Hello,
I have just incorporated a CRS326-24G-2S+ and a CRS328-24p-4s+ on a network that uses other manufacturers' switches (Netgear) and routers/APs (Draytek). My question is whether the 3 series switches need to be configured to allow certain tcp/udp ports to passthrough. The reason for this is that I cannot locate the Netgear switches on the network with the management utilities they use and the Draytek router centrally manages its Draytek APs but these now do not appear in the router to manage them. They did before I installed the Mikrotik switches.
I have VLANs set up but if you could answer this general question before going into details it might save time.
Thanks.

CRS3xx are basically switches as transparent as it gets. Unless they are configured to block something. Or misconfigured.

If you want to get some better advice, post complete config (at least of one of switches) - execute /export in terminal windiw and copy-paste the output.

CRS3xx are basically switches as transparent as it gets. Unless they are configured to block something. Or misconfigured.

If you want to get some better advice, post complete config (at least of one of switches) - execute /export in terminal windiw and copy-paste the output.

That is what I assumed, normal switch behaviour but just wanted to check as I am new to MT. I am attaching the config of the CRS326. I can't include the config of the CRS328 because it is running in SwOS. The topology is as follows:
CRS328 - "central switch" with same VLANs as on all other network devices, uplinks to CRS326 via sfp trunk port AND to the main gateway router (Draytek 2862). All 6 APs feed into this CRS328 on ports configured as trunks carrying all the VLANs. This switch also has some access ports to servers and workstations.
CRS326 - additional switch with all access ports on the various VLANs (config attached).
6 APs - two MT CAPac and four Draytek AP902.
Base (native) VLAN is configured as management VLAN and all network devices have static IPs in this subnet.
I am also attaching images of the VLAN configuration on the router, and the central AP management section where the APs should appear but do not. You will see that it says there that UDP 4944 most not be blocked on intermediary switches, but I think they are referring to router firewalls, so this is not the problem with the CRS switches.
I am sure it is just a bad configuration somewhere. Hope you may be able to spot something.

CRS config seems fine, it shouldn't filter anything specific (e.g. according to L3 or L4 properties). But you're saying that it's CRS326 running SwOS which connects Drayteks and Netgears ... so we'd have to see that config as well ...

CRS config seems fine, it shouldn't filter anything specific (e.g. according to L3 or L4 properties). But you're saying that it's CRS326 running SwOS which connects Drayteks and Netgears ... so we'd have to see that config as well ...

Good to know. As far as I could see, on the CRS326 I have not configured any L3 or L4 protocols, all L2. It is the CRS328 that is running with SwOS. I had to get the 328 up and running quickly so used SwOS while I was learning MT on the 326. I should probably revert to RouterOS on the 328 now but as it is in production I am trying to avoid downtime. Not sure if it is unwise to mix SwOS and RouterOS on the same network. Probably not a best practice. I will try and do that as soon as I can.
I can't see any way to export the config on the CRS328 using SwOS. For now I am taking screen grabs of the relevant tabs?. I am attaching them here. Please let me know if you need to see other tabs.
I didn't fully understand from the manual what effect checking "Port isolation" on the Vlans tab has. I left it checked, although I do not have any port isolation configured. Is it better to uncheck port isolation for each VLAN? I think it might be, as my intention is to separate VLANs using tagging rather than ports.
On the Netgear switches (very simple little switches deployed locally close to devices and uplinking to the CRS328) you will see that the ng108P has ports 1,2,3,4 and 8 as trunk ports and 5,6 and 7 as access ports, and the ng108E has ports 1-7 as access ports and port 8 as the trunk.
Now I have discovered something odd which might help diagnose a misconfiguration. As I said, I have set up a Base VLAN (192.168.15.0/24), which I use for management of network devices and so all the devices referred to here have fixed IPs in that subnet. I have just discovered that I can access the management console of the Netgear switches if I connect to the VLAN 1005 (192.168.111.0/24 subnet). That is exactly the opposite of what I was trying to achieve and I don't understand why it happens.
However, I am still not able to access the Draytek APs' management console from any subnet and they are still invisible to the Draytek router. I can access the the two MT CAPacs management console from the Base VLAN subnet.