CRS125 ISOLATED VLANS and full switching manual

lashguti · Tue Dec 10, 2013 5:10 pm

Where is manual for crs125?
I saw examples about simple vlans but syntax needs to be updated in this example,

Where is additional instructions, there are so many tabs in routeos switch menu

We need documentation,

Can someone provide configuration commands needed to setup isolated private vlans?

Mikrotik, please provide complete switching manual to us

Tue Dec 10, 2013 5:23 pm

We are working on complete manual for CRS, it will be available very soon with configuration examples and description about the features.

lashguti · Tue Dec 10, 2013 5:35 pm

We are working on complete manual for CRS, it will be available very soon with configuration examples and description about the features.

Great Sergejs, CRS125 seems pretty interesting product, please try to include DHCP snooping,IP source guard, port security and dynamic arp inspection if they are not already.. These are must have features of all high-quality switches

lashguti · Sun Jan 05, 2014 7:04 pm

Where is manual? is it ready?

honzam · Sun Jan 05, 2014 11:46 pm

honzam · Fri Jan 17, 2014 4:06 pm

Can someone provide configuration commands needed to setup isolated private vlans?
Mikrotik, please provide complete switching manual to us

We have the same problem. Taging with isolated VLANs not working. (latest 6.8rc1)

Need complete manual

We are working on complete manual for CRS, it will be available very soon with configuration examples and description about the features.

When???

swissiws · Mon Jan 27, 2014 8:25 pm

it looks like ROS for CRS125 is so not functional; they are not able to document any new features as yet.

we are also sitting on a stock of 20 new CRS125 which should be deployed with private VLAN's and some basic bridging features.

honzam · Mon Jan 27, 2014 10:14 pm

Normis promise - documentation this week

Antares · Thu Jan 30, 2014 4:31 am

I need manual for CRS too. Is it ready?
I send this question to support@mikrotik.com, but no reply.

Antares · Thu Jan 30, 2014 4:33 am

I need manual for CRS too. Is it ready?
I send this question to support@mikrotik.com, but no reply.

honzam · Thu Jan 30, 2014 9:08 am

it is now on wiki
http://wiki.mikrotik.com/wiki/Manual:CRS_features
http://wiki.mikrotik.com/wiki/Manual:CRS_examples

Antares · Sat Feb 01, 2014 6:16 pm

Thanx.
In examples I need to see how configure port-based tagged vlans.

For example:
tagged vlan 200, 300, 400 in port1.
tagged vlan 200 out port 2 only
tagged vlan 300 out port 3 only
tagged vlan 400 out port 4 only
Etc.

I tested on CRS RouterOS 6.5 (factory installed) and 6.9 (latest at this time). I don`t know, how to do this.

P.S. Sorry for my poor english.
P.P.S. All traffic sometimes blocked (switch is unavailable from any port) after change most parameters of switch and restored after hardware reset. This is not good.

Antares · Thu Feb 06, 2014 11:46 am

Anyone have any ideas, how to route tagged vlans from one port to another?

efaden · Thu Feb 06, 2014 2:08 pm

Nope. Right now or seems like a device that was released without being finished.

Sent from my SCH-I545 using Tapatalk

arneo · Fri Feb 07, 2014 5:07 pm

it is now on wiki
http://wiki.mikrotik.com/wiki/Manual:CRS_examples

These examples seems quite strange to me.

In the port based VLAN section its just used ingress-vlan-translation and egress-vlan-translation. I assume this is what IEEE calls VID translation (12.13.2 in IEEE Std 802.1Q™2011) and this is a mapping of S-VIDs which is in use when running a provider bridge (S-VLAN component). Running a C-VLAN component this table is not in use (5.5 in IEEE Std 802.1Q™2011).

In some transport scenarios the examples are relevant, but if we want to use the device as a "regular switch" with VLANs using 8100 tag on a LAN I don't see this examples as relevant.

I'm playing around with my two switches, but it could be rather useful with some usecases and samples where the CSR is used as regular C-VLAN component and as a S-VLAN component.

Regards
Arne

Antares · Mon Feb 10, 2014 10:45 am

I planned to use CRS as ordinary L2 managed switches. VLAN-s must be routed in group of marked ports without any changes (tag, untag, translation, mirroring, etc.). And block to any other ports. Very simple variant.
How to do this?

efaden · Mon Feb 10, 2014 6:27 pm

I planned to use CRS as ordinary L2 managed switches. VLAN-s must be routed in group of marked ports without any changes (tag, untag, translation, mirroring, etc.). And block to any other ports. Very simple variant.
How to do this?

I'm waiting for this also.

Sent from my SCH-I545 using Tapatalk

Antares · Fri Feb 14, 2014 5:41 pm

Dear Mikrotik!
The time is going, but I have no answer for my question. My boss is very dissatisfied and say to me: "You must find alternative for all Mikrotik devices, because these devices have some bugs and dont have proper documentation".
This is several hundreds devices (CCR, SXT, CRS, various RB series) used in our network now, and hundreds / thousands, planned for buy in the future.
That I should answer him?

pcunite · Fri Feb 14, 2014 6:44 pm

There are several hundred devices (CCR, SXT, CRS, various RB series) used in our network, and hundreds / thousands, planned for purchase in the future.

Contact support directly and have them show you how to configure them. Then come tell us.

Antares · Fri Feb 14, 2014 7:06 pm

Contact support directly and have them show you how to configure them. Then come tell us.

Message to support sent via email. Waiting.

I already addressed in a support over CRS manual, not received a reply quickly, within 5 or 6 days.

JanezFord · Sun Feb 16, 2014 11:34 am

... is there a way to block rogue dhcp servers using this switch?

JF.

Antares · Tue Feb 18, 2014 7:21 pm

I received a message from support:

"In RouterOS v6.10 tagged VLAN forwarding is already working according to switch
chip host table (forwarding table) when ports are switched using master-port.
There is no connection between different VLANs as it should be.

But there are some issues with VLAN filtering which have not been fixed till
RouterOS v6.10 - invalid VLANs on ports are not dropped. We are working on this
for next releases.

Until the fix you should use bridging with bridge filter if it is required to
allow only specific VLANs on port and ensure that all others are being dropped."

I think the CRS devices is "crude" now... this is very bad news for me.

lordzar · Thu Feb 27, 2014 4:13 pm

it is now on wiki
http://wiki.mikrotik.com/wiki/Manual:CRS_features
http://wiki.mikrotik.com/wiki/Manual:CRS_examples[/quote]

Completely useless

Antares · Thu Mar 13, 2014 11:29 am

How long to wait functional firmware? Now CRS can operate as a unmanaged switch only, that is completely useless.

Antares · Sat Mar 22, 2014 1:10 pm

What's new in 6.11 (2014-Mar-20 09:16):

*) ipsec - fix aes-cbc hardware acceleration on CCR with key sizes 192 and 256;
*) wireless - add auto frequency feature;
*) ovpn - fixed TLS renegotiation;
*) ovpn - make bridge mode work with big packets (do not leave extraneous padding);
*) ovpn - fixed require-client-certifcate;
*) ppp - revert RADIUS NAS-Port behaviour, report tunnel interface id;
*) ppp - mppe encryption together with mrru locked the router;
*) dhcp - added support for DHCP option 138 - list of CAPWAP IPv4 servers;
*) quickset - added Guest Network setup to Home AP mode;
*) console - no longer required to supply value of '/routing bgp instance vrf'
property 'instance' for 'add' command;
*) ethernet - added option to enable rx/tx flow control
(will be disabled by default);
*) ethernet - added ability to specify advertised modes for copper ports;
*) fixed 100% cpu usage on CCRs;
*) ssl - not finding CRL in local store for any certificate in trust chain will cause connection to fail;
*) lte - support for Huawei ME609 and ME909u-521;

Any changes for CRS? We can finally assume that CRS is not a switch, that is a RB2011 with 24 ports?

PastuhMedvedey · Wed Apr 02, 2014 2:29 pm

Requires manual configuration on the port loop detection.

Antares · Tue Apr 15, 2014 11:29 pm

I read new examples.
Is there a way to route tagged VLANs without using CPU? CPU usage does not have sense, since the processor is unlikely to be able to handle even 1 Gbps of traffic.

Something like this:

P.S. The new CRS226-24G-2S+IN has two SFP+ ports. It also has to do routing on processor? With one core at 400MHz frequency?

Zorro · Wed Apr 16, 2014 3:42 pm

would be cool to add vlan breaking/bypassing/hacking mitigation measures.
like http://resources.infosecinstitute.com/vlan-hacking/ (scroll down to tru explanations conclusion/advices, if you familar with issues/troubles).
according to ToS/Rules of forum - we're cannot refer competing products and brands, but some of them had handy manuals on this.

Neilson · Thu Apr 17, 2014 6:45 am

I wouldn't call your example "routing" tagged VLANS.

You would use the switch menu to assign the VLAN's to the ports and make them tagged for those VLANS

So to tag several VLANs on a port you do this

ros code

/interface ethernet switch egress-vlan-tag
add tagged-ports=ether2 vlan-id=200
add tagged-ports=ether2 vlan-id=300
add tagged-ports=ether2 vlan-id=400

But you can use the same style of code and keep all the VLAN ID's the same and change the tagged-ports to the ports you need.

Regards
Alexander

lashguti · Thu Apr 24, 2014 6:00 pm

example shown here: http://wiki.mikrotik.com/wiki/Manual:CR ... _Isolation

does not match CLI commands, I checked isolated ports section,
how should be configured switch if we want to access them on all interfaces?

Antares · Sat May 03, 2014 10:37 pm

Great! Tagged VLANs forwarding is working in ROS 6.12. I am immensely happy!

Antares · Thu May 08, 2014 12:23 am

As it turned out, I was too early to celebrate. This boxes sometime will work?
Any configuration changes (like change vlan ports) may cause the system becomes unbootable after reboot. And only reset to factory settings cause any effect.

reverged · Thu May 08, 2014 6:56 am

send email to support.
there is a new test version of 6.13 that fixes this problem.
I had the same problem and it is now fixed with the test version.

Antares · Thu May 08, 2014 9:07 am

Support in these cases gives the standard answer: "this will be fixed in the future". I need a working devices and not those answers or ongoing experiments.
Thanks, I'll try the beta.

PastuhMedvedey · Tue May 13, 2014 9:52 am

Requires manual configuration on the port loop detection.

There is information on this issue?

Tue May 13, 2014 10:02 am

Loop detection (Spanning Tree Protocol) is not supported on Cloud Router Switches yet.

PastuhMedvedey · Tue May 13, 2014 11:52 am

Loop detection (Spanning Tree Protocol) is not supported on Cloud Router Switches yet.

Please tell me whether this function is a future date versions of the software?

hedele · Mon Jun 16, 2014 6:02 pm

Is there already any timeframe on implementing RSTP on CRS125 switch chip?

troffasky · Mon Feb 16, 2015 10:16 pm

Is support for STP going to be implemented?

bajodel · Wed Feb 18, 2015 7:33 am

Is support for STP going to be implemented?

the question is.. the hardware switch chip support it? I don't know

troffasky · Thu Feb 19, 2015 11:11 pm

the question is.. the hardware switch chip support it? I don't know

I'm going to hazard a guess and say yes, on the basis that the market for a 26-port gigabit wirespeed managed switch chip that doesn't do STP must be pretty small, so I presume it doesn't exist.

ros code

Who is online