the access port and I try to ping the router I can see ARP replies coming back from the router but they are tagged.

Why packets on access port are coming from the router tagged? How to solve this issue?

Thanks,

Kamil

Re: CRS documentation

Posted: Mon Sep 15, 2014 9:47 pm
by steen
Hello Folks!

I need to put up CRS125 switch in a datacenter to replace a bunch of cisco2960 switches, they are connected in a circle's and some other in meshes.

How do I activate spanning tree in them ?

Re: CRS documentation

Posted: Wed Sep 17, 2014 2:40 pm
by timberwolf
As far as I know, you can't use any STP on a CRS unless you use software bridges, which you for sure don't wan't to.

Re: CRS documentation

Posted: Wed Sep 17, 2014 9:07 pm
by steen
As far as I know, you can't use any STP on a CRS unless you use software bridges, which you for sure don't wan't to.
I solved it by circle the switches an putting in two cisco switches in the circle that can do STP, no loops all looking good so far.

Re: CRS documentation

Posted: Thu Oct 02, 2014 11:10 pm
by pasdif
Ok, I understood that CRS don't implement STP protocol in native feature. But ... what is the best way for use STP with CRS ?

Just create a bridge interface and add master port? Please, help me.

Re: CRS documentation

Posted: Fri Oct 03, 2014 12:07 am
by r2504
Is anyone doing a bit more with a CRS than what you would do with a managed switch ?

I'm trying something very basic like putting a DHCP client on a VLAN and don't get it working because the CRS is not untagging traffic on the ports (which is just a simple concept of an access port).

If someone is willing to have a look at this issue... it is discussed here http://forum.mikrotik.com/viewtopic.php?f=13&t=89595 (sorry it took some time to notice that my PC wasn't capturing VLAN info).

Re: CRS documentation

Posted: Fri Oct 03, 2014 1:15 am
by xcom
Is anyone doing a bit more with a CRS than what you would do with a managed switch ?

I'm trying something very basic like putting a DHCP client on a VLAN and don't get it working because the CRS is not untagging traffic on the ports (which is just a simple concept of an access port).

If someone is willing to have a look at this issue... it is discussed here http://forum.mikrotik.com/viewtopic.php?f=13&t=89595 (sorry it took some time to notice that my PC wasn't capturing VLAN info).
Maybe this can help you:

http://forum.mikrotik.com/viewtopic.php?f=13&t=83333

Look at my post at the end of the thread...

Re: CRS documentation

Posted: Fri Oct 10, 2014 5:32 am
by baragajulz
does anyone has tested QinQ application using this CRS? If any it will be great to share the configuration

Re: CRS documentation

Posted: Thu Oct 16, 2014 10:11 pm
by AlArenal
does anyone has tested QinQ application using this CRS?
I'm rather interested if any CRS can tunnel VLANs in QinQ-VLANs at line-speed, including 10G for the SFP+ models.

Re: CRS documentation

Posted: Sat Oct 18, 2014 11:18 pm
by steen
Hello Folks!

Now one year with CRS as a pure switch in pair with CCR1016, works just nice.

(Well the CCR1016 has had some problems, suddenly ports stop working and ipsec tunnel dies afer some months uptime, and the whole device need to be restarted.)

Two months plus using CRS125 as vlan switches with trunks and access ports, no problems except lacking RSPT rapid spanning tree. Otherwise fine.

Re: CRS documentation

Posted: Fri Nov 21, 2014 1:19 am
by ftxsteve
There seems to be a lot of options that don't have documentation. I'm requesting clarification on two.

Under Bridge Ports, these two are vague or undocumented:
Edge - not much detailed info
Point To Point - Y/N/Auto is the only thing that I can find. OK. Need more than that as I would say that 1 cable plugged in to the port and connected to another is always PTP.

Thanks

Re: CRS documentation

Posted: Mon Apr 06, 2015 10:57 am
by jalal79
Hello
when we do the config on Cisco SW there is 3 option you can choose between them for each Vlan and Ethernet
1- Trunk
2- Access
3- Voice

i look at the CRS125 its don't have these 3 option is there any way can MikroTik can add them or there is anther way that MikroTik SW CRS125 work

for example if i config one of the Ethernet port to two different Vlans (( VOIP & Internet Access ))
and connect the IP Phone to this Ethernet and from the IP Phone to the PC the way in Cisco SW each device should work for the specific Vlan that should work on it
but in CRS125 this way dosnt work its keep working on one Vlan and i need to make it work on two different Vlans on the same Ethernet ........

wait for reply

Re: CRS documentation

Posted: Thu Apr 09, 2015 6:57 pm
by mainTAP
Dear All,

Can somebody please advise how the egress VLAN tag works when the switch is in service-vid bridge mode ?

As I cannot see any difference in frames captured leaving the interface if I enable / disable the following :
(none of the tags have changes)
/interface ethernet switch egress-vlan-tag
add tagged-ports=ether8 vlan-id=400

Thank you.

Re: CRS documentation

Posted: Tue Apr 14, 2015 6:27 pm
by IPANetEngineer
As far as I know, you can't use any STP on a CRS unless you use software bridges, which you for sure don't wan't to.
I haven't found any evidence of Spanning Tree except for bridging.

+1 for Rapid STP in switching on the CRS. Love the CRS but need some loop prevention.

Re: CRS documentation

Posted: Thu Apr 16, 2015 9:00 am
by pLuto
Hello!

I've completely lost in CRS QoS concepts. Could anybody help me, please?

I have CRS226-24G-2S+ with 2 VLAN in it (10 and 20). Now I use it as a media-converter - so I have 1 10G connections and bonding with 4 1G connections, both in trunk mode with 802.1Q marked VLANs 10 and 20.

Somehow the switch has made dynamic ingress VLAN translation rules and all MACs are seeable in VLAN 4091 only, but it works, so I think it's something about internal technology of bonding.

But now I need to limit ingress and egress bandwidth to 100Mbps for one of that VLANs (20) on 10G connection and keep VLAN 10 without any limit. Is it possible? If so - could you give me some hints of configuration?

As I understand, both shapers and ingress port policers work only with physical ports, so I can't limit only one VLAN in trunk this way.

Thanks,
Valery

Re: CRS documentation

Posted: Sat Apr 25, 2015 5:22 pm
by IPANetEngineer
Update on Rapid Spanning Tree for the CRS. We spent the week in Miami with MikroTik as exhibitors at the 10th anniversary USA MUM and were able to get a lot of insight into current development and projects at MikroTik.

After talking with several of the staff at MikroTik, RSTP is in development right now on the CRS, but they are having some stability issues and are trying to work through that, so it is definitely coming.

Not sure if it will be part of a v7 release or not but it looks like it will be this year if all the bugs are worked out.

Re: CRS documentation

Posted: Tue Apr 28, 2015 10:42 am
by abubin
would it be possible to separate the documentation into v5 and v6? There are a lot of command differences between them and mixing them into same docs is confusing. On top of that all the examples given are for v5 which make it harder for v6 users to get familiar with CRS.

I have been trying to weeks to try to configure something simple like simple queue but way unable to get it working. I tried with and without mangle but both doesn't work. The documentation and examples are not helping as they were designed for v5.

All I wanted to do is simple queue to rate limit bandwidth by port. For eg, rate limit apply for port 80 and 443 only. The reset will have unlimited bandwidth. Right now I cannot even get any packets into the queue.

Also, in CRS docs, there are mention of 3 types of queue. But it is not expanded on how these queue works and whats the difference between queue in CRS and in simple queue/tree queue.

I have been searching this forum and online but documentation is quite lacking. Sorry if I there are proper docs that I might have missed.

Re: CRS documentation

Posted: Sat May 02, 2015 10:46 pm
by chechito

All I wanted to do is simple queue to rate limit bandwidth by port. For eg, rate limit apply for port 80 and 443 only. The reset will have unlimited bandwidth. Right now I cannot even get any packets into the queue.

Also, in CRS docs, there are mention of 3 types of queue. But it is not expanded on how these queue works and whats the difference between queue in CRS and in simple queue/tree queue.
i think the confusion started with marketing statements from mikrotik about CRS series establishing it as a layer 3 switch.

In networking a layer 3 switch its a layer 2 switch with some layer 3 capabilities at wire speeds like routing build in in hardware ASIC.

CRS is NOT a layer 3 switch

CRS is a layer 2 switch plus a router (600mhz single core cpu 128 mb ram) embedded in for management purposes, that explains why newer and powerfull CRS 2xx has a lower performance router (400mhz), its only for management purposes.

of course we can take advantage of the embedded router capabilities, but taking in account the limited performance of router functionalities.

With this in mind we must focus efforts on exploiting hardware switch capabilities, that is the purpose of CRS series, provide a layer 2 switch alternative to compliment the existing router products.

Examining CRS switching capabilities, the potential its awesome, i am impressed with the pool of extensive options avaliable to use, practically mikrotik exposes all switch chipset capabilities to the delight of networking engineer.

Its necessary to work documenting this huge capabilities in especific escenarios to make the CRS a practical solution.

I think important points to do this are:
Do not try to do with switch the work suited for a router
Do not try to do witch router the work suited for a switch.
Concentrate efforts on Switch capabilities, (switch menu on winbox) use the other funtionalities only for device management purposes.

I personally have verified following mikrotik CRS examples on version 6.27 and works as expected:
Port Based VLAN
Mac Based VLAN
Port Level Isolation
Protocol Level Isolation

Thats a start to replace other vendor switches with CRS.

take in count CRS miss some key market functionalities:

802.1x authentication
STP and RSTP for loop prevention.
Link Aggregation compatible with other vendors (LACP)
ACL (on CRS 1xx is not supported)

QoS are extensive but its totally different from router os queue tree and simple queue strategies
QoS on hardware switch of CRS its based on industry commonly known as hierarchical modular qos which is widely documented from mayor vendors of the industry.

exploiting CRS huge switching functionalities requires study but the reward its huge, getting provider class functionalities with a 200US switch its simply a win win

If you are new to the switching topic you must familiarize with that, manageable switches are different in purpose and capabilities from routers, and in many cases mikrotik users are very familiar with routers but not manageable switches.

Re: CRS documentation

Posted: Tue May 05, 2015 12:54 pm
by ners
Any plans to introduce support for MST and LACP?

Re: CRS documentation

Posted: Thu May 07, 2015 10:29 pm
by chechito
Hello Folks!

I need to put up CRS125 switch in a datacenter to replace a bunch of cisco2960 switches, they are connected in a circle's and some other in meshes.

How do I activate spanning tree in them ?
sorry no stp support on crs

Re: CRS documentation

Posted: Sun Jun 21, 2015 6:01 am
by secupath
Please provide some clarification on the following statement.
Note: Multiple master-port configuration is designed as fast and simple port isolation solution, but it limits part of VLAN functionality supported by CRS switch-chip. For advanced configurations use one master-port within CRS switch chip for all ports, configure VLANs and isolate port groups with port isolation profile configuration.

Re: CRS documentation

Posted: Thu Jun 25, 2015 1:28 am
by chechito
Please provide some clarification on the following statement.
Note: Multiple master-port configuration is designed as fast and simple port isolation solution, but it limits part of VLAN functionality supported by CRS switch-chip. For advanced configurations use one master-port within CRS switch chip for all ports, configure VLANs and isolate port groups with port isolation profile configuration.

short answer:

dont use multiple master ports

Re: CRS documentation

Posted: Sat Jul 25, 2015 1:21 am
by zervan
short answer: don't use multiple master ports
Using multiple master ports will create port isolation groups automatically (marked as default), so I neither understand why is this bad. I was experimenting much and it seems there are still some bugs here - sometimes adding and removing will mess up and reboot is needed. Documentation should clarify more details.

Re: CRS documentation

Posted: Sat Oct 17, 2015 11:35 pm
by Jeanluck
LACP/LAG is a common feature in switchs... but it is not hardware implemented now, and a poor 400Mhz CPU is not enough...

Is there some date for this??

Re: CRS documentation

Posted: Fri Nov 20, 2015 8:38 pm
by plankanater
All,

The Cloud Router Switch is very nice. Being able to do mac based vlans or protocol vlans is an awesome feature that requires a certain level of complexity. However, the vlan implementation when trying to do simple tagging and untagging or trunk ports is, well, just the worst. Even with examples shown in documents it is challenging and tedious at best and near impossible at worst. It would be very nice to have a wizard to assist with the vlans. RouterOS makes vlans much easier to understand but I have to build bridges which means I can not get non-blocking throughput because bridges use the CPU.

I have to admit that I avoid using mikrotik switches in situations that require even the most basic vlan configuration due to how complicated it is. It would be very nice to get a wizard or a simplified menu.

Thanks.

Re: CRS documentation

Posted: Fri Nov 20, 2015 8:46 pm
by chechito
All,

The Cloud Router Switch is very nice. Being able to do mac based vlans or protocol vlans is an awesome feature that requires a certain level of complexity. However, the vlan implementation when trying to do simple tagging and untagging or trunk ports is, well, just the worst. Even with examples shown in documents it is challenging and tedious at best and near impossible at worst. It would be very nice to have a wizard to assist with the vlans. RouterOS makes vlans much easier to understand but I have to build bridges which means I can not get non-blocking throughput because bridges use the CPU.

I have to admit that I avoid using mikrotik switches in situations that require even the most basic vlan configuration due to how complicated it is. It would be very nice to get a wizard or a simplified menu.

Thanks.
i think mikrotik have to take more seriously the CRS topic

maybe an update to mikrotik training/certification curriculum to include CRS training and knowledge will help

Re: CRS documentation

Posted: Tue Dec 29, 2015 4:59 pm
by mpreissner
Would love to see an example of how to rate-limit clients on a specific VLAN. I've got multiple wireless AP's that carry several VLANs, and would like to implement rate-limiting at the switch rather than at the router, but only on a specific VLAN. The rate-limiting would need to apply to each client on the VLAN in question, rather than limiting all traffic for that VLAN on that port.

I'm using Ubiquiti AP's, but their rate-limiting module hurts overall throughput, even on non-rate-limited SSIDs, so I want to set the rate-limiting up on the switch so as not to affect non-throttled SSIDs.

Re: CRS documentation

Posted: Thu Jan 21, 2016 5:35 pm
by TomosRider
Nice...

Re: CRS documentation

Posted: Thu Mar 03, 2016 5:44 pm
by Abbasmcse
Hi Mates

Here i am sharing my query regarding CRS hope if you can help me.

Last few days i am chasing mikrotik support but still dint' get luck, query is like this.


Ether - 24 - TRUNK = vlan 30 should be allowed (directly connected to Cisco switch trunk port)

Ether 1 to 10 - VLAN 30.
here every thing is working fine but all PC behind ether 1 to 10 getting internet connection and without single drop but only issue is i am receiving VLAN1 flapping warning msg in Cisco switch and can't ping managment trunk ip address of vlan1.

Thanks
Abbas

Re: CRS documentation

Posted: Thu Mar 10, 2016 10:30 pm
by doneware
i am receiving VLAN1 flapping warning msg in Cisco switch and can't ping managment trunk ip address of vlan1.
can you post the errmsg on the cisco side?

Re: CRS documentation

Posted: Sun Mar 20, 2016 11:14 am
by Abbasmcse
Hi
Thanks for response

What if want to createT TRUNK between Cisco 2960 switch and mikrotik crs125-24g-1s-2hnd-in,



Cisco 2960
#switchport mode trunk
#no shut

VLAN 1 -192.168.200.0/24 - Management ip address.


mikrotik crs125-24g-1s-2hnd-in

Ether 24 trunk.
Ether 24 - IP address 192.168.200.100/24 (I dont' have any idea here)
default gateway - 192.168.200.1

Ether 1- VLAN 126
Ether 2- 10 VLAN 30


/interface ethernet
set ether1 master-port=ether24
set ether2 master-port=ether24
set ether3 master-port=ether24
set ether4 master-port=ether24
set ether5 master-port=ether24
set ether6 master-port=ether24
set ether7 master-port=ether24
set ether8 master-port=ether24
set ether9 master-port=ether24
set ether10 master-port=ether24

TRUNK PORT
/interface ethernet switch egress-vlan-tag add tagged-ports=ether24,switch1-cpu vlan-id=30 add tagged-ports=ether24 vlan-id=126


ACCESS PORT
/interface ethernet switch ingress-vlan-translation add customer-vid=0 new-customer-vid=30 ports=\
ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,switch1-cpu \
sa-learning=yes
/interface ethernet switch ingress-vlan-translation add customer-vid=0 new-customer-vid=126 ports=\
ether1,switch1-cpu \
sa-learning=yes




NOTE:

Problem is i can access see access and trunk configuration is working perfectly.
but issue is i can't access 192.168.200.100 (mokrotik switch IP address) from cisco network .

I can't ping vlan1 trunk ip address of Mikrotik switch.


Please explain where i am doing wrong.



Thanks
Abbas

Re: CRS documentation

Posted: Sat Mar 26, 2016 12:32 pm
by FeliciaWhitman
This product and related documentation are given under a permit understanding containing limitations on use and exposure and are ensured by licensed innovation laws. But as explicitly allowed in your permit understanding or permitted by law, you may not utilize, duplicate, replicate, interpret, telecast, adjust, permit, transmit, disseminate, show, perform, distribute, or show any part, in any structure, or by any methods. Figuring out, dismantling, or decompilation of this product, unless required by law for interoperability, is disallowed.