Community discussions

MikroTik App
 
Cryovenom
just joined
Topic Author
Posts: 3
Joined: Mon Mar 02, 2020 11:26 pm

Switch-only VLAN setup (no routing)

Mon Mar 02, 2020 11:36 pm

Hi Everyone,

I bought a new CRS305-1G-4S+IN and I'm trying to figure out how to set the SFP+ ports up as trunks for VLANs in my network without running into performance issues. I don't need (or want) the Mikrotik to do inter-VLAN routing, but if traffic comes in on SFP4 tagged for VLAN 9 it should be able to head out SFP2 on VLAN 9 at decent speed. If it comes in/out the same ports on VLAN 3, same thing.

So far my efforts haven't been successful. When I don't have any VLANs setup I can push data at decent speeds. But when I add VLANs into the mix my speeds suddenly drop to under 100mbit.

I saw someone mention that there are different ways of setting things up but I don't see any instructions on how to do it through the WebUI.

I was basically using this YouTube vid: https://youtu.be/sdyWKOXMjwY

I am pretty comfortable with CLI on Cisco devices, but I don't even know how to console to my Mikrotik and the config command syntax seems way different.

Help!
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 12979
Joined: Thu Mar 03, 2016 10:23 pm

Re: Switch-only VLAN setup (no routing)

Tue Mar 03, 2020 1:41 pm

The way it's described in YT video is a definitely no-go for CRS3xx (it forces all VLAN traffic through switch's relatively weak CPU instead of using HW capabilities).

Either look into manual or read through this tutorial.

The keyword is: single bridge with setting vlan-filtering=yes.
 
Cryovenom
just joined
Topic Author
Posts: 3
Joined: Mon Mar 02, 2020 11:26 pm

Re: Switch-only VLAN setup (no routing)

Wed Mar 04, 2020 2:23 am

Thanks @mkx

I took the switch config from the "Switch with a separate router" example and re-wrote it. Can I get a sanity check before I go about deploying it?

The only thing I have to figure out is if my Cisco switch will pass the native VLAN packets over the trunk port to the Mikrotik with a VLAN 1 tag or untagged. I'm assuming that it will tag even the native VLAN traffic on a trunk port.

Two additional questions:
- How can I reset the device / regain access to the console if I mess up my connectivity since these don't seem to have a physical console/serial port?
- How do you rename interfaces? The default names of "sfp-sfpplus1" are bulky, I'd prefer to name them just "sfp1"


###############################################################################
# Device:		Jon-Mikrotik-5p-1
# RouterOS:		6.44.5 (long-term)
# Date:			2020-03-03
# Notes:		Start with a reset (/system reset-configuration)
#
#	2020-03-03	JW	Initial Configuration
###############################################################################

#######################################
# Naming
#######################################

# name the device being configured
/system identity set name="Jon-Mikrotik-4p-1"

#######################################
# VLAN Overview
#######################################

# 1 = Base/Main VLAN
# 2 = Storage VLAN
# 3 = Guest Wifi VLAN
# 9 = Connectivity VLAN

#######################################
# Bridge
#######################################

# create one bridge, set VLAN mode off while we configure
/interface bridge add name=BR1 protocol-mode=none vlan-filtering=no

#######################################
#
# -- Access Ports --
#
#######################################

# ingress behavior
/interface bridge port

# sfp-sfpplus1 untagged VLAN 9 to Win 10 Box
add bridge=BR1 interface=sfp-sfpplus1 pvid=9

# egress behavior
/interface bridge vlan

# sfp-sfpplus1 untagged VLAN 9 to Win 10 Box
add bridge=BR1 untagged=sfp-sfpplus1 vlan-ids=9

#######################################
#
# -- Trunk Ports --
#
#######################################

# ingress behavior
/interface bridge port

# Trunk Port - ether1 to Cisco Gigabit Switch
add bridge=BR1 interface=ether1

# Trunk Port - sfp-sfpplus2 to vCenter
add bridge=BR1 interface=sfp-sfpplus2

# Trunk Port - sfp-sfpplus3 to FreeNAS
add bridge=BR1 interface=sfp-sfpplus3

# Trunk Port - sfp-sfpplus4 to pfSense
add bridge=BR1 interface=sfp-sfpplus4

# egress behavior
/interface bridge vlan

# Purple Trunk. L2 switching only, Bridge not needed as tagged member (except BASE_VLAN)
set bridge=BR1 tagged=ether1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4 [find vlan-ids=2]
set bridge=BR1 tagged=ether1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4 [find vlan-ids=3]
set bridge=BR1 tagged=ether1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4 [find vlan-ids=9]
add bridge=BR1 tagged=BR1,ether1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4 vlan-ids=1

#######################################
# IP Addressing & Routing
#######################################

# LAN facing Switch's IP address on a BASE_VLAN
/interface vlan add interface=BR1 name=BASE_VLAN vlan-id=1
/ip address add address=172.30.42.222/24 interface=BASE_VLAN

# The Router's IP this switch will use
/ip route add distance=1 gateway=172.30.42.225

#######################################
# VLAN Security
#######################################

# Only allow ingress packets without tags on Access Ports
/interface bridge port
set bridge=BR1 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged [find interface=sfp-sfpplus1]

# Only allow ingress packets WITH tags on Trunk Ports
set bridge=BR1 ingress-filtering=yes frame-types=admit-only-vlan-tagged [find interface=ether1]
set bridge=BR1 ingress-filtering=yes frame-types=admit-only-vlan-tagged [find interface=sfp-sfpplus2]
set bridge=BR1 ingress-filtering=yes frame-types=admit-only-vlan-tagged [find interface=sfp-sfpplus3]
set bridge=BR1 ingress-filtering=yes frame-types=admit-only-vlan-tagged [find interface=sfp-sfpplus4]

#######################################
# MAC Server settings
#######################################

# Ensure only visibility and availability from BASE_VLAN, the MGMT network
/interface list add name=BASE
/interface list member add interface=BASE_VLAN list=BASE
/ip neighbor discovery-settings set discover-interface-list=BASE
/tool mac-server mac-winbox set allowed-interface-list=BASE
/tool mac-server set allowed-interface-list=BASE


#######################################
# Turn on VLAN mode
#######################################
/interface bridge set BR1 vlan-filtering=yes
 
Cryovenom
just joined
Topic Author
Posts: 3
Joined: Mon Mar 02, 2020 11:26 pm

Re: Switch-only VLAN setup (no routing)

Wed Mar 04, 2020 3:43 pm

Any feedback anyone could give would be appreciated.

Cheers,

Jon
 
planetcoop
Member Candidate
Member Candidate
Posts: 140
Joined: Thu May 15, 2014 2:32 pm
Location: Sacramento, CA

Re: Switch-only VLAN setup (no routing)

Wed Mar 04, 2020 6:01 pm

Take a look at my post above for the CRS354 where i have a few vlans and L2 only access and trunk ports:
viewtopic.php?f=2&t=158289

Who is online

Users browsing this forum: bp0, nichky, seriosha and 33 guests