Hello.
Please help me understand what and why need to change/remove/add to this config:
Router-Switch-AP (all in one)
I need to make VLAN on chip instead of cpu VLAN on RB3011 UiAS-RM where using this as router+switch without any WLAN and other managed switch with only access ports like this:
ether1 - WAN
ether2 - VLAN100 MGMT
ether3-6 - VLAN10 Staff (DHCP 192.168.0.1/24 100-150)
ether7 - VLAN20 (for now here will be connected to ISP device for route back and next to our other company location)
ether8 - VLAN30
ether9 - VLAN40 Guest
ether10 -not used for now
All VLAN's need to be secured and isolated with different subnets/dhcp without any communication between.
I tried make my config but i have head ache with MikroTik and for sure i need to learn about it much more. Last time i messed something and lost any communication with router at any port xD.
And more straight question:
How to bond ether3-6 to make for them address (gateway) and DHCP server for that interfaces?
Re: VLAN config for chip switch
Go through this section of Basic VLAN switching help document.
If you get stuck after that, come back posting config of your RB3011 ...
As to blocking traffic between different (V)LANs ... that's up to firewall.
If you get stuck after that, come back posting config of your RB3011 ...
As to blocking traffic between different (V)LANs ... that's up to firewall.
Re: VLAN config for chip switch
This documents not talking about my case and i don't sure what should i do about this ports working as access -more than one in VLAN 10.
So if i make separate interface vlan like this (because i cant add more ports than one):
/interface vlan
add interface=ether3 name=vlan10-3 vlan-id=10
add interface=ether4 name=vlan10-4 vlan-id=10
...
until port 6
When i assign adress for vlan (interface) i can chose only one interface like this:
/ip address
add address=192.168.0.1/24 interface=vlan10-3 network=192.168.0.0
This is even worst when i make dhcp server...
Should i just make more bridges for ports 3-6? When i should start use then that bridges? Should then be bridge containing ports and other bridge?
Probably stupid question, but probably i miss some sentence in documentation that clear this for me. Maybe i have read wrong something and my mind skip some facts or read them wrong every time.
I attached my cfg when i stuck (without not important for this other configurations): And probably i doing it wrong because i should same vlan use only inside one switch chip -RB3011 have two switch chips.
So if i make separate interface vlan like this (because i cant add more ports than one):
/interface vlan
add interface=ether3 name=vlan10-3 vlan-id=10
add interface=ether4 name=vlan10-4 vlan-id=10
...
until port 6
When i assign adress for vlan (interface) i can chose only one interface like this:
/ip address
add address=192.168.0.1/24 interface=vlan10-3 network=192.168.0.0
This is even worst when i make dhcp server...
Should i just make more bridges for ports 3-6? When i should start use then that bridges? Should then be bridge containing ports and other bridge?
Probably stupid question, but probably i miss some sentence in documentation that clear this for me. Maybe i have read wrong something and my mind skip some facts or read them wrong every time.
I attached my cfg when i stuck (without not important for this other configurations): And probably i doing it wrong because i should same vlan use only inside one switch chip -RB3011 have two switch chips.
You do not have the required permissions to view the files attached to this post.
Re: VLAN config for chip switch
Well, my answer was based on title of this thread and I was assuming that you already have your srttings performing the way you want but using bridge vlan-filtering which means sub-optimal performance of your RB3011. In which case you'd have to adjust config to use switchbchip capabilities while overall philosopgy remains (more or less) the same.
But after your last post I'm not sure about what is actually the issue here ...
One thing that is obvious from the config you posted: in section /interface ethernet switch vlan you have to add switchX-cpu interface to the (tagged) list of members if ROS needs interaction with that VLAN.
Hardware-wise switch chips are 6-port devices: 5 are serving ethernet ports and 6-th is connecting towards CPU (port name is switchX-cpu). The /interface ethernet switch configuration subtree is configuring switch chip(s) and you have to explicitly configure the switch-CPU interconnect. If you don't, then bridge interface can't talk to switch chip (and consequently to the rest of ether ports).
Port ether1 is an exception here, non-bridged ports are handled differently by both ROS and switch chip.
But after your last post I'm not sure about what is actually the issue here ...
One thing that is obvious from the config you posted: in section /interface ethernet switch vlan you have to add switchX-cpu interface to the (tagged) list of members if ROS needs interaction with that VLAN.
Hardware-wise switch chips are 6-port devices: 5 are serving ethernet ports and 6-th is connecting towards CPU (port name is switchX-cpu). The /interface ethernet switch configuration subtree is configuring switch chip(s) and you have to explicitly configure the switch-CPU interconnect. If you don't, then bridge interface can't talk to switch chip (and consequently to the rest of ether ports).
Port ether1 is an exception here, non-bridged ports are handled differently by both ROS and switch chip.