Community discussions

MikroTik App
 
Sliwa
just joined
Topic Author
Posts: 1
Joined: Wed Mar 15, 2023 11:22 pm

Best VLANs config on RB5009 with 2x CRS326-24G-2S+RM

Thu Mar 16, 2023 3:01 pm

How to best VLANs config on RB5009 with 2x CRS326-24G-2S+RM?

I currently have no vlans configured, everything works in one old network.

10.161.0.1 Router (10.161.0.0/24)
Router eth1-WAN_port, eth2-eth7-bridge_lan, eth8-no bridge port off
Router eth2 -> eth1 SW1_CRS326 10.161.0.2/24
Router eth3 -> eth1 SW2_CRS326 10.161.0.3/24

Interface Lists
LAN - bridge_lan
WAN - eth1

On Router
Interfaces - VLAN - New Interface
name: vlan5-mgmt, vlan id:5, Interface: bridge_lan IP-Address: 172.16.5.1/24 Interface:vlan5-mgmt
name: vlan10, vlan id:10, Interface: bridge_lan IP-Address: 10.161.0.1/24 Interface:vlan10
name: vlan20, vlan id:20, Interface: bridge_lan IP-Address: 192.168.20.1/24 Interface:vlan20
name: vlan30, vlan id:30, Interface: bridge_lan IP-Address: 192.168.30.1/24 Interface:vlan30

IP - DHCP Server - DHCP Setup
DHCP Server Interface: vlan5, DHCP Address Space: 172.16.5.0/24, Gateway: 172.16.5.1 Addresses to Give Out: 172.16.5.50-172.16.5.52, DNS 8.8.8.8,8.8.4.4
DHCP Server Interface: vlan10, DHCP Address Space: 10.161.0.0/24, Gateway: 10.161.0.1 Addresses to Give Out: 10.161.0.100-10.161.0.180, DNS 8.8.8.8,8.8.4.4
DHCP Server Interface: vlan20, DHCP Address Space: 192.168.20.0/24, Gateway: 192.168.20.1 Addresses to Give Out: 192.168.20.100-192.168.20.180, DNS 8.8.8.8,8.8.4.4
DHCP Server Interface: vlan30, DHCP Address Space: 192.168.30.0/24, Gateway: 192.168.30.1 Addresses to Give Out: 192.168.30.100-192.168.30.180, DNS 8.8.8.8,8.8.4.4

I have set on both switches:
Bridge - New Interface - "bridge_lan", Add all Ports for them.
Then in Bridge - VLANs tab - New Bridge - VLANs
VLAN IDs: 5, Tagged: eth1, bridge_lan, Untagged: - noone
VLAN IDs: 10, Tagged: eth1, Untagged: eth2-eth14
VLAN IDs: 20, Tagged: eth1, Untagged: eth15-eth20
VLAN IDs: 30, Tagged: eth1, Untagged: eth21-eth24

Bridge - Ports
eth1 - dont do nothing PVID 1 default
eth2-eth14 PVID:10, Frame Types: admit all
eth15-eth20 PVID:20, Frame Types: admit all
eth21-eth24 PVID:30, Frame Types: admit all

Interfaces - VLAN - New Interface - Name:vlan5-mgmt, VLAN ID: 5, Interface: bridge_lan

SW1_CRS326 IP - Adresses - New Address - 172.16.5.2/24 Interface: vlan5-mgmt
SW2_CRS326 IP - Adresses - New Address - 172.16.5.3/24 Interface: vlan5-mgmt

SW1/S2 IP - Routes - New Route - Gateway: 172.16.5.1 Dst. Address: 0.0.0.0/0

Bridge - bridge_lan - VLAN - VLAN Filtering ON

Is it good setup, what else do I need to set up? How can I make it best for this devices?
Can router work with bridge ports (eth2-eth-8) or better make it without single? with a bridge it is easier to set two ports to a switches with vlans config.
Do I need to configure on router Bridge - VLANs tab? Is it better make VLANs there or should be in Interfaces tab -VLAN? Or need to be on both places? (Router VLANs on tab Interface or Bridge or Switch)
How can i enable same VLANs on router ports, fe. eth1-eth2 trunk to switch?, eht2-4 access ports vlan10, eht5-eth7 access ports vlan5-mgmt. Bridge - Ports and then Bridge-VLAN-VLAN Filtering ON (on router?) I need to set whether it is ready?
What frame type should be selected for trunk ports/access ports? Ingress Filtering trunk/access?

Why after turning on vlan filtering only on switches(sw1,sw2), addressing works, I can ping dns 8.8.8.8, but I do not have access to the Internet. Do i need to add all vlans to LAN Interface List (there is only bridge_lan)

Thank you for help.
Sliwa

Who is online

Users browsing this forum: AtomikRoach, EmuAGR, raiod and 41 guests