Proud new owner of CRS312-4C+8XG-RM. Relatively newbie in networking, first managed switch which I got for more segragation of devices and opportunity to learn.
Trying to configure a relatively simple topology, here's a simple schematic of what I've got:
Goals
- Main trusted, wired devices in blue = vlan10
- Wireless devices in green = vlan20
- DHCP server for vlan10 with IPs from pool
- DHCP server for vlan20 with IPs from pool
- Only some wireless devices within vlan20 should be able to reach devices in vlan10 (e.g. laptop or tablet reading NAS)
What I Tried
I've tried several configurations, mainly inspired/educated from pcunit's great article viewtopic.php?f=23&t=143620, although I admit it was a little unclear which scenario best fitted me (as some setups gave seperate config for both switch and router). In essence, I did the following:
- Created a new bridge
- Created vlan10
- Created vlan20
- Assigned both vlans to new bridge
- Assigned interfaces (e.g. ether2) to new bridge and set PVID
- Created 2 address pools for each of 2 new DHCP servers to consume from
- Finally set VLAN filtering
Main problems I faced
- Could not get DHCP serving to work on VLAN (so I could lease an IP from pool specific for the VLAN on which the interface (device) was associated
- When DHCP was set to vlan10 (rather than bridge), could not reach DHCP server when doing ipconfig /renew
- When enabling VLAN filtering lost all connection to switch and had to hard reset - there's probably a smart way to manage this like management interface?
What I didn't try/would like to achieve/unclear:
- Having the switch do the NAT rather than ISP-provided router
- Whitelisting wireless devices like iPad consuming from wired devices like NAS
- ISP-router address space curreently 192.168..1.1/24. Can I have Mikrotik address pools as 10.10.0.0/24 (say vlan10) and 10.20.0.0/24 (vlan20) and it would work/transate with the router address space?
Appreciate the above is lacking in detail, and no export of config file, given I've had to go back to default config at end of weekend to use internet connectivity for day job. WIll happily try again, and share config, but would REALLY REALLY appreciate some further inspiration and support. I also appreicate that taking this leap into such a managed switch is one of faith for the learning and flexibility/power it offers.
Thanks so much for any help / tips
EDIT: Corrected icons used for router & switch