Community discussions

MikroTik App
 
raid3868
just joined
Topic Author
Posts: 6
Joined: Sat Jun 25, 2022 7:01 am

Mikrotik CRS326-24S+2Q+RM VLAN Configuration

Sat Jun 25, 2022 7:11 am

Dear Expert,
I m very new with mikrotik product currently i just brought 4 unit of Mikrotik CRS326-24S+2Q+RM for my company ack as backbone for storage, i have facing some issue, need help from mikrotik expert.
Mikrotik CRS326-24S+2Q+RM
RouterOS 6.49.6

Configure for partition 3 vlan on each switch, this is for storage, backup and overlay, and management are connect to production switch for management purposse. Don't vlan to vlan routing.

The problem is when management port is not connect to production switch all vlan is working respectly, can ping host both way from site 1 vlan 10 to site vlan 10 host vlan 20 and 30 can also ping their own host.

But when i connect both management port to production switch then if fail to ping host from both way site 1 to site 2.
If i disconnect the management port for the production network it work again.

What i have missed the configuration? Please help

Site 1
VLAN 10(sfp-sfpplus1,sfp-sfpplus2 tagged sfp-sfpplus24) , VLAN 20(sfp-sfpplus3,sfp-sfpplus4 tagged sfp-sfpplus24), VLAN 30(sfp-sfpplus5,sfp-sfpplus6 Use only at main site don't need to forward to SW2(Site 2)) and management port ether1 IP 192.168.0.1/22 connect to Production Switch 192.168.0.0/22

Site 2
VLAN 10(sfp-sfpplus1,sfp-sfpplus2 tagged sfp-sfpplus24) , VLAN 20(sfp-sfpplus3,sfp-sfpplus4 tagged sfp-sfpplus24), VLAN 30(sfp-sfpplus5,sfp-sfpplus6 Use only at main site don't need to forward to SW2(Site 1)) and management port ether1 IP 192.168.0.2/22 connect to Production Switch 192.168.0.0/22

Production switch are on same subnet of 192.168.0.0/222

VLAN 10 ip subnet is 172.16.0.0/24
Site 1 host1 172.16.0.1/24
Site 1 host2 172,16.0.2/24
Site 2 host1 172.16.0.3/24
Site 2 host2 172,16.0.4/24

VLAN 20 ip subnet is 172.17.0.0/24
Site 1 host1 172.17.0.1/24
Site 1 host2 172,17.0.2/24
Site 2 host1 172.17.0.3/24
Site 2 host2 172,17.0.4/24

VLAN 30 ip subnet is 172,18.0.0/24
Site 1 host1 172.18.0.1/24
Site 1 host2 172,18.0.2/24
Site 2 host1 172.18.0.3/24
Site 2 host2 172,18.0.4/24

SW1 configuration
# jun/24/2022 17:44:54 by RouterOS 6.49.6
# software id = CR34-MQNT
#
# model = CRS326-24S+2Q+
# serial number = xxxxxxxxxxx1
/interface bridge
add name=br_vlan vlan-filtering=yes
add name=bridge
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface bridge port
add bridge=br_vlan frame-types=admit-only-untagged-and-priority-tagged \
    interface=sfp-sfpplus1 pvid=10
add bridge=br_vlan frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether1 multicast-router=disabled
add bridge=br_vlan frame-types=admit-only-untagged-and-priority-tagged \
    interface=sfp-sfpplus2 pvid=10
add bridge=br_vlan frame-types=admit-only-untagged-and-priority-tagged \
    interface=sfp-sfpplus3 pvid=20
add bridge=br_vlan frame-types=admit-only-untagged-and-priority-tagged \
    interface=sfp-sfpplus4 pvid=20
add bridge=br_vlan frame-types=admit-only-untagged-and-priority-tagged \
    interface=sfp-sfpplus5 pvid=30
add bridge=br_vlan frame-types=admit-only-untagged-and-priority-tagged \
    interface=sfp-sfpplus6 pvid=30
add bridge=br_vlan interface=sfp-sfpplus7
add bridge=br_vlan interface=sfp-sfpplus8
add bridge=br_vlan interface=sfp-sfpplus9
add bridge=br_vlan interface=sfp-sfpplus10
add bridge=br_vlan interface=sfp-sfpplus11
add bridge=br_vlan interface=sfp-sfpplus12
add bridge=br_vlan interface=sfp-sfpplus13
add bridge=br_vlan interface=sfp-sfpplus14
add bridge=br_vlan interface=sfp-sfpplus15
add bridge=br_vlan interface=sfp-sfpplus16
add bridge=br_vlan interface=sfp-sfpplus17
add bridge=br_vlan interface=sfp-sfpplus18
add bridge=br_vlan interface=sfp-sfpplus19
add bridge=br_vlan interface=sfp-sfpplus20
add bridge=br_vlan interface=sfp-sfpplus21
add bridge=br_vlan interface=sfp-sfpplus22
add bridge=br_vlan interface=sfp-sfpplus23
add bridge=br_vlan frame-types=admit-only-vlan-tagged interface=sfp-sfpplus24
add bridge=bridge interface=qsfpplus1-1
add bridge=bridge interface=qsfpplus1-2
add bridge=bridge interface=qsfpplus1-3
add bridge=bridge interface=qsfpplus1-4
add bridge=bridge interface=qsfpplus2-1
add bridge=bridge interface=qsfpplus2-2
add bridge=bridge interface=qsfpplus2-3
add bridge=bridge interface=qsfpplus2-4
/interface bridge vlan
add bridge=br_vlan comment="Storage Networks" tagged=\
    sfp-sfpplus24 untagged=sfp-sfpplus1,sfp-sfpplus2 vlan-ids=10
add bridge=br_vlan comment="Backup Networks" tagged=sfp-sfpplus24 \
    untagged=sfp-sfpplus3,sfp-sfpplus4 vlan-ids=20
add bridge=br_vlan comment="Overlay Networks" untagged=\
    sfp-sfpplus5,sfp-sfpplus6 vlan-ids=30
/interface list member
add interface=ether1 list=WAN
add interface=sfp-sfpplus1 list=LAN
add interface=sfp-sfpplus2 list=LAN
add interface=sfp-sfpplus3 list=LAN
add interface=sfp-sfpplus4 list=LAN
add interface=sfp-sfpplus5 list=LAN
add interface=sfp-sfpplus6 list=LAN
add interface=sfp-sfpplus7 list=LAN
add interface=sfp-sfpplus8 list=LAN
add interface=sfp-sfpplus9 list=LAN
add interface=sfp-sfpplus10 list=LAN
add interface=sfp-sfpplus11 list=LAN
add interface=sfp-sfpplus12 list=LAN
add interface=sfp-sfpplus13 list=LAN
add interface=sfp-sfpplus14 list=LAN
add interface=sfp-sfpplus15 list=LAN
add interface=sfp-sfpplus16 list=LAN
add interface=sfp-sfpplus17 list=LAN
add interface=sfp-sfpplus18 list=LAN
add interface=sfp-sfpplus19 list=LAN
add interface=sfp-sfpplus20 list=LAN
add interface=sfp-sfpplus21 list=LAN
add interface=sfp-sfpplus22 list=LANR3868ink27
add interface=sfp-sfpplus23 list=LAN
add interface=sfp-sfpplus24 list=LAN
add interface=qsfpplus1-1 list=LAN
add interface=qsfpplus1-2 list=LAN
add interface=qsfpplus1-3 list=LAN
add interface=qsfpplus1-4 list=LAN
add interface=qsfpplus2-1 list=LAN
add interface=qsfpplus2-2 list=LAN
add interface=qsfpplus2-3 list=LAN
add interface=qsfpplus2-4 list=LAN
/ip address
add address=192.168.0.1/22 interface=sfp-sfpplus1 network=192.168.0.0
/ip dns
set servers=8.8.8.8
/ip route
add distance=1 gateway=192.168.0.254
/system clock
set time-zone-name=Asia/Kuala_Lumpur
/system identity
set name=SW1
/system routerboard settings
set boot-os=router-os

SW2 configation
# jun/24/2022 17:43:10 by RouterOS 6.49.6
# software id = MVP0-1WM2
#
# model = CRS326-24S+2Q+
# serial number = xxxxxxxxxxx2
/interface bridge
add name=br_vlan vlan-filtering=yes
add name=bridge1
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface bridge port
add bridge=br_vlan interface=ether1
add bridge=br_vlan frame-types=admit-only-untagged-and-priority-tagged \
    interface=sfp-sfpplus1 pvid=10
add bridge=br_vlan frame-types=admit-only-untagged-and-priority-tagged \
    interface=sfp-sfpplus2 pvid=10
add bridge=br_vlan frame-types=admit-only-untagged-and-priority-tagged \
    interface=sfp-sfpplus3 pvid=20
add bridge=br_vlan frame-types=admit-only-untagged-and-priority-tagged \
    interface=sfp-sfpplus4 pvid=20
add bridge=br_vlan frame-types=admit-only-untagged-and-priority-tagged \
    interface=sfp-sfpplus5 pvid=30
add bridge=br_vlan frame-types=admit-only-untagged-and-priority-tagged \
    interface=sfp-sfpplus6 pvid=30
add bridge=br_vlan interface=sfp-sfpplus7
add bridge=br_vlan interface=sfp-sfpplus8
add bridge=br_vlan interface=sfp-sfpplus9
add bridge=br_vlan interface=sfp-sfpplus10
add bridge=br_vlan interface=sfp-sfpplus11
add bridge=br_vlan interface=sfp-sfpplus12
add bridge=br_vlan interface=sfp-sfpplus13
add bridge=br_vlan interface=sfp-sfpplus14
add bridge=br_vlan interface=sfp-sfpplus15
add bridge=br_vlan interface=sfp-sfpplus16
add bridge=br_vlan interface=sfp-sfpplus17
add bridge=br_vlan interface=sfp-sfpplus18
add bridge=br_vlan interface=sfp-sfpplus19
add bridge=br_vlan interface=sfp-sfpplus20
add bridge=br_vlan interface=sfp-sfpplus21
add bridge=br_vlan interface=sfp-sfpplus22
add bridge=br_vlan interface=sfp-sfpplus23
add bridge=br_vlan frame-types=admit-only-vlan-tagged interface=sfp-sfpplus24
add bridge=br_vlan interface=qsfpplus1-1
add bridge=br_vlan interface=qsfpplus1-2
add bridge=br_vlan interface=qsfpplus1-3
add bridge=br_vlan interface=qsfpplus1-4
add bridge=br_vlan interface=qsfpplus2-1
add bridge=br_vlan interface=qsfpplus2-2
add bridge=br_vlan interface=qsfpplus2-3
add bridge=br_vlan interface=qsfpplus2-4
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface bridge vlan
add bridge=br_vlan comment="Storage Networks" tagged=\
    sfp-sfpplus24 untagged=sfp-sfpplus1,sfp-sfpplus2 vlan-ids=10
add bridge=br_vlan comment="Backup Networks" tagged=sfp-sfpplus24 \
    untagged=sfp-sfpplus3,sfp-sfpplus4 vlan-ids=20
add bridge=br_vlan comment="Overlay Networks" untagged=\
    sfp-sfpplus5,sfp-sfpplus6 vlan-ids=30
/interface list member
add interface=ether1 list=WAN
add interface=sfp-sfpplus1 list=LAN
add interface=sfp-sfpplus2 list=LAN
add interface=sfp-sfpplus3 list=LAN
add interface=sfp-sfpplus4 list=LAN
add interface=sfp-sfpplus5 list=LAN
add interface=sfp-sfpplus6 list=LAN
add interface=sfp-sfpplus7 list=LAN
add interface=sfp-sfpplus8 list=LAN
add interface=sfp-sfpplus9 list=LAN
add interface=sfp-sfpplus10 list=LAN
add interface=sfp-sfpplus11 list=LAN
add interface=sfp-sfpplus12 list=LAN
add interface=sfp-sfpplus13 list=LAN
add interface=sfp-sfpplus14 list=LAN
add interface=sfp-sfpplus15 list=LAN
add interface=sfp-sfpplus16 list=LAN
add interface=sfp-sfpplus17 list=LAN
add interface=sfp-sfpplus18 list=LAN
add interface=sfp-sfpplus19 list=LAN
add interface=sfp-sfpplus20 list=LAN
add interface=sfp-sfpplus21 list=LAN
add interface=sfp-sfpplus22 list=LAN
add interface=sfp-sfpplus23 list=LAN
add interface=sfp-sfpplus24 list=LAN
add interface=qsfpplus1-1 list=LAN
add interface=qsfpplus1-2 list=LAN
add interface=qsfpplus1-3 list=LAN
add interface=qsfpplus1-4 list=LAN
add interface=qsfpplus2-1 list=LAN
add interface=qsfpplus2-2 list=LAN
add interface=qsfpplus2-3 list=LAN
add interface=qsfpplus2-4 list=LAN
/ip address
add address=192.168.0.2/22 interface=sfp-sfpplus1 network=192.168.0.0
/ip dhcp-client
add interface=bridge1
/ip dns
set servers=8.8.8.8
/ip route
add distance=1 gateway=192.168.0.254
/system clock
set time-zone-name=Asia/Kuala_Lumpur
/system identity
set name=SW2
/system routerboard settings
set boot-os=router-os
 
raid3868
just joined
Topic Author
Posts: 6
Joined: Sat Jun 25, 2022 7:01 am

Re: Mikrotik CRS326-24S+2Q+RM VLAN Configuration

Mon Jun 27, 2022 7:17 am

Hi,
I manage to get it work with SWOS can put both management port to my production network to monitor, but still cannot find a way to make work with RouterOS 6.49.6. anyone can make it work.?

Thank you.
 
AidanAus
Member Candidate
Member Candidate
Posts: 177
Joined: Wed May 08, 2019 7:35 am
Location: Australia
Contact:

Re: Mikrotik CRS326-24S+2Q+RM VLAN Configuration

Tue Jun 28, 2022 7:55 am

can you please confirm what you mean by management interface? are you connecting the 100mbps ports together or the serial ports? the one labelled management will be a serial connection and will need a serial cable to pass data through correctly (they have different pin outs than cross over cable etc)
If you are talking about the 1gb interface I can see that the interface has a PVID but it is not being untagged on egress?
I guess it would be better to let us know the behaviour you would like out of this or what you are trying to achieve so we might be able to suggest how to set this up better.

if you want a general guide on how to set up vlans I would suggest looking over Mikrotiks wiki:
https://wiki.mikrotik.com/wiki/Manual:Bridge_VLAN_Table

I think the 3 main things to understand is:

access port: set the PVID on the port under bridge>port>open up the port and go to the vlan tab, doing so will tag the traffic on ingress(coming into the port), from there we will also need to go to the bridge>vlans table and set the same port we set the pvid on as an untagged port to remove the vlan tag on egress. This will make it so the traffic going out that interface going to the end device will not have a vlan tag but when the end device sends traffic back through this port it will be tagged.

trunk port: most devices by default config will leave the vlan headers as is but if oyu want to be 100% sure or if you would like to do more advanced configuration. easy way to make sure the traffic is tagged through this port is by going to bridge>vlan and specifying the tagged vlan

Getting access to the CPU/bringing traffic out of the bridge: setting up the vlans through the bridge wont allow you to do things like put a DHCP server through the vlans or even get to the management of the device. To bring this traffic out of the bridge what you will need to do is go to the bridge>vlan table and set bridge interface as a tagged port, from there you will then need to go to your normal interface list, click the add button then select vlan, in here you will need to add it to the bridge with the same vlan id.
Once this has been set up you will be able to add things like ip addresses, dhcp-server/client etc on that interface>vlan and it should carry through on that vlan network but not the others in the same bridge:)
 
raid3868
just joined
Topic Author
Posts: 6
Joined: Sat Jun 25, 2022 7:01 am

Re: Mikrotik CRS326-24S+2Q+RM VLAN Configuration

Thu Jun 30, 2022 8:58 am

Hi Aidrian,

Thank for your kind reply. I connected to the 10/100mb Ethernet port.

Diagram
https://ibb.co/Ycp4jD8

Tks
 
raid3868
just joined
Topic Author
Posts: 6
Joined: Sat Jun 25, 2022 7:01 am

Re: Mikrotik CRS326-24S+2Q+RM VLAN Configuration

Fri Jul 01, 2022 6:40 am

After testing SWOS on CRS326-24S2Q+RM with 3 vlan and snmp enable. Found that the 100mb port(for management) ping keep disconnect for 10 ping and connect back again. this is happen when have traffic pass though the sfp port(10gb sfpplus). etc copying file for pc to pc. (pc with 1gb port). alos if monitor via http://ip-to-crs326 it will complain lost connection.

This is motoring with snmp (ICMP loss) via zabbix

Any idea with this.? if this may happen to all port? Will corrupts data when transmitting data.?

Tks
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 2990
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: Mikrotik CRS326-24S+2Q+RM VLAN Configuration

Fri Jul 01, 2022 8:17 am

mgmt port is not part of the switch-chip if you bridge it can be problematic
 
raid3868
just joined
Topic Author
Posts: 6
Joined: Sat Jun 25, 2022 7:01 am

Re: Mikrotik CRS326-24S+2Q+RM VLAN Configuration

Fri Jul 01, 2022 10:02 am

Hi chechito,

Thank for reply, but using SWOS you dont have any place to configure bridge, all is default you can only configure IP at system.

Tks
 
raid3868
just joined
Topic Author
Posts: 6
Joined: Sat Jun 25, 2022 7:01 am

Re: Mikrotik CRS326-24S+2Q+RM VLAN Configuration

Fri Jul 01, 2022 12:22 pm

Hi

Just again do some testing with SWOS when i attach a cable(RJ45) to a empty sfpplus-port22(10GB) with no vlan setup. and connect to my production switch. My laptop connected to the production switch from there i can ping the CRS326 and use webui. but it break all vlan. all host in respect vlan become unreachable. the i remove the cable from sfpplus-port22, all vlan are back to normal which is can ping with responses. When the cable attached at 100mb it don't break the vlan.

What is going wrong here.

Tks

Who is online

Users browsing this forum: jaclaz and 46 guests