Community discussions

MikroTik App
 
gotsprings
Forum Guru
Forum Guru
Topic Author
Posts: 2087
Joined: Mon May 14, 2012 9:30 pm

CRS3xx config

Tue Nov 22, 2022 4:43 pm

Only had a few hours to swap out the network in bar last night... World Cup has some of them staying open 24 hours...

Couldn't get my Usual EdgeSwitch for months now. So i am getting more comfortable in Tik Switching...

Any glaring mistakes???

Port 24 is the uplink to Tik router.
Ports 1 and 2 are the wireless access points serving 3 SSIDS
Other Ports are specific to what's been plugged in...
[admin@RouterOS] > export
# nov/22/2022 09:26:16 by RouterOS 7.6
# model = CRS328-24P-4S+
# serial number = NotAF--kingChance
/interface bridge
add admin-mac=18:FD:74:xx:xx:xx auto-mac=no comment=defconf ingress-filtering=\
    no name=bridge vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] comment="Office H550"
set [ find default-name=ether2 ] comment="Floor R650"
set [ find default-name=ether3 ] disabled=yes
set [ find default-name=ether4 ] disabled=yes
set [ find default-name=ether5 ] disabled=yes
set [ find default-name=ether6 ] disabled=yes
set [ find default-name=ether7 ] disabled=yes
set [ find default-name=ether8 ] disabled=yes
set [ find default-name=ether9 ] comment="POS Switch"
set [ find default-name=ether10 ] comment="POS Port D25"
set [ find default-name=ether11 ] disabled=yes
set [ find default-name=ether12 ] disabled=yes
set [ find default-name=ether13 ] disabled=yes
set [ find default-name=ether14 ] comment="Verizon Router" disabled=yes
set [ find default-name=ether15 ] comment="Back of House Switch"
set [ find default-name=ether16 ] comment="Camera Switch 15"
set [ find default-name=ether17 ] disabled=yes
set [ find default-name=ether18 ] disabled=yes
set [ find default-name=ether19 ] disabled=yes
set [ find default-name=ether20 ] disabled=yes
set [ find default-name=ether21 ] disabled=yes
set [ find default-name=ether22 ] disabled=yes
set [ find default-name=ether23 ] disabled=yes
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/port
set 0 name=serial0
/interface bridge port
add bridge=bridge comment=defconf ingress-filtering=no interface=ether1
add bridge=bridge comment=defconf ingress-filtering=no interface=ether2
add bridge=bridge comment=defconf ingress-filtering=no interface=ether3
add bridge=bridge comment=defconf ingress-filtering=no interface=ether4
add bridge=bridge comment=defconf ingress-filtering=no interface=ether5
add bridge=bridge comment=defconf ingress-filtering=no interface=ether6
add bridge=bridge comment=defconf ingress-filtering=no interface=ether7
add bridge=bridge comment=defconf ingress-filtering=no interface=ether8
add bridge=bridge comment=defconf ingress-filtering=no interface=ether9 pvid=\
    100
add bridge=bridge comment=defconf ingress-filtering=no interface=ether10 pvid=\
    100
add bridge=bridge comment=defconf ingress-filtering=no interface=ether11
add bridge=bridge comment=defconf ingress-filtering=no interface=ether12
add bridge=bridge comment=defconf ingress-filtering=no interface=ether13
add bridge=bridge comment=defconf ingress-filtering=no interface=ether14
add bridge=bridge comment=defconf ingress-filtering=no interface=ether15 pvid=\
    10
add bridge=bridge comment=defconf ingress-filtering=no interface=ether16 pvid=\
    10
add bridge=bridge comment=defconf ingress-filtering=no interface=ether17
add bridge=bridge comment=defconf ingress-filtering=no interface=ether18
add bridge=bridge comment=defconf ingress-filtering=no interface=ether19
add bridge=bridge comment=defconf ingress-filtering=no interface=ether20
add bridge=bridge comment=defconf ingress-filtering=no interface=ether21
add bridge=bridge comment=defconf ingress-filtering=no interface=ether22
add bridge=bridge comment=defconf ingress-filtering=no interface=ether23
add bridge=bridge comment=defconf ingress-filtering=no interface=ether24
add bridge=bridge comment=defconf ingress-filtering=no interface=sfp-sfpplus1
add bridge=bridge comment=defconf ingress-filtering=no interface=sfp-sfpplus2
add bridge=bridge comment=defconf ingress-filtering=no interface=sfp-sfpplus3
add bridge=bridge comment=defconf ingress-filtering=no interface=sfp-sfpplus4
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes
/interface bridge vlan
add bridge=bridge tagged=ether1,ether2,ether24 untagged=ether15,ether16 \
    vlan-ids=10
add bridge=bridge tagged=ether1,ether2,ether24 untagged=ether9,ether10 \
    vlan-ids=100
add bridge=bridge tagged=ether1,ether2,ether24 vlan-ids=76
/interface ovpn-server server
set auth=sha1,md5
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
    192.168.88.0
/ip dhcp-client
add interface=bridge
/system clock
set time-zone-name=America/New_York
/system identity
set name=RouterOS
/system routerboard settings
set boot-os=router-os
/tool romon
set enabled=yes
[admin@RouterOS] > 

 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 2989
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: CRS3xx config

Tue Nov 22, 2022 5:41 pm

i think is a good practice to enable ingress filtering on each interface in
/interface bridge port
 
biomesh
Long time Member
Long time Member
Posts: 561
Joined: Fri Feb 10, 2012 8:25 pm

Re: CRS3xx config

Tue Nov 22, 2022 8:56 pm

I also create a vlan interface assigned to the bridge which will have the management IP.
/interface vlan
add interface=bridge1 name=vlan88 vlan-id=88
/ip address
add address=192.168.88.1/24 comment=defconf interface=vlan88 network=\
    192.168.88.0
/interface bridge vlan
add bridge=bridge tagged=bridge1,ether24 vlan-ids=88
 
gotsprings
Forum Guru
Forum Guru
Topic Author
Posts: 2087
Joined: Mon May 14, 2012 9:30 pm

Re: CRS3xx config

Fri Nov 25, 2022 6:50 pm

Thanks for the insight.

Who is online

Users browsing this forum: No registered users and 51 guests