Community discussions

MikroTik App
 
davidreaton
just joined
Topic Author
Posts: 22
Joined: Thu Oct 02, 2014 12:21 am

VLANs in CRS125-24G-1S-2HnD-IN switch

Tue Dec 22, 2015 3:43 am

I just purchased the CRS125-24G-1S-2HnD-IN Cloud Router Switch, and am having some VLAN issues. Let me describe what I want to do.

Currently, I have several RB951G-2HnD set up as bridged access points. 2 VLANs are created here (tagged 10 and 20), in addition to the default network (Default VLAN tag). These three VLANs, created at the APs, are passed through a crappy Netgear switch to my Cloud core router. The VLAN tags are maintained through the switch, and IP addresses are assigned to connected wireless devices from the appropriate IP pools on the CCR.

I want to replace the Netgear switch with the new CRS. I want to pass the tagged VLANs from the APs to the eth1 trunk port. In addition, I want to assign selected physical ports on the CRS, to one of either VLAN 10 or 20, and trunk this traffic, along with the traffic from the APs, to the same eth1 trunk port. I've got a configuration that works, but not well. I'm asking the members of this forum to look at this config, and help me do better. In this config, I want to pass all the tagged traffic from the AP (connected to port 24). I'm assigning eth16 to VLAN=20. Comments appreciated.

My configuration is:

# dec/21/2015 17:02:00 by RouterOS 6.33.3
# software id = F6NV-WTX1
#
/interface bridge
add admin-mac=4C:5E:0C:92:04:C5 auto-mac=no name=bridge-local
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=\
MikroTik-9204DD wireless-protocol=802.11
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway
set [ find default-name=ether2 ] name=ether2-master-local
set [ find default-name=ether3 ] master-port=ether2-master-local name=\
ether3-slave-local
set [ find default-name=ether4 ] master-port=ether2-master-local name=\
ether4-slave-local
set [ find default-name=ether5 ] master-port=ether2-master-local name=\
ether5-slave-local
set [ find default-name=ether6 ] master-port=ether2-master-local name=\
ether6-slave-local
set [ find default-name=ether7 ] master-port=ether2-master-local name=\
ether7-slave-local
set [ find default-name=ether8 ] master-port=ether2-master-local name=\
ether8-slave-local
set [ find default-name=ether9 ] master-port=ether2-master-local name=\
ether9-slave-local
set [ find default-name=ether10 ] master-port=ether2-master-local name=\
ether10-slave-local
set [ find default-name=ether11 ] master-port=ether2-master-local name=\
ether11-slave-local
set [ find default-name=ether12 ] master-port=ether2-master-local name=\
ether12-slave-local
set [ find default-name=ether13 ] master-port=ether2-master-local name=\
ether13-slave-local
set [ find default-name=ether14 ] master-port=ether2-master-local name=\
ether14-slave-local
set [ find default-name=ether15 ] master-port=ether2-master-local name=\
ether15-slave-local
set [ find default-name=ether16 ] master-port=ether2-master-local name=\
ether16-slave-local
set [ find default-name=ether17 ] master-port=ether2-master-local name=\
ether17-slave-local
set [ find default-name=ether18 ] master-port=ether2-master-local name=\
ether18-slave-local
set [ find default-name=ether19 ] master-port=ether2-master-local name=\
ether19-slave-local
set [ find default-name=ether20 ] master-port=ether2-master-local name=\
ether20-slave-local
set [ find default-name=ether21 ] master-port=ether2-master-local name=\
ether21-slave-local
set [ find default-name=ether22 ] master-port=ether2-master-local name=\
ether22-slave-local
set [ find default-name=ether23 ] master-port=ether2-master-local name=\
ether23-slave-local
set [ find default-name=ether24 ] master-port=ether2-master-local name=\
ether24-slave-local
set [ find default-name=sfp1 ] master-port=ether2-master-local name=\
sfp1-slave-local
/ip neighbor discovery
set ether1-gateway discover=no
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/interface bridge port
add bridge=bridge-local interface=ether2-master-local
add bridge=bridge-local interface=wlan1
add bridge=bridge-local interface=ether1-gateway
/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=20 ports=ether16-slave-local
/ip address
add address=192.168.88.9/24 comment="default configuration" interface=\
ether2-master-local network=192.168.88.0
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.9 name=router
/ip firewall filter
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=\
established,related
# in/out-interface matcher not possible when interface (ether1-gateway) is slave - use master instead (bridge-local)
add action=drop chain=input comment="default configuration" in-interface=\
ether1-gateway
add action=fasttrack-connection chain=forward comment="default configuration" \
connection-state=established,related
add chain=forward comment="default configuration" connection-state=\
established,related
add action=drop chain=forward comment="default configuration" \
connection-state=invalid
# in/out-interface matcher not possible when interface (ether1-gateway) is slave - use master instead (bridge-local)
add action=drop chain=forward comment="default configuration" \
connection-nat-state=!dstnat connection-state=new in-interface=\
ether1-gateway
/ip firewall nat
# in/out-interface matcher not possible when interface (ether1-gateway) is slave - use master instead (bridge-local)
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=ether1-gateway
/ip route
add distance=1 gateway=192.168.88.1
/system clock
set time-zone-name=America/Chicago
/system ntp client
set enabled=yes primary-ntp=38.229.71.1 secondary-ntp=206.108.0.131
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
add interface=ether6-slave-local
add interface=ether7-slave-local
add interface=ether8-slave-local
add interface=ether9-slave-local
add interface=ether10-slave-local
add interface=ether11-slave-local
add interface=ether12-slave-local
add interface=ether13-slave-local
add interface=ether14-slave-local
add interface=ether15-slave-local
add interface=ether16-slave-local
add interface=ether17-slave-local
add interface=ether18-slave-local
add interface=ether19-slave-local
add interface=ether20-slave-local
add interface=ether21-slave-local
add interface=ether22-slave-local
add interface=ether23-slave-local
add interface=ether24-slave-local
add interface=sfp1-slave-local
add interface=wlan1
add interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
add interface=ether6-slave-local
add interface=ether7-slave-local
add interface=ether8-slave-local
add interface=ether9-slave-local
add interface=ether10-slave-local
add interface=ether11-slave-local
add interface=ether12-slave-local
add interface=ether13-slave-local
add interface=ether14-slave-local
add interface=ether15-slave-local
add interface=ether16-slave-local
add interface=ether17-slave-local
add interface=ether18-slave-local
add interface=ether19-slave-local
add interface=ether20-slave-local
add interface=ether21-slave-local
add interface=ether22-slave-local
add interface=ether23-slave-local
add interface=ether24-slave-local
add interface=sfp1-slave-local
add interface=wlan1
add interface=bridge-local

Who is online

Users browsing this forum: Bing [Bot], keithy and 48 guests