Community discussions

MikroTik App
 
pczekalski
just joined
Topic Author
Posts: 4
Joined: Wed Mar 15, 2017 10:04 am

RouterOS as switch and as a router in parallel

Tue May 16, 2023 3:39 pm

Dear All,

I'm trying to use CRS326-24G-2S+ (revision2, RouterOS v6.48.4 level 5) as a switch for my servers.
So far everything works fine but I'd like to use eth9-eth12 as a router "within" a switch (IPMI management interfaces, intended to be available through single IP.

So in detail, a current (working) configuration is:
eth1-eth20 bound with a bridge (Bridge1), and eth21-eth24 is an "uplink" to the core network using a bonding (Bonding1) 802.1ad (LACP), also added to the Bridge1.

I'd like, however, to exclude 4 eth ports, i.e. eth9-eth12, and set up a subnetwork using them (192.168.1.0/24) then route them to the aforementioned Bonding1.

First of all - is it possible to use "part" of the switching device as a router?
And the second question is, how do I set a master interface for routing eth9-eth12 to use Bonding1, or in other words, how to construct another bridge in this configuration?
Routing performance is meaningless in this case to me as those interfaces are to be used for monitoring/IPMI only.

Thanks in advance for any hints on how to construct the router part.

Regards,

Piotr
 
User avatar
sirbryan
Member Candidate
Member Candidate
Posts: 298
Joined: Fri May 29, 2020 6:40 pm
Location: Utah
Contact:

Re: RouterOS as switch and as a router in parallel

Tue May 16, 2023 5:18 pm

Your best bet (performance-wise) is to:
  • Put them all into the same bridge. Your LACP config seems to be correct already.
  • Create two (or more) VLANs, one for the first group of ports, one for the second group (your IPMI ports). (Or just create one VLAN for the IPMI ports and leave the others unassigned.)
  • In Bridge/VLANs, assign each port to the appropriate VLAN as "untagged". In Bridge/ports, change the PVID for those ports to their appropriate VLAN. Be sure to include the bridge in both VLANs, tagged in the second one for sure, tagged or untagged in the first one, depending on how you choose to set that one up.
  • Assign 192.168.1.1/24 to the second VLAN interface.
  • Assuming (for example) your main LAN is 192.168.0.0/24, assign 192.168.0.2/24 (or whatever address you want) to the first VLAN on the switch
  • Add a route in your upstream router for 192.168.1.0/24 to 192.168.0.2 (or whatever you chose).
  • Add a route to 0.0.0.0/0 to the CRS326 to 192.168.0.1 (or whatever your upstream router's address is).
This way, it wouldn't hurt to enable L3HW offload if you want.

If you choose to not create a new VLAN for the bulk of the ports, then you'd assign the main LAN's IP address to the bridge directly.
 
pczekalski
just joined
Topic Author
Posts: 4
Joined: Wed Mar 15, 2017 10:04 am

Re: RouterOS as switch and as a router in parallel

Wed May 17, 2023 9:54 am

Thank you very much for your quick reply. I'll give it a try tomorrow and return to you with the report.

Best regards,

Piotr
 
pczekalski
just joined
Topic Author
Posts: 4
Joined: Wed Mar 15, 2017 10:04 am

Re: RouterOS as switch and as a router in parallel  [SOLVED]

Thu May 18, 2023 8:34 pm

I made it finally the "standard" way instead of use of VLANs.

Note, the scripts below are part of the configuration just "above" the standard switch role.

IPMI ports (eth9-eth12) were removed from the LAN list and added to the LANIPMI list bound with bridgeIPMI with DHCP server running on it:
/interface bridge
add admin-mac=DE:ED:FE:ED:00:03 auto-mac=no name=bridgeIPMI

/ip pool
add name=poolIPMI ranges=192.168.88.100-192.168.88.249
/ip dhcp-server
add address-pool=poolIPMI disabled=no interface=bridgeIPMI name=dhcpIPMI

/interface list
add name=LANIPMI

/interface bridge port
add bridge=bridgeIPMI interface=ether9
add bridge=bridgeIPMI interface=ether10
add bridge=bridgeIPMI interface=ether11
add bridge=bridgeIPMI interface=ether12

/interface list member
add interface=ether9 list=LANIPMI
add interface=ether10 list=LANIPMI
add interface=ether11 list=LANIPMI
add interface=ether12 list=LANIPMI
Defined separate address scope for IPMI router:
/ip address
add address=192.168.88.1/24 interface=bridgeIPMI network=192.168.88.0
/ip dhcp-server network
add address=192.168.88.0/24 dns-server=8.8.8.8 \
    gateway=192.168.88.1
Then configured routing with NAT to Switch's main bridge "bridge", and firewall rules (only rules differing from default router configuration):
/ip firewall nat
add action=masquerade chain=srcnat ipsec-policy=out,none out-interface=bridge
...
/ip firewall filter
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    disabled=yes in-interface-list=!LANIPMI

Who is online

Users browsing this forum: Bing [Bot] and 26 guests