Hi All,
I come from the world of Cisco and the likes, and now bought a MikroTik CRS317-1G-16S+, and so far i like how "Linux" it feels, but some of the functionality i cant quite wrap my head around, i want to make it a layer3 switch with some VRFs, VLANs and Bonds.
like:
vrf management
rd 10:10
route 0.0.0.0 0.0.0.0 192.168.1.254
vlan 10
name management
interface vlan 10
ip address 192.168.1.1 255.255.255.0
vrf management
and this "vlan interface" should also be the ip i manage the device on, if anyone is able to point me in the right direction i would be happy, also make use hardware offload switch chip as much as possible.
Kind Regards,
Lars Christian Thasenhod
-
-
lthasenhod
just joined
- Posts: 6
- Joined:
help: from Cisco to Mikrotik (vrf lite, vlan, vlan interface, lag)
Last edited by lthasenhod on Sat Jul 24, 2021 10:11 pm, edited 1 time in total.
-
-
lthasenhod
just joined
- Posts: 6
- Joined:
Re: help: from Cisco to Mikrotik (vrf lite, vlan, vlan interface, lag)
Here is my relevant Cisco Config:
ip vrf management
rd 100:100
!
ip vrf inside
rd 110:110
!
ip vrf guest
rd 200:200
!
ip vrf dmz
rd 250:250
!
ip vrf storage
rd 500:500
!
ip vrf vmotion
rd 600:600
!
vlan 100
name management
!
vlan 110
name server
!
vlan 120
name client
!
vlan 200
name guest
!
vlan 250
name client
!
vlan 500
name storage
!
vlan 600
name vmotion
!
vlan 998
name storage
!
interface vlan 100
ip address 172.22.100.1 255.255.255.0
ip vrf forwarding management
!
interface vlan 110
ip address 172.22.110.1 255.255.255.0
ip vrf forwarding inside
!
interface vlan 120
ip address 172.22.120.1 255.255.255.0
ip vrf forwarding inside
!
interface vlan 200
ip address 172.22.200.1 255.255.255.0
ip vrf forwarding guest
!
interface vlan 250
ip address 172.22.250.1 255.255.255.0
ip vrf forwarding dmz
!
interface vlan 500
ip address 172.22.50.1 255.255.255.0
ip vrf forwarding storage
!
interface vlan 600
ip address 172.22.60.1 255.255.255.0
ip vrf forwarding vmotion
!
interface vlan 998
ip address 172.22.250.1 255.255.255.0
ip vrf forwarding inside
!
interface port-channel10
switchport mode access
switchport access vlan 500
spanning-tree portfast
!
interface port-channel20
switchport mode access
switchport access vlan 500
spanning-tree portfast
!
interface ethernet1
switchport mode access
switchport access vlan 500
spanning-tree portfast
channel-group 10 mode active
speed 10000
!
interface ethernet2
switchport mode access
switchport access vlan 500
spanning-tree portfast
channel-group 10 mode active
speed 10000
!
interface ethernet3
switchport mode access
switchport access vlan 500
spanning-tree portfast
channel-group 20 mode active
speed 2500
!
interface ethernet4
switchport mode access
switchport access vlan 500
spanning-tree portfast
channel-group 20 mode active
speed 2500
!
interface ethernet5
switchport mode trunk
switchport trunk vlan allowed 100,110,120,200,250,500,600,998
spanning-tree portfast
speed 10000
!
interface ethernet6
switchport mode trunk
switchport trunk vlan allowed 100,110,120,200,250,500,600,998
spanning-tree portfast
speed 10000
!
interface ethernet7
shutdown
!
interface ethernet8
shutdown
!
interface ethernet9
switchport mode trunk
switchport trunk vlan allowed 100,110,120,200,250,500,600,998
spanning-tree portfast
speed 10000
!
interface ethernet10
switchport mode trunk
switchport trunk vlan allowed 100,110,120,200,250,500,600,998
spanning-tree portfast
speed 10000
!
interface ethernet11
shutdown
!
interface ethernet12
shutdown
!
interface ethernet13
shutdown
!
interface ethernet14
shutdown
!
interface ethernet15
shutdown
!
interface ethernet16
switchport mode access
switchport access vlan 120
spanning-tree portfast
speed 10000
!
interface mgmt0
switchport mode trunk
switchport trunk vlan allowed 100,110,120,200,250,500,600,998
spanning-tree portfast
!
ip route 0.0.0.0 0.0.0.0 null
ip route vrf management 0.0.0.0 0.0.0.0 172.22.100.4
ip route vrf inside 0.0.0.0 0.0.0.0 172.22.255.4
ip route vrf guest 0.0.0.0 0.0.0.0 172.22.200.4
ip route vrf dmz 0.0.0.0 0.0.0.0 172.22.250.4
ip route vrf storage 0.0.0.0 0.0.0.0 null
ip route vrf vmotion 0.0.0.0 0.0.0.0 null
Kind Regards,
Lars Christian Thasenhod
ip vrf management
rd 100:100
!
ip vrf inside
rd 110:110
!
ip vrf guest
rd 200:200
!
ip vrf dmz
rd 250:250
!
ip vrf storage
rd 500:500
!
ip vrf vmotion
rd 600:600
!
vlan 100
name management
!
vlan 110
name server
!
vlan 120
name client
!
vlan 200
name guest
!
vlan 250
name client
!
vlan 500
name storage
!
vlan 600
name vmotion
!
vlan 998
name storage
!
interface vlan 100
ip address 172.22.100.1 255.255.255.0
ip vrf forwarding management
!
interface vlan 110
ip address 172.22.110.1 255.255.255.0
ip vrf forwarding inside
!
interface vlan 120
ip address 172.22.120.1 255.255.255.0
ip vrf forwarding inside
!
interface vlan 200
ip address 172.22.200.1 255.255.255.0
ip vrf forwarding guest
!
interface vlan 250
ip address 172.22.250.1 255.255.255.0
ip vrf forwarding dmz
!
interface vlan 500
ip address 172.22.50.1 255.255.255.0
ip vrf forwarding storage
!
interface vlan 600
ip address 172.22.60.1 255.255.255.0
ip vrf forwarding vmotion
!
interface vlan 998
ip address 172.22.250.1 255.255.255.0
ip vrf forwarding inside
!
interface port-channel10
switchport mode access
switchport access vlan 500
spanning-tree portfast
!
interface port-channel20
switchport mode access
switchport access vlan 500
spanning-tree portfast
!
interface ethernet1
switchport mode access
switchport access vlan 500
spanning-tree portfast
channel-group 10 mode active
speed 10000
!
interface ethernet2
switchport mode access
switchport access vlan 500
spanning-tree portfast
channel-group 10 mode active
speed 10000
!
interface ethernet3
switchport mode access
switchport access vlan 500
spanning-tree portfast
channel-group 20 mode active
speed 2500
!
interface ethernet4
switchport mode access
switchport access vlan 500
spanning-tree portfast
channel-group 20 mode active
speed 2500
!
interface ethernet5
switchport mode trunk
switchport trunk vlan allowed 100,110,120,200,250,500,600,998
spanning-tree portfast
speed 10000
!
interface ethernet6
switchport mode trunk
switchport trunk vlan allowed 100,110,120,200,250,500,600,998
spanning-tree portfast
speed 10000
!
interface ethernet7
shutdown
!
interface ethernet8
shutdown
!
interface ethernet9
switchport mode trunk
switchport trunk vlan allowed 100,110,120,200,250,500,600,998
spanning-tree portfast
speed 10000
!
interface ethernet10
switchport mode trunk
switchport trunk vlan allowed 100,110,120,200,250,500,600,998
spanning-tree portfast
speed 10000
!
interface ethernet11
shutdown
!
interface ethernet12
shutdown
!
interface ethernet13
shutdown
!
interface ethernet14
shutdown
!
interface ethernet15
shutdown
!
interface ethernet16
switchport mode access
switchport access vlan 120
spanning-tree portfast
speed 10000
!
interface mgmt0
switchport mode trunk
switchport trunk vlan allowed 100,110,120,200,250,500,600,998
spanning-tree portfast
!
ip route 0.0.0.0 0.0.0.0 null
ip route vrf management 0.0.0.0 0.0.0.0 172.22.100.4
ip route vrf inside 0.0.0.0 0.0.0.0 172.22.255.4
ip route vrf guest 0.0.0.0 0.0.0.0 172.22.200.4
ip route vrf dmz 0.0.0.0 0.0.0.0 172.22.250.4
ip route vrf storage 0.0.0.0 0.0.0.0 null
ip route vrf vmotion 0.0.0.0 0.0.0.0 null
Kind Regards,
Lars Christian Thasenhod
Last edited by lthasenhod on Sat Jul 24, 2021 10:11 pm, edited 2 times in total.
-
-
lthasenhod
just joined
- Posts: 6
- Joined:
Re: help: from Cisco to Mikrotik (vrf lite, vlan, vlan interface, lag)
Here is my MicroTik configuration so far, all input is appreciated.
/interface bridge
add name=bridge-dmz vlan-filtering=yes
add name=bridge-guest vlan-filtering=yes
add name=bridge-inside vlan-filtering=yes
add name=bridge-management vlan-filtering=yes
add name=bridge-storage vlan-filtering=yes
add name=bridge-vmotion vlan-filtering=yes
/interface ethernet
set [ find default-name=sfp-sfpplus1 ] name=ethernet1
set [ find default-name=sfp-sfpplus2 ] name=ethernet2
set [ find default-name=sfp-sfpplus3 ] name=ethernet3
set [ find default-name=sfp-sfpplus4 ] name=ethernet4
set [ find default-name=sfp-sfpplus5 ] name=ethernet5
set [ find default-name=sfp-sfpplus6 ] name=ethernet6
set [ find default-name=sfp-sfpplus7 ] name=ethernet7
set [ find default-name=sfp-sfpplus8 ] name=ethernet8
set [ find default-name=sfp-sfpplus9 ] name=ethernet9
set [ find default-name=sfp-sfpplus10 ] name=ethernet10
set [ find default-name=sfp-sfpplus11 ] name=ethernet11
set [ find default-name=sfp-sfpplus12 ] name=ethernet12
set [ find default-name=sfp-sfpplus13 ] name=ethernet13
set [ find default-name=sfp-sfpplus14 ] name=ethernet14
set [ find default-name=sfp-sfpplus15 ] name=ethernet15
set [ find default-name=sfp-sfpplus16 ] name=ethernet16
set [ find default-name=ether1 ] name=mgmt0
/interface vlan
add name=vlan-client vlan-id=120
add name=vlan-dmz vlan-id=250
add name=vlan-guest vlan-id=200
add name=vlan-management vlan-id=100
add name=vlan-server vlan-id=110
add name=vlan-storage vlan-id=500
add name=vlan-transit vlan-id=998
add name=vlan-vmotion vlan-id=600
/interface bonding
add mode=802.3ad name=port-channel10 slaves=ethernet1,ethernet2 transmit-hash-policy=layer-2-and-3
add mode=802.3ad name=port-channel20 slaves=ethernet3,ethernet4 transmit-hash-policy=layer-2-and-3
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface bridge port
add interface=port-channel10 pvid=500
add interface=port-channel20 pvid=110
add interface=mgmt0
add interface=ethernet5
add interface=ethernet6
add interface=ethernet7
add interface=ethernet8
add interface=ethernet9
add interface=ethernet10
add interface=ethernet11
add interface=ethernet12
add interface=ethernet13
add interface=ethernet14
add interface=ethernet15
add interface=ethernet16 pvid=120
/interface bridge vlan
add bridge=bridge-management tagged=bridge-management,mgmt0,ethernet5,ethernet6,ethernet9,ethernet10 vlan-ids=100
add bridge=bridge-inside tagged=bridge-inside,mgmt0,ethernet5,ethernet6,ethernet9,ethernet10 untagged=port-channel20 \
vlan-ids=110
add bridge=bridge-inside tagged=bridge-inside,mgmt0,ethernet5,ethernet6,ethernet9,ethernet10 untagged=ethernet16 vlan-ids=\
120
add bridge=bridge-guest tagged=bridge-guest,mgmt0,ethernet5,ethernet6,ethernet9,ethernet10 vlan-ids=200
add bridge=bridge-dmz tagged=bridge-dmz,mgmt0,ethernet5,ethernet6,ethernet9,ethernet10 vlan-ids=250
add bridge=bridge-storage tagged=bridge-storage,mgmt0,ethernet5,ethernet6,ethernet9,ethernet10 untagged=port-channel10 \
vlan-ids=500
add bridge=bridge-vmotion tagged=bridge-vmotion,mgmt0,ethernet5,ethernet6,ethernet9,ethernet10 vlan-ids=600
add bridge=bridge-inside tagged=bridge-inside,mgmt0,ethernet5,ethernet6,ethernet9,ethernet10 vlan-ids=998
/ip address
add address=172.22.100.3/24 interface=vlan-management network=172.22.100.0
add address=172.22.110.1/24 interface=vlan-server network=172.22.110.0
add address=172.22.120.1/24 interface=vlan-client network=172.22.120.0
add address=172.22.200.1/24 interface=vlan-guest network=172.22.200.0
add address=172.22.250.1/24 interface=vlan-dmz network=172.22.250.0
add address=172.22.255.2/24 interface=vlan-transit network=172.22.255.0
add address=172.22.50.1/24 interface=vlan-storage network=172.22.50.0
add address=172.22.60.1/24 interface=vlan-vmotion network=172.22.60.0
/ip route
add distance=1 gateway=172.22.100.4 routing-mark=vrf-management
add distance=1 gateway=172.22.255.4 routing-mark=vrf-inside
add distance=1 gateway=172.22.200.4 routing-mark=vrf-guest
add distance=1 gateway=172.22.250.4 routing-mark=vrf-dmz
/ip route vrf
add interfaces=bridge-management route-distinguisher=100:100 routing-mark=vrf-management
add interfaces=bridge-inside route-distinguisher=110:110 routing-mark=vrf-inside
add interfaces=bridge-guest route-distinguisher=200:200 routing-mark=vrf-guest
add interfaces=bridge-dmz route-distinguisher=250:250 routing-mark=vrf-dmz
add interfaces=bridge-storage route-distinguisher=500:500 routing-mark=vrf-storage
add interfaces=bridge-vmotion route-distinguisher=600:600 routing-mark=vrf-vmotion
Kind Regards,
Lars Christian Thasenhod
/interface bridge
add name=bridge-dmz vlan-filtering=yes
add name=bridge-guest vlan-filtering=yes
add name=bridge-inside vlan-filtering=yes
add name=bridge-management vlan-filtering=yes
add name=bridge-storage vlan-filtering=yes
add name=bridge-vmotion vlan-filtering=yes
/interface ethernet
set [ find default-name=sfp-sfpplus1 ] name=ethernet1
set [ find default-name=sfp-sfpplus2 ] name=ethernet2
set [ find default-name=sfp-sfpplus3 ] name=ethernet3
set [ find default-name=sfp-sfpplus4 ] name=ethernet4
set [ find default-name=sfp-sfpplus5 ] name=ethernet5
set [ find default-name=sfp-sfpplus6 ] name=ethernet6
set [ find default-name=sfp-sfpplus7 ] name=ethernet7
set [ find default-name=sfp-sfpplus8 ] name=ethernet8
set [ find default-name=sfp-sfpplus9 ] name=ethernet9
set [ find default-name=sfp-sfpplus10 ] name=ethernet10
set [ find default-name=sfp-sfpplus11 ] name=ethernet11
set [ find default-name=sfp-sfpplus12 ] name=ethernet12
set [ find default-name=sfp-sfpplus13 ] name=ethernet13
set [ find default-name=sfp-sfpplus14 ] name=ethernet14
set [ find default-name=sfp-sfpplus15 ] name=ethernet15
set [ find default-name=sfp-sfpplus16 ] name=ethernet16
set [ find default-name=ether1 ] name=mgmt0
/interface vlan
add name=vlan-client vlan-id=120
add name=vlan-dmz vlan-id=250
add name=vlan-guest vlan-id=200
add name=vlan-management vlan-id=100
add name=vlan-server vlan-id=110
add name=vlan-storage vlan-id=500
add name=vlan-transit vlan-id=998
add name=vlan-vmotion vlan-id=600
/interface bonding
add mode=802.3ad name=port-channel10 slaves=ethernet1,ethernet2 transmit-hash-policy=layer-2-and-3
add mode=802.3ad name=port-channel20 slaves=ethernet3,ethernet4 transmit-hash-policy=layer-2-and-3
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface bridge port
add interface=port-channel10 pvid=500
add interface=port-channel20 pvid=110
add interface=mgmt0
add interface=ethernet5
add interface=ethernet6
add interface=ethernet7
add interface=ethernet8
add interface=ethernet9
add interface=ethernet10
add interface=ethernet11
add interface=ethernet12
add interface=ethernet13
add interface=ethernet14
add interface=ethernet15
add interface=ethernet16 pvid=120
/interface bridge vlan
add bridge=bridge-management tagged=bridge-management,mgmt0,ethernet5,ethernet6,ethernet9,ethernet10 vlan-ids=100
add bridge=bridge-inside tagged=bridge-inside,mgmt0,ethernet5,ethernet6,ethernet9,ethernet10 untagged=port-channel20 \
vlan-ids=110
add bridge=bridge-inside tagged=bridge-inside,mgmt0,ethernet5,ethernet6,ethernet9,ethernet10 untagged=ethernet16 vlan-ids=\
120
add bridge=bridge-guest tagged=bridge-guest,mgmt0,ethernet5,ethernet6,ethernet9,ethernet10 vlan-ids=200
add bridge=bridge-dmz tagged=bridge-dmz,mgmt0,ethernet5,ethernet6,ethernet9,ethernet10 vlan-ids=250
add bridge=bridge-storage tagged=bridge-storage,mgmt0,ethernet5,ethernet6,ethernet9,ethernet10 untagged=port-channel10 \
vlan-ids=500
add bridge=bridge-vmotion tagged=bridge-vmotion,mgmt0,ethernet5,ethernet6,ethernet9,ethernet10 vlan-ids=600
add bridge=bridge-inside tagged=bridge-inside,mgmt0,ethernet5,ethernet6,ethernet9,ethernet10 vlan-ids=998
/ip address
add address=172.22.100.3/24 interface=vlan-management network=172.22.100.0
add address=172.22.110.1/24 interface=vlan-server network=172.22.110.0
add address=172.22.120.1/24 interface=vlan-client network=172.22.120.0
add address=172.22.200.1/24 interface=vlan-guest network=172.22.200.0
add address=172.22.250.1/24 interface=vlan-dmz network=172.22.250.0
add address=172.22.255.2/24 interface=vlan-transit network=172.22.255.0
add address=172.22.50.1/24 interface=vlan-storage network=172.22.50.0
add address=172.22.60.1/24 interface=vlan-vmotion network=172.22.60.0
/ip route
add distance=1 gateway=172.22.100.4 routing-mark=vrf-management
add distance=1 gateway=172.22.255.4 routing-mark=vrf-inside
add distance=1 gateway=172.22.200.4 routing-mark=vrf-guest
add distance=1 gateway=172.22.250.4 routing-mark=vrf-dmz
/ip route vrf
add interfaces=bridge-management route-distinguisher=100:100 routing-mark=vrf-management
add interfaces=bridge-inside route-distinguisher=110:110 routing-mark=vrf-inside
add interfaces=bridge-guest route-distinguisher=200:200 routing-mark=vrf-guest
add interfaces=bridge-dmz route-distinguisher=250:250 routing-mark=vrf-dmz
add interfaces=bridge-storage route-distinguisher=500:500 routing-mark=vrf-storage
add interfaces=bridge-vmotion route-distinguisher=600:600 routing-mark=vrf-vmotion
Kind Regards,
Lars Christian Thasenhod
Last edited by lthasenhod on Sun Jul 25, 2021 6:59 pm, edited 1 time in total.
-
-
lthasenhod
just joined
- Posts: 6
- Joined:
Re: help: from Cisco to Mikrotik (vrf lite, vlan, vlan interface, lag) [SOLVED]
Dear All,
Thanks for the suggestions, after talking with Support it seems MikroTik can not do this, and i unfortunatly have to revert to my Cisco 3650X switch.
Kind Regards,
Lars Christian Thasenhod
Thanks for the suggestions, after talking with Support it seems MikroTik can not do this, and i unfortunatly have to revert to my Cisco 3650X switch.
Kind Regards,
Lars Christian Thasenhod
Re: help: from Cisco to Mikrotik (vrf lite, vlan, vlan interface, lag)
Any references on this setup. Cisco trunk port going to mikrotik trunk port going to mikrtok. Please help me. Thanks. My setup is on attached file
You do not have the required permissions to view the files attached to this post.
Who is online
Users browsing this forum: No registered users and 30 guests