If I have this current set up:
==============
interface bridge vlan print detail
Flags: X - disabled, D - dynamic
0 bridge=BR1 vlan-ids=22 tagged=sfp1,sfp2 untagged=ether2 current-tagged=sfp2 current-untagged=""
1 bridge=BR1 vlan-ids=1005 tagged=sfp1,sfp2 untagged=ether3,ether4,ether5,ether6,ether7,ether8 current-tagged=sfp2
current-untagged=ether3,ether4
2 bridge=BR1 vlan-ids=1030 tagged=sfp1,sfp2 untagged=ether9,ether10,ether11,ether12 current-tagged=sfp2
current-untagged=ether10,ether12
3 bridge=BR1 vlan-ids=1006 tagged=sfp1,sfp2 untagged=ether13,ether14,ether15,ether16,ether17,ether18 current-tagged=sfp2
current-untagged=ether14,ether18,ether13,ether16
4 bridge=BR1 vlan-ids=1015 tagged=BR1,sfp1,sfp2 untagged=ether19,ether20,ether21,ether22 current-tagged=BR1,sfp2,sfp1
current-untagged=""
5 D bridge=BR1 vlan-ids=1 tagged="" untagged="" current-tagged="" current-untagged=BR1
===========
Then what syntax do I need to change sfp1 from a trunk port to an access port on VLAN 1005? Do I need to re-write the whole VLAN table using the SET command and then set sfp1 as an access port? Not sure where to start. This is what I thought but no idea if it is correct. This switch is in production.
/interface bridge vlan
set bridge=BR1 tagged=sfp2 untagged=ether2 vlan-ids=22
set bridge=BR1 tagged=sfp2 untagged=\
ether3,ether4,ether5,ether6,ether7,ether8,sfp1 vlan-ids=1005
set bridge=BR1 tagged=sfp2 untagged=\
ether9,ether10,ether11,ether12 vlan-ids=1030
set bridge=BR1 tagged=sfp2 untagged=\
ether13,ether14,ether15,ether16,ether17,ether18 vlan-ids=1006
set bridge=BR1 tagged=BR1,sfp2 untagged=\
ether19,ether20,ether21,ether22 vlan-ids=1015
#Then I need to set sfp1 as an access port on Vlan 1005, I think:
/interface bridge port
set bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged \
ingress-filtering=yes interface=sfp1 pvid=1005
Re: Reconfigure VLAN on CRS-326-24P-2S+
So in first part of post spf1 is under tagged for vlan 1005 but in later output it is under untagged. It should be under untagged and PVID for the port is correct.
Can you do a full export under interface bridge?
Can you do a full export under interface bridge?
-
-
incagarcilaso
newbie
- Posts: 38
- Joined:
Re: Reconfigure VLAN on CRS-326-24P-2S+
Sorry, that is my fault for not explaining. In the second part of my post it is just my suggested syntax for making the change. It is not from a print command. I don't think my syntax is correct.So in first part of post spf1 is under tagged for vlan 1005 but in later output it is under untagged. It should be under untagged and PVID for the port is correct.
Can you do a full export under interface bridge?
The first part of the post is the actual VLAN table, showing sfp1 as a trunk port (tagged for all VLANs). I need to know how to change sfp1 to an access port on VLAN 1005 via the command line.
I attach a full export.
Thanks.
You do not have the required permissions to view the files attached to this post.
Re: Reconfigure VLAN on CRS-326-24P-2S+
So having a quick look while between meetings :) I can see that SFP1 is currently specified as a Tragged only port
You need to change this to
This mean the port is "access mode" and placed on VLAN 1005
Then you need to change the settings on VLAN 1005
All i did was to move SFP1 from tagged to untagged.
Doing this, which is what you more or less wrote last in you post, makes SFP1 a access port and will only handle VLAN 1005´.
You should also consider removing SFP1 from all other VLAN's as tagged as well.
Out of curiosity what is connected to SFP1?
Code: Select all
add bridge=BR1 frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=sfp1Code: Select all
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=sfp1 pvid=1005Then you need to change the settings on VLAN 1005
Code: Select all
add bridge=BR1 tagged=sfp-sfpplus2 untagged=ether3,ether4,ether5,ether6,ether7,ether8,sfp1 vlan-ids=1005Doing this, which is what you more or less wrote last in you post, makes SFP1 a access port and will only handle VLAN 1005´.
You should also consider removing SFP1 from all other VLAN's as tagged as well.
Out of curiosity what is connected to SFP1?
-
-
incagarcilaso
newbie
- Posts: 38
- Joined:
Re: Reconfigure VLAN on CRS-326-24P-2S+
So having a quick look while between meetings :) I can see that SFP1 is currently specified as a Tragged only port
You need to change this toCode: Select alladd bridge=BR1 frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=sfp1
This sfp1 port has been repurposed to connect a data server with a new 10G interface.Code: Select alladd bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=sfp1 pvid=1005
OK. I see you use the "add" command rather than the "set" command. I thought that as sfp1 was already added to the bridge as a tagged trunk port, that in order to CHANGE the configuration I needed to use the "set" command to modify it. Is that also possible? Which is best?
Would the following also have done the same job by modifying the vlan table to have sfp2 as the only tagged port on all vlans (trunk)?Then configure sfp1 as an access port on 1005:Code: Select all/interface bridge vlan set vlan-ids=22 tagged=sfp2 set vlan-ids=1005 tagged=sfp2 set vlan-ids=1030 tagged=sfp2 set vlan-ids=1006 tagged=sfp2 set vlan-ids=1015 tagged=sfp2
I suppose my remaining questions are is, first what is the difference between using "set" and "add" when REconfiguring (not initial conifuration) and, second is my code suggestion correct?Code: Select all/interface bridge port set bridge=BR1 interface=sfp1 frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes pvid=1005
Really appreciate your input as it means I can finally open up this 10G route to the server.
Re: Reconfigure VLAN on CRS-326-24P-2S+
I will be honest and say I had not thought about Add and Set but I guess Add is adding and Set is changing something already added.
I however do most of this via Winbox as I lile the visual presentation and think that it makes for easier understanding of the configuration.
So I would have used Winbox to change SFP1 port settings to admin only untagged and then made changes to VLAN 1005 so that SFP1 is removed from tagged and added to untagged.
I however do most of this via Winbox as I lile the visual presentation and think that it makes for easier understanding of the configuration.
So I would have used Winbox to change SFP1 port settings to admin only untagged and then made changes to VLAN 1005 so that SFP1 is removed from tagged and added to untagged.
Re: Reconfigure VLAN on CRS-326-24P-2S+ [SOLVED]
Generally I find it best not to include any untagged= membership entries under /interface bridge vlan as they will be dynamically added when interfaces are running/up based on the pvid= entries under /interface bridge port. If the untagged membership entries are present you have to remember to update both when changing PVID or weird connectivity issues may result.
I don't think you can change VLAN membership by interface as the configuration entries are indexed by VLAN IDs, so [ find interface=sfp1 ] has no meaning in this context. You would likely have to use [ find vlan-id=XX ] for each VLAN ID and change the membership from some-interface,sfp1,another-interface to some-interface,another-interface. Somone with a more in-depth knowledge of RouterOS scripting may be able to suggest a set of commands which would loop through all bridge VLAN definitions using regexp to match and update the membership for the interface of interest.
I don't think you can change VLAN membership by interface as the configuration entries are indexed by VLAN IDs, so [ find interface=sfp1 ] has no meaning in this context. You would likely have to use [ find vlan-id=XX ] for each VLAN ID and change the membership from some-interface,sfp1,another-interface to some-interface,another-interface. Somone with a more in-depth knowledge of RouterOS scripting may be able to suggest a set of commands which would loop through all bridge VLAN definitions using regexp to match and update the membership for the interface of interest.
-
-
incagarcilaso
newbie
- Posts: 38
- Joined:
Re: Reconfigure VLAN on CRS-326-24P-2S+
Great. That all makes sense. Clearer now. I can work it out from all the replies. Many thanks.Generally I find it best not to include any untagged= membership entries under /interface bridge vlan as they will be dynamically added when interfaces are running/up based on the pvid= entries under /interface bridge port. If the untagged membership entries are present you have to remember to update both when changing PVID or weird connectivity issues may result.
I don't think you can change VLAN membership by interface as the configuration entries are indexed by VLAN IDs, so [ find interface=sfp1 ] has no meaning in this context. You would likely have to use [ find vlan-id=XX ] for each VLAN ID and change the membership from some-interface,sfp1,another-interface to some-interface,another-interface. Somone with a more in-depth knowledge of RouterOS scripting may be able to suggest a set of commands which would loop through all bridge VLAN definitions using regexp to match and update the membership for the interface of interest.