Community discussions

User avatar
just joined
Topic Author
Posts: 20
Joined: Tue Jun 28, 2016 11:56 pm

Post 6.41 VLAN setup

Sun Jul 08, 2018 3:48 pm

Currently running a bridge based VLAN setup, different bridges per VLAN (br-vlan-15 etc).

Seems I should simplify this setup after 6.41.

Not running on a CRS3xx (but on RB3011 and hAP AC), I'm trying to figure out how I should set it up.

According to the Switch Chip Featues page ( ... p_Features),
it seems turning on VLAN filtering on the bridge, will turn off HW offload.

So, after defining/adding the VLAN's in /interface vlan, then instead of defining the rest of the VLAN stuff in the /interface bridge section, I should use /interface ethernet switch?

(A couple of references, background to why I'm asking: viewtopic.php?f=13&hilit=vlan%20switch& ... 0&t=136440 and ... t/e1yq1v7/)
flips 8)
Frequent Visitor
Frequent Visitor
Posts: 68
Joined: Thu Sep 14, 2017 8:53 pm
Location: UK

Re: Post 6.41 VLAN setup

Mon Jul 09, 2018 1:57 am

No guarentee this is best practice and I'm happy for any of the experts out there to point out what I'm doing wrong, but below is an extract of a working config from a CRS125 using the switch chip to provide HW offload on the bridge for wirespeed switching with VLANs.

Note however than I don't do any routing on the switch at all, it is all done in a seperate router (ether1 goes to the router for VLAN 100, ether21 for VLAN 200 and ether23 for vlan 300) , so this will only point you in the correct direction for the switch chip. You will still have some work to do to get this working for routing between the VLANs to suit your needs:-)

I used to have config for egress-vlan=translation too, but looking at recent Wiki examples they didn't use it, so I have removed for now. It's working, but someone might explain why you should or shouldn't use it. I'd love to know and then I might need to change my config
# model = CRS125-24G-1S
/interface bridge
add comment="Bridge For Switch Chip HW Offload" name=bridge1 protocol-mode=\
/interface ethernet
set [ find default-name=ether1 ] comment="vlan 100 - Router - Main Network"
set [ find default-name=ether21 ] comment="vlan 200 - Router - Other Network"
set [ find default-name=ether22 ] comment="vlan 200 - Access Port"
set [ find default-name=ether23 ] comment="vlan 300 - Router - Guest Network"
set [ find default-name=ether24 ] comment="vlan 300 - Access Port"

/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
#  and so on for other interfaces

/interface ethernet switch egress-vlan-tag
add tagged-ports=ether17,ether18,ether19,ether20 vlan-id=100
add tagged-ports=ether17,ether18,ether19,ether20 vlan-id=200
add tagged-ports=ether17,ether18,ether19,ether20 vlan-id=300
/interface ethernet switch ingress-vlan-translation
add new-customer-vid=100 ports=ether1,ether2,ether3,ether4,ether5,ether6,\
add new-customer-vid=200 ports=ether21,ether22
add new-customer-vid=300 ports=ether23,ether24
/interface ethernet switch vlan
add ports=ether17,ether18,ether19,ether20,ether23,ether24,switch1-cpu \
add ports=ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8\
    ,ether19,ether20,switch1-cpu vlan-id=100
add ports=ether17,ether18,ether19,ether20,ether21,ether22,switch1-cpu \
/ip address
add address= interface=bridge1 network=
/ip route
add distance=1 gateway=

Who is online

Users browsing this forum: No registered users and 106 guests