Community discussions

MikroTik App
Member Candidate
Member Candidate
Topic Author
Posts: 124
Joined: Sun Jun 25, 2006 3:01 am

CRS Basic VLAN Config

Fri Feb 06, 2015 8:04 pm

So i'm trying to configure a CRS for basic VLAN access ports and one trunk port like this sample config:

Choose a master port and enslave the ports you need to be in the same switch group.
/interface ethernet
set ether6 master-port=ether2
set ether7 master-port=ether2
set ether8 master-port=ether2
Add initial VLAN assignments (PVID) to VLAN access ports.
/interface ethernet switch ingress-vlan-translation
add ports=ether6 customer-vid=0 new-customer-vid=200 sa-learning=yes
add ports=ether7 customer-vid=0 new-customer-vid=300 sa-learning=yes
add ports=ether8 customer-vid=0 new-customer-vid=400 sa-learning=yes
Add VLAN 200, VLAN 300 and VLAN 400 tagging on ether2 port to create it as VLAN trunk port.
/interface ethernet switch egress-vlan-tag
add tagged-ports=ether2 vlan-id=200
add tagged-ports=ether2 vlan-id=300
add tagged-ports=ether2 vlan-id=400
VLAN membership definitions in the VLAN table are required for proper isolation. Adding entries with VLAN id and ports makes that VLAN traffic valid on those ports.
/interface ethernet switch vlan
add ports=ether2,ether6 vlan-id=200 learn=yes
add ports=ether2,ether7 vlan-id=300 learn=yes
add ports=ether2,ether8 vlan-id=400 learn=yes
After valid VLAN configuration unknown/invalid VLAN forwarding can be disabled in global switch settings.
/interface ethernet switch
set drop-if-invalid-or-src-port-not-member-of-vlan-on-ports=ether2,ether6,ether7,ether8

The questions i have are as follows:

Does the vlan trunk more have to be the switch master port?

How can I have this config but also allow untagged traffic over ether2 and other ports?
MikroTik Support
MikroTik Support
Posts: 484
Joined: Thu Jul 07, 2011 8:26 am

Re: CRS Basic VLAN Config

Mon Feb 09, 2015 9:15 am

Does the vlan trunk more have to be the switch master port?
No, it does not matter, because you configure switch-chip's physical port in "Switch" menu, but the master-port interface is the one which can have an IP address configured for management or routing.
How can I have this config but also allow untagged traffic over ether2 and other ports?
Port based VLAN example 2 covers hybrid port configuration.
User avatar
Forum Guru
Forum Guru
Posts: 1772
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia

Re: CRS Basic VLAN Config

Sun May 10, 2015 11:32 pm

i was the latest 4 days figuring how to do vlans on CRS 125 using ROS 6.28 and y have this recommendations:

use the sfp port as a master port (many of us dont use it) to simplify and avoid confusion using ether 1

leave ether 24 without master port (out of the switch) to manage the switch using winbox without loosing access to it (my console port cease to work after 3 days) dont include port 24 on any cofing unless you can do what you need.

firt of all uncheck forward invalid vlan to be sure of the effect of your changes on vlans

/interface ethernet switch
set forward-unknown-vlan=no

allways tag master port on your vlans even if you do not need to use it as a trunk or even using it for anything:

/interface ethernet switch egress-vlan-tag
add tagged-ports=sfp1-MASTER,switch1-cpu vlan-id=20
add tagged-ports=ether01,sfp1-MASTER,switch1-cpu vlan-id=47

tagging switch cpu port on vlan its necessary only when you can reach vlan interfaces on embedded router for intervlan routing or manage the switch

when setting ingress vlan (untagged vlan of the port) be sure to include that "0"
/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=20 ports=ether03 sa-learning=yes

without that "0" tagged vlans on the port will not work

also check the unicast forwarding database to confirm vlan behavior

Who is online

Users browsing this forum: Baidu [Spider], Google [Bot], Paternot, reman6110 and 165 guests