Community discussions

MikroTik App
 
vizi0n
just joined
Topic Author
Posts: 3
Joined: Thu Dec 08, 2022 2:29 am

Unable to get VLANs working on CRS305 with RouterOS 7.6

Thu Dec 08, 2022 2:48 am

mikrotik crs305 config.rsc
Hello Mikrotikers,

First time user here. I'm used to Cisco and Juniper stuff, but I have never used a Mikrotik device before. I'm kind of lost in the VLAN configuration of the box.

I would like to use it as an aggregation switch for different devices within my home but I can't get the VLAN trunks and access ports to work correctly.

I've read some docs online, watched Youtube videos, but it seems like some stuff doesnt work because everytime I hook up my trunk cables I completely lose access, and nothing works (the data doesn't pass through the switch, and management doesnt work anymore either). I have a Cisco switch on SFP3 and another one on SFP4, and routers on SFP1 and SFP2

Topology:

VLAN 1 : ACCESS on ETH0 and SFP1 // TRUNK on ports SFP3 and SFP4 (Management + my own computers)
VLAN 402-406 : TRUNK on SFP2, SFP3 and SFP4 (Segregated access to different people/devices in the house)
VLAN 407-4094 : TRUNK on SFP3 and SFP4 (other VLANs for random work stuff and tests)

I have tried assigning the IP address to VLAN-1 but it doesn't ping from the switch. If I set the IP to port ETH0, then it can ping from terminal

I'm attaching my config file that I have so far. Any help would be appreciated !
You do not have the required permissions to view the files attached to this post.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11433
Joined: Thu Mar 03, 2016 10:23 pm

Re: Unable to get VLANs working on CRS305 with RouterOS 7.6

Thu Dec 08, 2022 9:14 am

In general terms, @pcunite prepared a really good tutorial on how to do VLANs properly ... it includes example of switch configuration. Another good tutorial by @sindy explains different bridge personalities.

In short: bridge is a "switch-like" entity and a port (of the switch-like entity). Whatever you do with bridge port, specially with regards to VLANs, you have to configure it explicitly, just the way you do for other bridge ports. Default (all over ROS) config is to have all bridge ports configured with PVID=1 (which makes using VID 1 explicitly somehow dangerous as one has to be very careful to configure things correctly). In your case you should be able to set management IP address to bridge port directly as it's (by default, implicitly) set as access port with PVID=1.

Another general lesson: as soon as physical port becomes part of bridge, you should not configure any L3 stuff on it ... you have to use bridge port for that. ROS doesn't block it but it's wrong anyway. At the same time you have to add bridge port to appropriate interface list (basic distinction between interface and port is that port is L2 entity while interface is L3 entity - based on L2 entity and assumes same name).


BTW, the admin-mac property of bridge is invalid, it should be colon-separated octets but first field in your config is word-sized (dea ... should be de).
 
vizi0n
just joined
Topic Author
Posts: 3
Joined: Thu Dec 08, 2022 2:29 am

Re: Unable to get VLANs working on CRS305 with RouterOS 7.6

Thu Dec 08, 2022 7:58 pm

Thanks for your reply @mkx

Yes the MAC was wrong as I did a typo when redacting the MAC. The color coding I found for Notepad++ is way too light and I can't see a thing. I'll look into modifying that.

About the tutorials, I did try to adapt to my needs and ports of the CSR305, and apart from completely losing access to the device, I was not able to achieve much so far.
 
vizi0n
just joined
Topic Author
Posts: 3
Joined: Thu Dec 08, 2022 2:29 am

Re: Unable to get VLANs working on CRS305 with RouterOS 7.6

Fri Dec 09, 2022 6:34 am

I was finally able to get a working configuration as I wanted. I don't exactly know what was different as I followed the same steps, but from a blank device that had not bridged ports by itself after the factory reset.

For what it's worth, I will leave it here if anybody needs an example and finds this post

ETH1 : disabled
SFP1 : access VLAN 1
SFP2 : trunk VLAN 400-409
SFP3 : trunk VLAN 1,400-4000
SFP4 : trunk VLAN 1,400-4000
management on VLAN 1 and VLAN 402
/interface bridge
add ingress-filtering=no name=bridge vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] disabled=yes
/interface vlan
add interface=bridge name=VLAN-402 vlan-id=402
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/port
set 0 name=serial0
/interface bridge port
add bridge=bridge comment=sfp-sfpplus1 interface=sfp-sfpplus1
add bridge=bridge comment=sfp-sfpplus2 frame-types=admit-only-vlan-tagged interface=sfp-sfpplus2
add bridge=bridge comment=sfp-sfpplus3 frame-types=admit-only-vlan-tagged interface=sfp-sfpplus3
add bridge=bridge comment=sfp-sfpplus4 frame-types=admit-only-vlan-tagged interface=sfp-sfpplus4
add bridge=bridge interface=ether1
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface bridge vlan
add bridge=bridge tagged=sfp-sfpplus3,sfp-sfpplus4 untagged=ether1,sfp-sfpplus1 vlan-ids=1
add bridge=bridge tagged=sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4 vlan-ids=400-409
add bridge=bridge tagged=sfp-sfpplus3,sfp-sfpplus4 vlan-ids=410-4000
/ip address
add address=10.40.0.3/24 interface=bridge network=10.40.0.0
add address=10.40.2.3/24 interface=VLAN-402 network=10.40.2.0
/system identity
set name=CRS305
/system routerboard settings
set boot-os=router-os
/system swos
set allow-from-ports=p1,p2,p3,p4,p5 identity=MikroTik

Who is online

Users browsing this forum: BioMax and 41 guests