Community discussions

MikroTik App
 
NathanR
just joined
Topic Author
Posts: 3
Joined: Thu Feb 25, 2021 5:13 am

VLAN & Trunk on CRS354 & other questions

Thu Feb 25, 2021 8:35 pm

I need to make a simple VLAN configuration. I admit ROS is completely foreign to me.
I can program CISCO switches easily so I know what I want.

I've read through all the guides, and while actually performing the commands is slowly getting easier things are still unclear.

What I want to do is pretty simple.

Vlans:
VLAN 10 - Staff
VLAN 20 - Staff2
VLAN 50 - Guest
VLAN 100 - MGT

Interfaces:
1-40 VLAN 10
41-48 Trunk 10,20,50,100 [for access points or uplink or downlink to other switches]
48 = uplink to unifi gateway with vlans & networks created
49 = mgt access (VLAN 10)

Questions:

-Under "/interface bridge vlan" do I really have to list all 40 ports as untaged? [vice-versa, do I really need to list every tagged port for every untaged port?]
-Why do the interface numbers change? My goodness this is the most annoying thing!
-After deleting all the interfaces inside the default bridge group, I run this command to add most ports to the new bridge; it doesn't work for multiple interfaces. Do I really need to do this individually 40 times? "add bridge=BridgeStaff interface=ether1,2,3,...,40 pvid=10"
-Do I need to specify the "hw=yes" flag (I assume this is for hardware offloading)?
-If I rename an interface with a human understandable name, what is the best way to keep the interfaces in order? (eg. 1-RM207-Mary, 2-RM307-Bob) [I'm useed to CISCO gi1/1 or te1/1 being consistent and adding description to interface]
-Under bridge port print, what does *3E mean?
-Is "/export" same as 'show run'?
-When I run "/interface bridge vlan add bridge=BridgeStaff tagged=ether48 untagged=ether1 vlan-ids=10" it says failure vlan already added
-How do I tell what an interface is setup as (turnk, access, vlan, etc) "/interface ethernet print" is super vague [/interface bridge port> print] might work
-


Notes:
Under "/interface bridge port>" keep removing 1,2,3,4,5,6,7,8,9,10 until all the ports are removed [hint: use 'print' to show the current interfaces inside the bridge]

Seems Mikrotik's implementation of vlans and trunks is absurdly complicated and not necessary. I cannot wait for SwOS to come out, until then; buying more of this switch is out of the question. The smaller CRS328-24P-4S+RM is great though with SwOS.

References:
https://www.reddit.com/r/mikrotik/comme ... _a_bridge/
https://wiki.mikrotik.com/wiki/Manual:I ... s_Ports.29
https://wiki.mikrotik.com/wiki/Manual:Bridge_VLAN_Table
https://help.mikrotik.com/docs/display/ ... figuration
https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge
https://youtu.be/ZMMpza-O7_w
 
tdw
Forum Guru
Forum Guru
Posts: 2084
Joined: Sat May 05, 2018 11:55 am

Re: VLAN & Trunk on CRS354 & other questions

Thu Feb 25, 2021 9:50 pm

-Under "/interface bridge vlan" do I really have to list all 40 ports as untaged? [vice-versa, do I really need to list every tagged port for every untaged port?]
No. The untagged membership will be dynamically generated from the pvid= settings under /interface bridge port

-Why do the interface numbers change? My goodness this is the most annoying thing!
For physical interfaces they shouldn't change as they already exist and cannot be removed. For interfaces which can be added (e.g. tunnels, VLANs) an internal index number is created and used behind the scenes where the name is used in configuration statements, so when an interface is renamed you do not have to change the name used in all of the statements.

-After deleting all the interfaces inside the default bridge group, I run this command to add most ports to the new bridge; it doesn't work for multiple interfaces. Do I really need to do this individually 40 times? "add bridge=BridgeStaff interface=ether1,2,3,...,40 pvid=10"
Why remove the ports from the bridge in the default configuration and add them to another one? Just change the desired settings.

-Do I need to specify the "hw=yes" flag (I assume this is for hardware offloading)?
IIRC it is the default so can be left out.

-If I rename an interface with a human understandable name, what is the best way to keep the interfaces in order? (eg. 1-RM207-Mary, 2-RM307-Bob) [I'm useed to CISCO gi1/1 or te1/1 being consistent and adding description to interface]
I either append something descriptive to the original name, e.g. ether1-RM207-Mary, or leave the name unchanged and add a comment to the interface.

-Under bridge port print, what does *3E mean?
That is the internal index number for an interface which has been deleted.

-Is "/export" same as 'show run'?
Pretty much. Unlike Cisco, where you make changes to the running configuration and then save them, configuration changes are immediate. You can use Safe Mode which will roll back changes on loss of connectivity to Winbox/CLI.

-When I run "/interface bridge vlan add bridge=BridgeStaff tagged=ether48 untagged=ether1 vlan-ids=10" it says failure vlan already added
Once you have created something with add you should use set to modify it.

-How do I tell what an interface is setup as (turnk, access, vlan, etc) "/interface ethernet print" is super vague [/interface bridge port> print] might work
/interface bridge port print and /interface bridge vlan print are the correct place to look for the PVID and VLAN memberships. /interface ethernet print is just for the underlying physical interfaces.

Seems Mikrotik's implementation of vlans and trunks is absurdly complicated and not necessary. I cannot wait for SwOS to come out, until then; buying more of this switch is out of the question. The smaller CRS328-24P-4S+RM is great though with SwOS.
It is just different, I don't particularly like the Cisco CLI compared to HP.

For trunk and hybrid ports viewtopic.php?f=2&t=166507#p818741 may be useful.
 
NathanR
just joined
Topic Author
Posts: 3
Joined: Thu Feb 25, 2021 5:13 am

Re: VLAN & Trunk on CRS354 & other questions

Thu Feb 25, 2021 10:59 pm

Thank you for the help, I greatly appreciate it!
-Under "/interface bridge vlan" do I really have to list all 40 ports as untaged? [vice-versa, do I really need to list every tagged port for every untaged port?]
No. The untagged membership will be dynamically generated from the pvid= settings under /interface bridge port
That makes sense, it seemed to do it automatically; but instructions said to do it. Probably old and no longer necessary.
-Why do the interface numbers change? My goodness this is the most annoying thing!
For physical interfaces they shouldn't change as they already exist and cannot be removed. For interfaces which can be added (e.g. tunnels, VLANs) an internal index number is created and used behind the scenes where the name is used in configuration statements, so when an interface is renamed you do not have to change the name used in all of the statements.
Well, when I do a 'remove' command in /int bri port mode and delete 0,1,2 which are respectively interfaces mgt,eth1,eth2.
Now eth3,4,5... start and 0,1,2 its very frustrating. I'd rather always look for the same numbers eg. MGT = 49 not 0...
Basically the physical definitions don't change, but the references do and its very annoying when all commands are reference based not physically based.
Unless I'm missing something...
-After deleting all the interfaces inside the default bridge group, I run this command to add most ports to the new bridge; it doesn't work for multiple interfaces. Do I really need to do this individually 40 times? "add bridge=BridgeStaff interface=ether1,2,3,...,40 pvid=10"
Why remove the ports from the bridge in the default configuration and add them to another one? Just change the desired settings.
I had to remove because it wouldn't take, I did try the set command and the bridge group still wouldn't work.
-Do I need to specify the "hw=yes" flag (I assume this is for hardware offloading)?
IIRC it is the default so can be left out.
Thanks, it seems to be the case. I did eth1-40 (can they please add ranges soon) and verified in winbox and print commands that the hw flag is set.
-If I rename an interface with a human understandable name, what is the best way to keep the interfaces in order? (eg. 1-RM207-Mary, 2-RM307-Bob) [I'm useed to CISCO gi1/1 or te1/1 being consistent and adding description to interface]
I either append something descriptive to the original name, e.g. ether1-RM207-Mary, or leave the name unchanged and add a comment to the interface.
That works, still reference based commands are annoying
How do I had a comment? using Set? nvm figured it out.
How do I see the interface comment name in someplace useful besides print? (winbox or webpage)
-Under bridge port print, what does *3E mean?
That is the internal index number for an interface which has been deleted.
Gotcha.
-Is "/export" same as 'show run'?
Pretty much. Unlike Cisco, where you make changes to the running configuration and then save them, configuration changes are immediate. You can use Safe Mode which will roll back changes on loss of connectivity to Winbox/CLI.
Found that out the hard way :P I need to learn how to use Safe Mode now...
-When I run "/interface bridge vlan add bridge=BridgeStaff tagged=ether48 untagged=ether1 vlan-ids=10" it says failure vlan already added
Once you have created something with add you should use set to modify it.
I tried to use set to modify things, it doesn't really work. For instance, I tried to modify the bridge port to include 41-48, but It never worked so I had to delete e48 (#41) so I could re-add all of them.
[add bridge=B interface=ether41-48]

Second for instance, I tried to add ether 41 to the bridge vlan
[set bridge=B tagged=ether41 vlan-ids=10]

It will never take, I had to remove the e48 and re-add all manually. Very annoying to do 32 manual lines of values
-How do I tell what an interface is setup as (turnk, access, vlan, etc) "/interface ethernet print" is super vague [/interface bridge port> print] might work
/interface bridge port print and /interface bridge vlan print are the correct place to look for the PVID and VLAN memberships. /interface ethernet print is just for the underlying physical interfaces.
How do I tell what vlans a trunk interface has easily?
nvm, "/interface bridge vlan print" seems to work well enough
Seems Mikrotik's implementation of vlans and trunks is absurdly complicated and not necessary. I cannot wait for SwOS to come out, until then; buying more of this switch is out of the question. The smaller CRS328-24P-4S+RM is great though with SwOS.
It is just different, I don't particularly like the Cisco CLI compared to HP.
Different is true, but I feel its an understatement for simple things to have such a slow way of doing things. no range commands is a big thing. Yeah I saw the for loop thing, but I couldn't get it to work properly.
For trunk and hybrid ports viewtopic.php?f=2&t=166507#p818741 may be useful.
Thank you, that is very helpful!

One last question:
What does it mean when the pvid =1 on teh trunk interfaces? is that the same thing as CISCO saying VLAN 1 for their trunk interfaces?
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 22199
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: VLAN & Trunk on CRS354 & other questions

Thu Feb 25, 2021 11:27 pm

For switch chip configs........
https://www.youtube.com/watch?v=Rj9aPoyZOPo

For Bridge vlan configs
viewtopic.php?f=23&t=143620
 
tdw
Forum Guru
Forum Guru
Posts: 2084
Joined: Sat May 05, 2018 11:55 am

Re: VLAN & Trunk on CRS354 & other questions

Thu Feb 25, 2021 11:52 pm

Well, when I do a 'remove' command in /int bri port mode and delete 0,1,2 which are respectively interfaces mgt,eth1,eth2.
Now eth3,4,5... start and 0,1,2 its very frustrating. I'd rather always look for the same numbers eg. MGT = 49 not 0...
Basically the physical definitions don't change, but the references do and its very annoying when all commands are reference based not physically based.
Unless I'm missing something...
Ah, at cross purposes. In addition to interfaces having an internal index numbers, any objects added in menus are enumerated by position so deleting an earlier one will move the later ones down. Typically you would use find to obtain the enumeration index/indices.

Why remove the ports from the bridge in the default configuration and add them to another one? Just change the desired settings.
I had to remove because it wouldn't take, I did try the set command and the bridge group still wouldn't work.
Likely syntax of your set command (see example below)

How do I see the interface comment name in someplace useful besides print? (winbox or webpage)
In Winbox if you select Interfaces from the menu they appear above each corresponding interface in the Interface List window.

I tried to use set to modify things, it doesn't really work.
Second for instance, I tried to add ether 41 to the bridge vlan
[set bridge=B tagged=ether41 vlan-ids=10]
Having done
/interface bridge vlan
add bridge=B vlan-ids=10

you can then modify it
/interface bridge vlan
set [ find vlan-ids=10 ] tagged=ether41


Note that you can't specify additional values to a parameter, you have to specify all of them - tagged=ether41 would replace any previous values. It is possible to look up the existing values and add to them
/interface bridge vlan
set tagged=([get value-name=untagged [find vlan-ids=10]],"ether41") [find vlan-ids=10]


Different is true, but I feel its an understatement for simple things to have such a slow way of doing things. no range commands is a big thing. Yeah I saw the for loop thing, but I couldn't get it to work properly.
For the higher port count devices not having ranges does make things cumbersome. Also having the bridge VLANs only referenced by VLAN ID, rather than by port or VLAN (which HPs do), is not great. I do tend to use Winbox over the CLI.

What does it mean when the pvid =1 on teh trunk interfaces? is that the same thing as CISCO saying VLAN 1 for their trunk interfaces?
Adding a member under /interface bridge port by default will make an access port with PVID 1, then adding tagged VLAN membership under /interface bridge vlan will change the port to hybrid. For a pure trunk port with no native VLAN you have to use the frame-types=admit-only-vlan-tagged ingress-filtering=yes options when adding the bridge port.