Hello everyone, I am new to MikroTik and was hoping to get some help with trunking and maybe some VLANs. I use a netgate sg3100 pfsense router for handling all the vlans and routing and such and I have a few mikrotik switches that I had gotten to replace my 48 port arista. As for the switches I have the CRS305, CRS326-24G-2S+RM and the CRS328-24P-4S+RM. I want to use the CRS305 as the core switch, the first connection from my sg3100. \

SG-3100 > CRS305 > CRS328 > CRS326

My issue is that I am not understanding how to use trunking on the MikroTik switches. I already created the VLANs on the SG and they are on the correct port to the LAN. But I just cant seem to get it working on my 305. I know soon as I get it on that one switch, the other two will be easier.

My current config is: (winbox)
I have my 4 vlans under the bridge interface in my interface list, vlan filtering is on the bridge interface
In the Bridge window, I have all 5 ports on the 305 including the 4 vlans under ports, the vlans have the pvid of the number of vlan
In the bridge window again, in the vlans tab, I have all 4 vlan IDs on the bridge, with the bridge being tagged (ether1 was tagged yesterday, for some reason its gone today)
There is also a dymanic bridge under the same tab, which has vlan 1 on it and the bridge and sfpplus1 untagged.

My SG connects to the 305 via the ethernet port, the 328 will be connected to the 305 via SFP+ and then the 326 will be connected to the 328 also with the SFP+ port.

I was testing out the config by selecting 'Automatic' in the address acquisition in the quick set to see if my SG would give it an IP, which it used to before all of the configs taken place.

I am not really sure where to go from here, hope someone can help, thank you.

The VLAN interfaces should not be added under bridge ports. See https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge section 11 for configuration of VLAN-aware bridges, for your setup sections 11.1, 11.2 and 11.4 are likely to be most relevant.

In general post the output of /export hide-sensitive from a terminal window, and redact other details if required (usually public IP addresses), as a textual description of how you think you have configured the device may not be the whole story.

The VLAN interfaces should not be added under bridge ports. See https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge section 11 for configuration of VLAN-aware bridges, for your setup sections 11.1, 11.2 and 11.4 are likely to be most relevant.

In general post the output of /export hide-sensitive from a terminal window, and redact other details if required (usually public IP addresses), as a textual description of how you think you have configured the device may not be the whole story.

Thanks, I read that a few times but resetting my config and following it actually makes more sense. What I am confused about is the pvids in those sections. Do I need to create the vlans first then follow this or just go ahead and follow this? And if I am just using one port in (ether1) and then one port out (sfpplus1) for these vlans, do the sections mentioned differ in anyway? Since it is being explained as Trunk to access ports or Trunk to Hybrid ports.

EDIT: Noticed what to do, I think. Currently trying to follow 11.2. I was able to create int eh interface bridge1, but then when going to the next step, adding bridge ports to the interface, the the pvids to the other interfaces, the first command spits out a failure saying the device is already added in the bridge port. Then tried just moving along to the second command, adding pvid=10 to int sfpplus1 on bridge1 gives me the same error. Not sure if I am doing something wrong with that.

[admin@MikroTik] > /interface bridge
[admin@MikroTik] /interface bridge> add name=bridge1 vlan-filtering=no
[admin@MikroTik] /interface bridge> port
[admin@MikroTik] /interface bridge port> add bridge=bridge1 interface=ether1
failure: device already added as bridge port
[admin@MikroTik] /interface bridge port> add bridge=bridge1 interface=sfp-sfpplus1 pvid=10
failure: device already added as bridge port
[admin@MikroTik] /interface bridge port>

VLAN handling is confusing compared with, for example, HP where you just specify if a VLAN is tagged or untagged and it sorts everything out for you.

With Mikrotiks in the /interface bridge port section the pvid= parameter only specifies which VLAN ID any untagged ingress traffic is assigned to.

Then the /interface bridge vlan section configures the per-VLAN port membership and egress VLAN tag action, where tagged= ports send out frames with VLAN + specified ID tag, and untagged= ports send out frames with no VLAN tag.

If port is already a member of the bridge, e.g. by using the default configuration after reset, you can't add it again and the Wiki examples are usually fragments to apply where there is no existing configuration. You can change the settings of existing through the command line or using Winbox to achieve the desired results, the CLI can be a bit daunting at first.

VLAN handling is confusing compared with, for example, HP where you just specify if a VLAN is tagged or untagged and it sorts everything out for you.

With Mikrotiks in the /interface bridge port section the pvid= parameter only specifies which VLAN ID any untagged ingress traffic is assigned to.

Then the /interface bridge vlan section configures the per-VLAN port membership and egress VLAN tag action, where tagged= ports send out frames with VLAN + specified ID tag, and untagged= ports send out frames with no VLAN tag.

Ah ok that makes sense. So leave that default on both ports. Then tag the 4 vlans I am going to be using both. I can probably do something like this then
/interface bridge vlan
add bridge=bridge1 tagged=ether1,sfp-sfpplus1 vlan-ids=10
add bridge=bridge1 tagged=ether1,sfp-sfpplus1 vlan-ids=20
add bridge=bridge1 tagged=ether1,sfp-sfpplus1 vlan-ids=30
add bridge=bridge1 tagged=ether1,sfp-sfpplus1 vlan-ids=40

Also, since I was receiving those errors, do I change the bridge on the ports through the bridge window in winbox to bridge1 or just leave it?

EDIT: Noticed you mentioned that in your next comment. Since I am using bridge1 from those manuals, Ill change those two ports to bridge1

If port is already a member of the bridge, e.g. by using the default configuration after reset, you can't add it again and the Wiki examples are usually fragments to apply where there is no existing configuration. You can change the settings of existing through the command line or using Winbox to achieve the desired results, the CLI can be a bit daunting at first.

Sorry to bother again, still running into issues even after following through with those sections. With it configured I was expecting to be able to ping the gateway and I am unable to. Am I doing something wrong?

VLAN handling is confusing compared with, for example, HP where you just specify if a VLAN is tagged or untagged and it sorts everything out for you.

With Mikrotiks in the /interface bridge port section the pvid= parameter only specifies which VLAN ID any untagged ingress traffic is assigned to.

Then the /interface bridge vlan section configures the per-VLAN port membership and egress VLAN tag action, where tagged= ports send out frames with VLAN + specified ID tag, and untagged= ports send out frames with no VLAN tag.

Ah ok that makes sense. So leave that default on both ports. Then tag the 4 vlans I am going to be using both. I can probably do something like this then
/interface bridge vlan
add bridge=bridge1 tagged=ether1,sfp-sfpplus1 vlan-ids=10
add bridge=bridge1 tagged=ether1,sfp-sfpplus1 vlan-ids=20
add bridge=bridge1 tagged=ether1,sfp-sfpplus1 vlan-ids=30
add bridge=bridge1 tagged=ether1,sfp-sfpplus1 vlan-ids=40

Also, since I was receiving those errors, do I change the bridge on the ports through the bridge window in winbox to bridge1 or just leave it?

EDIT: Noticed you mentioned that in your next comment. Since I am using bridge1 from those manuals, Ill change those two ports to bridge1