Hello, My scenario is the following:
I want to pass untagged through all ports of CRS, but leave VLAN passing only through one port. Is this possible?
On older RouterBoards I could set up a port to port vlan + untagged just adding them to both ports and brigding them, but on CRS this is weirdly not working (VLAN goes to all ports of CRS, not only between ether1 <=> ether5 for example.)


Regards,

Artur Portella.

please specify on every port of the topology which vlan goes tagged or untagged

Have a look at http://wiki.mikrotik.com/wiki/Manual:CRS_examples CRS documentation, VLAN setup on CRS differs amongst RouterBoards depending on them having switch chip or not and CRS.

please specify on every port of the topology which vlan goes tagged or untagged

Hello Chechito!

Now, for experiences purposes (but actually in production), our CRS is active in our main network. ether2 is a Master Port and every other port are slave of it. We are an ISP here, so we have more than one gateway in this switch. ether5, ether6 , ether7 and ether8 are different subnet gateways. We use PtP radio equipments on ports 10+ (ether10, ether11, ether12, etc are point-to-point access points WDS). Because ALL of our network is untagged (everyone can see each other) I want to gradually add VLAN to our customers based on their subnet, or their service type. We have a lot of CRS switch accross our network. But at this time we need two things: untagged passtrough (for management, untill we don't change our equipments default service VLAN to any vlan for service purposes), and port to port vlan with tagged+untagged. In first example, in this CRS, I have one CCR on port 5 and and a customer for example on port 8. I want all untagged traffic to go through every port of CRS, but some specific vlans only through port to port... I'm sorry if I couldn't explain it in a easy way.

Have a look at http://wiki.mikrotik.com/wiki/Manual:CRS_examples CRS documentation, VLAN setup on CRS differs amongst RouterBoards depending on them having switch chip or not and CRS.

I've read a lot of things in this tutorial, but no one fill my example (tagged+untagged from port to port)

Regards,

Artur Portella.

RouterOS default behaviour is all ports are trunks and let everything pass. No specific setting is needed unless you start setting VLANs.

RouterOS default behaviour is all ports are trunks and let everything pass. No specific setting is needed unless you start setting VLANs.

I've tried the following (winbox):

Add a VLAN (ex: Vlan ID 100) to ether5 and ether11. Created a Bridge named "Vlan 100", add ports ether5.100 and ther11.100 to the bridge "Vlan 100". Not work


I don't want other ports to see vlan 100, only ports 5 and 11. But leave all untagged traffic passing normally.

i think the use of bridges on CRS switches its not recommended, is not the purpose of a switch

How about bridging vlans? There will be no packet processing. I used to have HP 1910 switches here, and this setup was easily achieved in their web interface. We had no CPU issues at all, but all our infrastructure are Mikrotik based (except for wireless networking). So, we are moving from HP to MK. But in HP switch, we simply configure what ports belong to what VLAN and what ports not, so we can easy create the scenario I'm trying to reach with mikrotik.

How about bridging vlans? There will be no packet processing. I used to have HP 1910 switches here, and this setup was easily achieved in their web interface. We had no CPU issues at all, but all our infrastructure are Mikrotik based (except for wireless networking). So, we are moving from HP to MK. But in HP switch, we simply configure what ports belong to what VLAN and what ports not, so we can easy create the scenario I'm trying to reach with mikrotik.

when you say bridgind vlans do you refer to do hardware switching??

Ok CRS can do that at wire speed with no CPU usage

I refer to the software bridges in router OS configuration, its not the purpose of a hardware switch to do software bridging

Some of the problems reported with CRS are because people doing software bridging instead of hardware switching

when you say bridgind vlans do you refer to do hardware switching??

Ok CRS can do that at wire speed with no CPU usage

I refer to the software bridges in router OS configuration, its not the purpose of a hardware switch to do software bridging

YES, I mean hardware switching! How can I link a VLAN in one port to another port and vice versa, so in this way this VLAN will not be going in any other port but only those I choose? I though that VLAN in CCS was configured in this way!

i was the latest 4 days figuring how to do vlans on CRS 125 using ROS 6.28 and y have this recommendations:

use the sfp port as a master port (many of us dont use it) to simplify and avoid confusion using ether 1

leave ether 24 without master port (out of the switch) to manage the switch using winbox without loosing access to it (my console port cease to work after 3 days) dont include port 24 on any cofing unless you can do what you need.

firt of all uncheck forward invalid vlan to be sure of the effect of your changes on vlans

/interface ethernet switch
set forward-unknown-vlan=no


allways tag master port on your vlans even if you do not need to use it as a trunk or even using it for anything:
example

/interface ethernet switch egress-vlan-tag
add tagged-ports=sfp1-MASTER,switch1-cpu vlan-id=20
add tagged-ports=ether01,sfp1-MASTER,switch1-cpu vlan-id=47

tagging switch cpu port on vlan its necessary only when you can reach vlan interfaces on embedded router for intervlan routing or manage the switch

when setting ingress vlan (untagged vlan of the port) be sure to include that "0"
example
/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=20 ports=ether03 sa-learning=yes

without that "0" tagged vlans on the port will not work

also check the unicast forwarding database to confirm vlan behavior