Thanks. Due to my lack of knowledge it's not clear to me how the TP Link Wifi router (that connects to the cable modem) would communicate with the CRS310 if the TP Link has disabled DHCP. Can you clarify this conceptually or point to any guides? If I disable the DHCP Server on the TP Link (which I can see the option to do) I should instead pull an IP # for the TP Link off the CRS 310 instead? This in turn will run at full internet speed but minimal CPU for the scenario I originally described? Sorry if this seems stupid.CRS devices are primarily ethernet / layer2 switches with some IP / layer3 functionality, i.e. limited performance as the CPU is not particularly capable. RouterOS v7 introduced L3 hardware offloading, however the DX2000 in the CRS310-8G+2S+ only supports routing offload, not fasttrack and NAT connections.
Use the CRS as a switch, if the TP-Link (or replacement) allows you to disable DHCP you could configure the CRS to also provide DHCP, DNS, etc. and just use the router to provide NAT / firewall / port forwarding.
I am essentially looking for instructions that will make the CRS310 operate as an unmanaged switch as much as possible as a starting point before I wade into trunk ports and vlans, etc. I want to be able to do a basic set up that plugs my the CRS310 into the TP Link router and have the CRS work at full speed on the internet at low CPU use. Is that possible?Let me try to understand your logic.
1. You bought a switch.
2. You configured as a router
3. You are confused because the throughput is at it states for routing.
Try actually using it as a switch instead. No DHCP
Trunk on ether1 carrying all data vlans and management vlan, access port out to dumb devices, trunk port to other smart devices.
only vlan that needs to be identified with interface the bridge is the managment vlan.
CRS310 gets an IP on the management subnet.
https://www.youtube.com/watch?v=YLtGQAQ8iS0&t=460s
vlan2 + 192.168.2.1 -- Other Devices on vlan2
|
TPLink 192.168.1.1 - vlanbase - CRS 192.168.1.2 -- Other Devices on vlanbase
|
vlan3 + 192.168.3.1 -- Other Devices on vlan3
TPLink (or other suitably powerful router) does all NAT and Firewalling
apart from non stateful Intervlan routing/blocking (ACLS) handled by CRS
(at wirespeed)
TPLink has static routes installed for:
192.168.2.1 via 192.168.1.2
192.168.3.1 via 192.168.1.2
TPLink may not be able to port forward to anything except 192.168.1.x though :(
But it will/should handle return traffic ok.
On CRS
L3 hardware offload enabled on all vlans.
Route 0.0.0.0/0 via 192.168.1.1
vlanbase
DHCP default gw = 192.168.1.2
Likely need CRS to be DHCP server, (Makes it more consistent anyway)
TPLink might allow setting another device as default gw, but unlikely.
Traffic from devices on vlanbase destined for internet will go via
Device->CRS->TPLink->Internet
return traffic will go
Internet->TPLink->Device (Asymmetric)
Hopefully this will be fine (as hardware L3 routing will be stateless)
vlan2 default gw=192.168.2.1
CRS is dhcp server
vlan3 default gw=192.168.3.1
CRS is dhcp server
Use ACL's on CRS to block intervlan traffic as required.
One Ref:
https://help.mikrotik.com/docs/display/ROS/L3+Hardware+Offloading
Are you sure ? Because my CRS by default works like a router.
/interface bridge
add name=bridge protocol-mode=rstp \
auto-mac=no admin-mac=… comment=defconf
/interface bridge port
add bridge=bridge interface=ether1 comment=defconf
…repeat for all interfaces…
/ip address add address=192.168.88.1/24 interface=bridge comment="defconf"
/user set admin password=…
/user expire-password admin
If setting up multiple tagged and untagged ports on several different vlans and all on multiple IP subnets (e.g, "Mgmt, IT, Marketing") is all required to get a CRS to work like an unmanaged switch (with 1 default lan) this isn't going to work for me. I may have the patience to wade through this subject someday but not in the near term.Hold your horses, time for you to put forth some effort! The video link I provided shows you how starting at minute 8:00 for the CRS device.
Its the simplest variation. At the /interface bridge port settings, ensure you check ingress filtering and frame types as appropriate.
I gotta stop taking crazy pills. I swear I thought he said he bought a managed switch at a premium price in order to use it as a $30 unmanaged TP-link.There should be a simple process to get a CRS to function similar a dumb switch in under 3(?) steps as a basic operating starting point. What, discretely, are those steps?
As I noted I am just attempting to get a starting configuration to actually work as a proper switch (not router) as the Quick Set options aren't creating an immediately functioning device . Once stuff works at the most basic level then I'll learn more, with anticipated interest, I'll start tinkering more and learn more complex set ups. I hope I'm in the right place- "Beginner Basics" forum- as this is indeed from where I am starting as everyone else did one day but this forum seems more a place for experts to berate beginners instead of helping the Mikrotik brand.Well, you don't need to setup VLANs if you are not using them. By default VLAN filtering is off so switch can't be dumber than that.
Only thing i would change is to remove one port off the bridge, then in IP/Addresses change interface on address 192.168.88.1 from bridge to for eg ether8 so you have off bridge mgmt port in case you decide to use more functions and screw something up.
And create dhcp client on the bridge so device get IP address automatically when plugged into router.
Then you will have "dumb" switch. But it's a shame to use such device as plain dumb switch...
system/default-configuration/print