Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

Switching VLANS on CRS328

Post Reply
 
ackninja
just joined
Topic Author
Posts: 2
Joined: Tue Jan 24, 2017 8:31 pm
Location: Switzerland

Switching VLANS on CRS328

Sun Apr 26, 2020 12:37 pm

Hello,

I have a Mikrotik CRS328 running RouterOS 6.46.4 and I am trying to find which documentation is right and describe properly the way to do VLAN and enforce them on a CRS328. There seem to be multiple ways to achieve this and some documentations seem to contradict each other.

Honestly, being an experienced network engineer on other NOS platforms, I find the switching part on Mikrotik to be challenging, not because due to the CLI which is fine, but because older versions of RouterOS refer to a "master-slave", while never seem to have a more traditional approach, however, the discrepancy between CRS1xx & CRS2xx and CRS3xx is not helping understand what to do and why it is right.

So long story short, I am trying to isolate networks into respective VLANs. My goal is simple, I wish to separate my Internet, DMZ, LAN and High Secure LAN into respective VLANs 10, 20, 30 and 40. My port ether1 is meant to be the trunk with VLANs 10,20,30,40 and my port ether2 is meant to be VLAN10, ether3 be VLAN20, ether4 be VLAN30 and ether5 be VLAN40. I plan to disable (shut) the other ports, but should they be enable I expect them to only see network on VLAN1 and I do not want any of ether1 to ether5 to be able to speak unless they have a common VLAN.

According to this documentation (https://wiki.mikrotik.com/wiki/Manual:B ... _switching) the first step is to create a bridge. No problem with that, but when one creates a bridge on a CRS328 the ports, even if enforced to have hardware offloading will not have it enabled according to the menu in "/interface bridge port". Another documentation (https://wiki.mikrotik.com/wiki/Manual:S ... _isolation) mentions that switches with single cheap do not support hardware offloading with multiple bridges and port isolation should be used. I also noticed that vlan-filtering must be applied on the bridge.

I am a bit lost to be honest.

My questions are quite simple:

  • Should I be using additional bridges or rely on the native bridge?
  • Is there anything to do to avoid other ports to be able to discuss on VLAN1?
  • Am I missing something?
  • Any example on CRS328 and CRS112 available?

If anybody can explain me what are the steps to do it right on a CRS328 and by contrast how to do it on a CRS112, I would really highly appreciate and I am sure this could help other people as the documentations are somewhat subject to debate for someone with limited exposure to Mikrotik, for example with creating a new bridge as opposed to using the existing native one.

Many thanks.
Top
Post Reply
  4. RouterOS
  5. Beginner Basics