I am not familiar at all with switching configuration, so sorry for the question but is a 600MHz CPU too small for a switch?In my opinion, it's a switch, the CPU is much too weak for so many ports.
/interface ethernet switch ingress-vlan-translation add switch=switch1 port=ether6 customer-vid=0 new-customer-vid=200Should be:
/interface ethernet switch ingress-vlan-translation add switch=switch1 port=ether6 match-customer-vid=0 new-customer-vid=200Here's the listing from the switch itself of some of the new options:
Perhaps a graphical configuration model for ease of setup which would then allow us to export configs and see what they're supposed to look like?Please give us examples of the most important switch functions that you want us to make.
Was just some examples, as any sort of bulk changes right now are time consuming.Omega, OK about the first image, but the second is really confusing
- 802.3af POE output on all ports With this, it would make an excellent "branch office" router.Currently we are still adding Switching features for the CRS. Right now you get only basic Switch functionality, but the hardware allows for much more, and new features will be added with every software update.
Please give us examples of the most important switch functions that you want us to make.
Hi Normis,Please let us know what you are trying to do, and what didn't work exactly.
I received my CRS on Friday and have been fumbling through different configurations all weekend. I am definitely frustrated with the lack of switching features that aren't there yet, although I am happy that they have committed to adding features with every update. Coming from other hardware/software that I've used in the past I find the current implementation rather convoluted, but I am new to RouterOS so I guess I should expect the learning curve.Being huge fan of MT i get almost every MT new product to check it out and to play around. This time i got CSR125 ros6.5, and boy...
after spending 5hours trying to acomplish the most generic switching tasks i felt stupid as faq because i failed:
1. didnt find an easy way to assign vlan to a port or easly configure a trunk link and permit all vlans. The way from examples(to match default VID with a "In.Vlan Tran" rule and to apply a different VID) feels complicated. Couldnt get "VLAN" and "VLAN Tagging" tabs to work at all
2. didnt find a way to terminate vlan on a switch(SVI)
3. unclear with STP configuration beeing only for bridge interfaces
4. Lack of documentation on switching functions
Putting my new CSR125 on a shelf for some time, unusable...
For sure.Along with this it's not really clear how pulling things back to vlan 0 is support to work for configs.
IE:
If I want tagged/trunked vlans 20,30,40 coming in on ether1 and
vlan 20 untagged out ether2
vlan 30 untagged out ether3
vlan 40 untagged out ether4
I would assume I should:
1. accept tagged vlans 20,30,40 on ether1
2. ensure traffic in ether2,ether3,ether4 is tagged as it comes in with the respective vlan (20,30,40)
3. ensure traffic passing out ether2,ether3,ether4 is untagged as it passes out with the respective vlan (20,30,40)
But this does not align with how I configure the ports.
I usually use Cisco, HP L3/L2 Switches and Fortigates.
I had many hours to find out how to tag a port or how to get a LACP trunk between two devices. Most of what I tried didn't work. Maybe it's me not clever enough, maybe it's not yet implemented (couldn't believe that the first time I read it) and some of it is because the CLI syntax is, I would say, specially.
For me and maybe also for others it would help much if the CLI syntax would be like HP or Cisco to configure those great Mikrotik Switches and Routers.
Did you manage to solve this? right now setting ports 2-24 in a group as per the examples ends up in a hub-like behavior with traffic transmitted on all ports for all ports.In /interface ethernet switch vlan, I attempt to set isolation-profile=isolated (through winbox). Upon hitting apply it immediately switches back to promiscuous
The CRS has a single switch chip that can handle all ports. Other routers like the 2011 have two switch chips, one for the gigabit ports and one for the fast ethernet ports. On the 2011, there is no way to have all 10 ports on a single master port. The CRS fixes this by giving you 24ether + 1sfp port, all can be used on the same switch chip.What exactly did they change in RouterOS to make this a switch over say an RB-2011 etc?
UP !hello all!
for me are needed three functions:
- broadcast storm controll
- loopback detection/protection
is possible to add this futures to Mikrotik CRS? Thanks
Boris
[admin@blackwidow] /interface ethernet> print
Flags: X - disabled, R - running, S - slave
# NAME MTU MAC-ADDRESS ARP MASTER-PORT SWITCH
0 R 1 - WAN 1500 D4:CA:6D:CE:29:22 enabled none switch1
1 RS 2 - APC ... 1500 D4:CA:6D:CE:29:23 enabled none switch1
2 RS 3 - Work... 1500 D4:CA:6D:CE:29:24 enabled 2 - APC 1500 ... switch1
3 S 4 - KM24... 1500 D4:CA:6D:CE:29:25 enabled 2 - APC 1500 ... switch1
4 S 5 - Back... 1500 D4:CA:6D:CE:29:26 enabled 2 - APC 1500 ... switch1
5 S 6 - Schw... 1500 D4:CA:6D:CE:29:27 enabled 2 - APC 1500 ... switch1
6 S 7 - 1140... 1500 D4:CA:6D:CE:29:28 enabled 2 - APC 1500 ... switch1
7 S 8 - Spac... 1500 D4:CA:6D:CE:29:29 enabled 2 - APC 1500 ... switch1
8 S 9 - Mike... 1500 D4:CA:6D:CE:29:2A enabled 2 - APC 1500 ... switch1
9 S 10 - Eri... 1500 D4:CA:6D:CE:29:2B enabled 2 - APC 1500 ... switch1
10 S 11 - Vau... 1500 D4:CA:6D:CE:29:2C enabled 2 - APC 1500 ... switch1
11 S 12 - Ray... 1500 D4:CA:6D:CE:29:2D enabled 2 - APC 1500 ... switch1
12 S 13 - Liv... 1500 D4:CA:6D:CE:29:2E enabled 2 - APC 1500 ... switch1
13 S 14 - Bed... 1500 D4:CA:6D:CE:29:2F enabled 2 - APC 1500 ... switch1
14 S 15 - Bed... 1500 D4:CA:6D:CE:29:30 enabled 2 - APC 1500 ... switch1
15 S 16 - Del... 1500 D4:CA:6D:CE:29:31 enabled 2 - APC 1500 ... switch1
16 S ether17-... 1500 D4:CA:6D:CE:29:32 enabled 2 - APC 1500 ... switch1
17 S ether18-... 1500 D4:CA:6D:CE:29:33 enabled 2 - APC 1500 ... switch1
18 S ether19-... 1500 D4:CA:6D:CE:29:34 enabled 2 - APC 1500 ... switch1
19 S ether20-... 1500 D4:CA:6D:CE:29:35 enabled 2 - APC 1500 ... switch1
20 S ether21-... 1500 D4:CA:6D:CE:29:36 enabled 2 - APC 1500 ... switch1
21 S ether22-... 1500 D4:CA:6D:CE:29:37 enabled 2 - APC 1500 ... switch1
22 S ether23-... 1500 D4:CA:6D:CE:29:38 enabled 2 - APC 1500 ... switch1
23 S ether24-... 1500 D4:CA:6D:CE:29:39 enabled 2 - APC 1500 ... switch1
24 XS sfp1-gat... 1500 D4:CA:6D:CE:29:3A enabled none switch1
[admin@blackwidow] /interface ethernet switch egress-vlan-tag> print
Flags: X - disabled, I - invalid, D - dynamic
# VLAN-ID TAGGED-PORTS
0 D 4095
1 100 switch1-cpu
2 300 switch1-cpu
3 400 switch1-cpu
[admin@blackwidow] /interface ethernet switch ingress-vlan-translation>
Flags: X - disabled, I - invalid, D - dynamic
0 ports=3 - Workbench service-vlan-format=any customer-vlan-format=a
new-customer-vid=300 pcp-propagation=no sa-learning=yes
1 ports=7 - 1140G - AP service-vlan-format=any customer-vlan-format=
new-customer-vid=100 pcp-propagation=no sa-learning=yes
2 ports=7 - 1140G - AP service-vlan-format=any customer-vlan-format=
new-customer-vid=400 pcp-propagation=no sa-learning=yes
3 D ports=1 - WAN,sfp1-gateway service-vlan-format=any customer-vlan-f
new-customer-vid=0 pcp-propagation=no sa-learning=no
[admin@blackwidow] /interface vlan> print
Flags: X - disabled, R - running, S - slave
# NAME MTU ARP VLAN-ID INTERFACE
0 R vlan100 1500 enabled 100 2 - APC 1500 - UPS
1 R vlan300 1500 enabled 300 2 - APC 1500 - UPS
2 R vlan400 1500 enabled 400 2 - APC 1500 - UPS
[admin@blackwidow] /ip address> print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
0 ;;; default configuration
192.168.88.1/24 192.168.88.0 2 - APC 1500 - UPS
1 10.51.25.1/24 10.51.25.0 vlan300
2 X 10.54.25.1/24 10.54.25.0 vlan100
3 10.52.25.1/24 10.52.25.0 vlan400
4 D 10.54.25.33/24 10.54.25.0 1 - WAN
[admin@blackwidow] /interface ethernet switch vlan> print
Flags: X - disabled, I - invalid, D - dynamic
# VLAN-ID PORTS SVL LEARN FLOOD INGRESS-MIRRO
0 D 4095 1 - WAN no no no no
sfp1-gateway
switch1-cpu
1 300 3 - Workbench no yes no no
switch1-cpu
2 100 7 - 1140G - AP no yes no no
switch1-cpu
3 400 7 - 1140G - AP no yes no no
switch1-cpu
[admin@blackwidow] /interface ethernet switch> print
name: switch1
type: QCA-8513L
bridge-type: customer-vid-used-as-lo
okup-vid
drop-if-no-vlan-assignment-on-ports:
drop-if-invalid-or-src-port-not-member-of-vlan-on-ports:
unknown-vlan-lookup-mode: svl
forward-unknown-vlan: no
use-svid-in-one2one-vlan-lookup: no
use-cvid-in-one2one-vlan-lookup: yes
mac-level-isolation: yes
multicast-lookup-mode: dst-ip-and-vid-for-ipv4
override-existing-when-ufdb-full: no
unicast-fdb-timeout: 5m
ingress-mirror0: switch1-cpu,unmodified
ingress-mirror1: switch1-cpu,unmodified
ingress-mirror-ratio: 1/1
egress-mirror0: switch1-cpu,modified
egress-mirror1: switch1-cpu,modified
egress-mirror-ratio: 1/1
fdb-uses: mirror0
vlan-uses: mirror0
mirror-egress-if-ingress-mirrored: no
mirror-tx-on-mirror-port: no
mirrored-packet-qos-priority: 0
mirrored-packet-drop-precedence: green
bypass-vlan-ingress-filter-for:
bypass-ingress-port-policing-for:
bypass-l2-security-check-filter-for:
[admin@blackwidow] /ip dhcp-server> print
Flags: X - disabled, I - invalid
# NAME INTERFACE RELAY ADDRESS-POOL LEASE-TIME ADD-ARP
0 default bridge-local dhcp 3d
1 DHCP-DMZ vlan300 DMZ_DHCP_Pool 1d
2 X DHCP-LAN (unknown) LAN_DHCP_Pool 3d
3 DHCP-Guest vlan400 Guest_DHCP_Pool 1d
/ip address add address=172.16.16.8/24 interface=ether24 network=172.16.16.0 [admin@MikroTik] /ip address> /int ether exp # jan/06/2002 03:19:38 by RouterOS 6.12 # software id = IKDF-GH6M # /interface ethernet set [ find default-name=sfp1 ] master-port=ether24 set [ find default-name=ether1 ] master-port=ether24 set [ find default-name=ether2 ] master-port=ether24 set [ find default-name=ether3 ] master-port=ether24 set [ find default-name=ether4 ] master-port=ether24 set [ find default-name=ether5 ] master-port=ether24 set [ find default-name=ether6 ] master-port=ether24 set [ find default-name=ether7 ] master-port=ether24 set [ find default-name=ether8 ] master-port=ether24 set [ find default-name=ether9 ] master-port=ether24 set [ find default-name=ether10 ] master-port=ether24 set [ find default-name=ether11 ] master-port=ether24 set [ find default-name=ether12 ] master-port=ether24 set [ find default-name=ether13 ] master-port=ether24 set [ find default-name=ether14 ] master-port=ether24 set [ find default-name=ether15 ] master-port=ether24 set [ find default-name=ether16 ] master-port=ether24 set [ find default-name=ether17 ] master-port=ether24 set [ find default-name=ether18 ] master-port=ether24 set [ find default-name=ether19 ] master-port=ether24 set [ find default-name=ether20 ] master-port=ether24 set [ find default-name=ether21 ] master-port=ether24 set [ find default-name=ether22 ] master-port=ether24 set [ find default-name=ether23 ] master-port=ether24 /interface ethernet switch set drop-if-invalid-or-src-port-not-member-of-vlan-on-ports="ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,\ ether11,ether12,ether13,ether14,ether15,ether16,ether17,ether18,ether19,ether20,ether21,ether22,ether23,ether24" \ forward-unknown-vlan=no /interface ethernet switch egress-vlan-tag add tagged-ports=ether24 vlan-id=59 /interface ethernet switch ingress-vlan-translation add customer-vid=0 new-customer-vid=59 ports=ether1 sa-learning=yes /interface ethernet switch vlan add ports=ether1,ether24 vlan-id=59
/interface ethernet switch egress-vlan-tag
add tagged-ports=ether7-slave-local,switch1-cpu vlan-id=100
add tagged-ports=switch1-cpu vlan-id=300
add tagged-ports=ether7-slave-local,switch1-cpu vlan-id=400
/interface ethernet switch ingress-vlan-translation
add customer-vlan-format=untagged-or-tagged new-customer-vid=100 ports=\
ether2-master-local,ether4-slave-local,ether5-slave-local,ether6-slave-local,ether8-slave-local,ether9-slave-local,ether10-slave-local sa-learning=\
yes service-vlan-format=untagged-or-tagged
add customer-vlan-format=untagged-or-tagged new-customer-vid=300 ports=ether3-slave-local sa-learning=yes service-vlan-format=untagged-or-tagged
/interface ethernet switch
set drop-if-invalid-or-src-port-not-member-of-vlan-on-ports="ether2-master-local,ether3-slave-local,ether4-slave-local,ether5-slave-local,ether6-slave-lo\
cal,ether7-slave-local,ether8-slave-local,ether9-slave-local,ether10-slave-local"
/interface ethernet switch vlan
add ports="ether2-master-local,ether4-slave-local,ether5-slave-local,ether6-slave-local,ether7-slave-local,ether8-slave-local,ether9-slave-local,ether10-\
slave-local,switch1-cpu" vlan-id=100
add ports=ether3-slave-local,switch1-cpu vlan-id=300
add ports=ether7-slave-local,switch1-cpu vlan-id=400
/interface vlan add name=vlan59 vlan-id=59 interface=ether24
/interface ethernet switch egress-vlan-tag
add tagged-ports=switch1-cpu vlan-id=59
/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=59 ports=ether1 sa-learning=yes
/interface ethernet switch vlan
add ports=ether1,switch1-cpu vlan-id=59
But my management IPs reside not in a VLAN, but rather in the native VLAN, which is not a 802.1q VLAN at all, it is just normal untagged traffic, this is why I put the IP address on the physical master-port (ether24 in my case).ners,
You should add a VLAN interface to master-port in RouterOS and add IP address to it.
From switch point there is switch1-cpu port, not the master-port.Code: Select all/interface vlan add name=vlan59 vlan-id=59 interface=ether24 /interface ethernet switch egress-vlan-tag add tagged-ports=switch1-cpu vlan-id=59 /interface ethernet switch ingress-vlan-translation add customer-vid=0 new-customer-vid=59 ports=ether1 sa-learning=yes /interface ethernet switch vlan add ports=ether1,switch1-cpu vlan-id=59
I can only add IPs to physical ports or VLANs.[admin@MikroTik] /ip address> set 0 interface=switch1-cpu
input does not match any value of interface
How do you disable it globally, without listing each individual port in the "drop-if-invalid-or-src-port-not-member-of-vlan-on-ports" setting?michaelahess,
The follwing Cloud Router Switch configuration should be applied for your setup:
3) For security disable invalid VLAN forwarding globally or on each port separately like this:Code: Select all/interface ethernet switch set drop-if-invalid-or-src-port-not-member-of-vlan-on-ports="ether2-master-local,ether3-slave-local,ether4-slave-local,ether5-slave-local,ether6-slave-lo\ cal,ether7-slave-local,ether8-slave-local,ether9-slave-local,ether10-slave-local"
IP address on the master-port is correct for untagged traffic, but in that case you need to ensure untagged traffic is not being filtered as invalid VLAN.But my management IPs reside not in a VLAN, but rather in the native VLAN, which is not a 802.1q VLAN at all, it is just normal untagged traffic, this is why I put the IP address on the physical master-port (ether24 in my case).
/interface ethernet switch vlan
add vlan-id=0 ports=ether1,ether2,...,switch1-cpu
How do you disable it globally, without listing each individual port in the "drop-if-invalid-or-src-port-not-member-of-vlan-on-ports" setting?
/interface ethernet switch set forward-unknown-vlan=no
I did exactly that and now the switch will not pass traffic anymore and will not let me see the configuration (reboot does not help):IP address on the master-port is correct for untagged traffic, but in that case you need to ensure untagged traffic is not being filtered as invalid VLAN.But my management IPs reside not in a VLAN, but rather in the native VLAN, which is not a 802.1q VLAN at all, it is just normal untagged traffic, this is why I put the IP address on the physical master-port (ether24 in my case).
VLAN 0 needs to be added in switch-chip VLAN table.Code: Select all/interface ethernet switch vlan add vlan-id=0 ports=ether1,ether2,...,switch1-cpu
How do you disable it globally, without listing each individual port in the "drop-if-invalid-or-src-port-not-member-of-vlan-on-ports" setting?Code: Select all/interface ethernet switch set forward-unknown-vlan=no
[admin@MikroTik] > /int ethernet [admin@MikroTik] /interface ethernet> switch [admin@MikroTik] /interface ethernet switch> exp # jan/02/1970 00:00:26 by RouterOS 6.12 # software id = IKDF-GH6M # #error exporting /interface ethernet switch #interrupted [admin@MikroTik] /interface ethernet switch> print action timed out - try again, if error continues contact MikroTik support and send a supout file (13) [admin@MikroTik] /interface ethernet switch>I will be resetting the configuration and configuring everything from scratch again :-/
/interface ethernet set [ find default-name=sfp1 ] master-port=ether24 set [ find default-name=ether1 ] master-port=ether24 set [ find default-name=ether2 ] master-port=ether24 set [ find default-name=ether3 ] master-port=ether24 set [ find default-name=ether4 ] master-port=ether24 set [ find default-name=ether5 ] master-port=ether24 set [ find default-name=ether6 ] master-port=ether24 set [ find default-name=ether7 ] master-port=ether24 set [ find default-name=ether8 ] master-port=ether24 set [ find default-name=ether9 ] master-port=ether24 set [ find default-name=ether10 ] master-port=ether24 set [ find default-name=ether11 ] master-port=ether24 set [ find default-name=ether12 ] master-port=ether24 set [ find default-name=ether13 ] master-port=ether24 set [ find default-name=ether14 ] master-port=ether24 set [ find default-name=ether15 ] master-port=ether24 set [ find default-name=ether16 ] master-port=ether24 set [ find default-name=ether17 ] master-port=ether24 set [ find default-name=ether18 ] master-port=ether24 set [ find default-name=ether19 ] master-port=ether24 set [ find default-name=ether20 ] master-port=ether24 set [ find default-name=ether21 ] master-port=ether24 set [ find default-name=ether22 ] master-port=ether24 set [ find default-name=ether23 ] master-port=ether24 /interface ethernet switch set forward-unknown-vlan=no /interface ethernet switch egress-vlan-tag add tagged-ports=ether24 vlan-id=59 /interface ethernet switch ingress-vlan-translation add customer-vid=0 new-customer-vid=59 ports=ether1 sa-learning=yes /interface ethernet switch vlan add ports=ether24,switch1-cpu add ports=ether1,ether24 vlan-id=59 /ip address add address=172.16.16.8/24 interface=ether24
Thanks becs! I'll try this when I get home tonight. One thing I'm still worried about though, the master port of the switch group, is it best to not actually use that port for a real link since it has all that other "stuff" on it?michaelahess,
The following Cloud Router Switch configuration should be applied for your setup:
...
Thanks becs! I'll try this when I get home tonight. One thing I'm still worried about though, the master port of the switch group, is it best to not actually use that port for a real link since it has all that other "stuff" on it?michaelahess,
The following Cloud Router Switch configuration should be applied for your setup:
...
Thanks becs! I'll try this when I get home tonight. One thing I'm still worried about though, the master port of the switch group, is it best to not actually use that port for a real link since it has all that other "stuff" on it?michaelahess,
The following Cloud Router Switch configuration should be applied for your setup:
...
I see your post is old and so is this thread so I suppose you gave up?
My setup is similar to yours except I got two gateways. one goes to my firewall/dchp server and one goes out through the CSR gateway port 1.
I cant make the switch hand out ip's on my vlan10.
After resetting the configuration and configuring it from scratch it hangs again after issuing /export and also does not pass any traffic:
The configuration is as following:ros code
/interface ethernet set [ find default-name=sfp1 ] master-port=ether24 set [ find default-name=ether1 ] master-port=ether24 set [ find default-name=ether2 ] master-port=ether24 set [ find default-name=ether3 ] master-port=ether24 set [ find default-name=ether4 ] master-port=ether24 set [ find default-name=ether5 ] master-port=ether24 set [ find default-name=ether6 ] master-port=ether24 set [ find default-name=ether7 ] master-port=ether24 set [ find default-name=ether8 ] master-port=ether24 set [ find default-name=ether9 ] master-port=ether24 set [ find default-name=ether10 ] master-port=ether24 set [ find default-name=ether11 ] master-port=ether24 set [ find default-name=ether12 ] master-port=ether24 set [ find default-name=ether13 ] master-port=ether24 set [ find default-name=ether14 ] master-port=ether24 set [ find default-name=ether15 ] master-port=ether24 set [ find default-name=ether16 ] master-port=ether24 set [ find default-name=ether17 ] master-port=ether24 set [ find default-name=ether18 ] master-port=ether24 set [ find default-name=ether19 ] master-port=ether24 set [ find default-name=ether20 ] master-port=ether24 set [ find default-name=ether21 ] master-port=ether24 set [ find default-name=ether22 ] master-port=ether24 set [ find default-name=ether23 ] master-port=ether24 /interface ethernet switch set forward-unknown-vlan=no /interface ethernet switch egress-vlan-tag add tagged-ports=ether24 vlan-id=59 /interface ethernet switch ingress-vlan-translation add customer-vid=0 new-customer-vid=59 ports=ether1 sa-learning=yes /interface ethernet switch vlan add ports=ether24,switch1-cpu add ports=ether1,ether24 vlan-id=59 /ip address add address=172.16.16.8/24 interface=ether24
broadcast storm can be do with ingress policyUP !hello all!
for me are needed three functions:
- broadcast storm controll
- loopback detection/protection
is possible to add this futures to Mikrotik CRS? Thanks
Boris
I know this is probably already in the works but I really would like to see LAG implemented soon in the CRS.Currently we are still adding Switching features for the CRS. Right now you get only basic Switch functionality, but the hardware allows for much more, and new features will be added with every software update.
Please give us examples of the most important switch functions that you want us to make.
Append to "chechito" messageUP !hello all!
for me are needed three functions:
- broadcast storm controll
- loopback detection/protection
is possible to add this futures to Mikrotik CRS? Thanks
Boris
How many more updates until we will see spanning tree support?Currently we are still adding Switching features for the CRS. Right now you get only basic Switch functionality, but the hardware allows for much more, and new features will be added with every software update.
Please give us examples of the most important switch functions that you want us to make.
Did you solve this problem ? I'm trying to acheive exactly the same.But my management IPs reside not in a VLAN, but rather in the native VLAN, which is not a 802.1q VLAN at all, it is just normal untagged traffic, this is why I put the IP address on the physical master-port (ether24 in my case).
My problem:Did you solve this problem ? I'm trying to acheive exactly the same.But my management IPs reside not in a VLAN, but rather in the native VLAN, which is not a 802.1q VLAN at all, it is just normal untagged traffic, this is why I put the IP address on the physical master-port (ether24 in my case).
EDIT:
Here is the magic.
Now it works.
/interface ethernet switch vlan
add ports=$masterport,switch1-cpu vlan-id=0
/ip address add address=$ip-you-want interface=$masterport
I have figured out my problem. All is working well now. I had a couple config errors in the switch chip setup.
My problem:
Native vlan Management network
Master port is in a bridge so the CRS wifi will work properly with CAPSMAN. However, with a recent update, I
can no longer add a DHCP client on the Master port because my master port is slave to the bridge, and I cannot get cpu management to pass to bridge IP
Ideas on how to solve? I believe I a) need bridge to pass traffic to CAP b) can no longer pass cpu management to bridge IP from switch port but c) cannot create management IP on master port as it is slave to the bridge. So stuck since one of the recent updates. Ideas?
p.s. I've managed to lock myself out of switch management on one of my CRS109s after a software update because of this. It is still performing well otherwise while I figure this out.
/interface bridge
add name=bridge1
/ip dhcp-client
disabled=no interface=bridge1
/interface wireless cap
set bridge=bridge1 caps-man-addresses=10.20.0.1 enabled=yes interfaces=wlan1
/interface ethernet
set [ find default-name=ether2 ] name=ether2m
set [ find default-name=ether3 ] master-port=ether2m
set [ find default-name=ether4 ] master-port=ether2m
set [ find default-name=ether5 ] master-port=ether2m
set [ find default-name=ether6 ] master-port=ether2m
set [ find default-name=ether7 ] master-port=ether2m
set [ find default-name=ether8 ] master-port=ether2m
set [ find default-name=sfp1 ] master-port=ether2m
set [ find default-name=ether1 ] master-port=ether2m
/interface bridge port
add bridge=bridge1 interface=ether2m
add bridge=bridge1 interface=wlan1
/interface ethernet switch vlan
add ports=ether1,ether2m,ether3,ether4,sfp1,switch1-cpu vlan-id=0
add ports=ether1,ether2m,ether3,ether4,sfp1,switch1-cpu vlan-id=110
add ports=ether1,ether2m,ether3,ether4,sfp1,switch1-cpu vlan-id=120
add ports=ether1,ether2m,ether3,ether4,ether5,ether6,ether7,ether8,sfp1,switch1-cpu vlan-id=150
/interface ethernet switch egress-vlan-tag
add tagged-ports=ether1,ether2m,ether3,ether4,sfp1,switch1-cpu vlan-id=150
/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=150 ports=ether5,ether6,ether7,ether8
/interface ethernet switch
set drop-if-invalid-or-src-port-not-member-of-vlan-on-ports=ether3,ether4,ether5,ether6,ether7,ether8,sfp1,ether1,ether2m \
drop-if-no-vlan-assignment-on-ports=ether5,ether6,ether7,ether8 \
forward-unknown-vlan=no