MikroTik

I am somewhat confused as to how to configure vlans on this switch (css326-24g-2s+rm) I just purchased. The Vlan config does not match the same as your SWOS documentation. For example, there is no ingress/egress, so where is this to be found? I simply want to know how to configure trunk ports, tagged ports and access ports.

I have attached screenshots to show how different it is from documentation and the lack of "egress" and "ingress" as stated in the docs.
https://wiki.mikrotik.com/wiki/SwOS#VLAN_Tab

The wiki does not seem to cover SwOS 2.0 for now
I hope mikrotik is going to update it quickly because swos 2.0 is not behaving the same as pre-2.0 when considering VLANs

I would also appreciate help from the Mikrotik folks on this, even if the official documentation is not done. I am moving from a netgear gss116e switch with several vlans and a couple of trunked ports. From the earlier documents I could figure out how to match my setup, but with the new UI, it's not clear to me at all.

My setup on the netgear is (using 802.1Q screens):

ports 1-4,sfp1,sfp2, VLAN=1, untagged, pvid=1
ports 5-8, VLAN=10, untagged, pvid=10
ports 9,10, VLAN=10, 400,401,402,403,404, tagged, pvid=10 (trunk ports)
ports 11-14, VLAN=5, untagged, pvid=5
ports 15,16, VLAN=5, tagged, pvid=5

Any pointers on how to replicate this on SwOS 2.0? FYI, this is someone elses design, so I can't answer why things are the way they are, only that it works on the netgear.

The main reason I'm using the css326-24g-2s+rm is for the 10G SFP ports which is used for iSCSI traffic to sync two virtual SANs. Up until now, I have to run both switches, using the css326 to link the 10G ports and the netgear for all the other gigabit ports.

Any help appreciated.

Thanks,

DRC

Hello,
Here is the link to a basic VLAN configuration example for CSS326-24G-2S+:
https://wiki.mikrotik.com/wiki/SWOS/CSS326-VLAN-Example
It should at least point to the right direction how VLANs should be configured on CSS326-24G-2S+.

Thanks for starting the documentation, becs. Would you mind answering a few questions about the exposed VLAN knobs?

• Does the "enabled" VLAN mode in 2.x check to see that the port is a member of the VLAN like the "strict" mode in 1.x, or just that the VLAN is configured on the switch like the "enabled" mode in 1.x?
• Since there is not an option in 2.x to specify whether to leave as-is, strip, or add VLAN headers to egressing packets, do packets always egress untagged on a port where the default VLAN ID of the port matches that of the packet, and tagged if the default VLAN ID does not match?
• What does the "port isolation" checkbox on the VLANs tab do?

My setup on the netgear is (using 802.1Q screens):

ports 1-4,sfp1,sfp2, VLAN=1, untagged, pvid=1
ports 5-8, VLAN=10, untagged, pvid=10
ports 9,10, VLAN=10, 400,401,402,403,404, tagged, pvid=10 (trunk ports)
ports 11-14, VLAN=5, untagged, pvid=5
ports 15,16, VLAN=5, tagged, pvid=5

Any pointers on how to replicate this on SwOS 2.0? FYI, this is someone elses design, so I can't answer why things are the way they are, only that it works on the netgear.

Here's my attempt, based on becs's example and my own working setup:





Hope that helps!

Does the "enabled" VLAN mode in 2.x check to see that the port is a member of the VLAN like the "strict" mode in 1.x, or just that the VLAN is configured on the switch like the "enabled" mode in 1.x?

In SwOS v2.0 on CSS326 VLAN Mode "enabled" works as the VLAN Mode "strict" on RB260 (CSS106), the membership of the ingress port is important, too.
We will consider renaming it to "strict" on CSS326 for better understanding.

Since there is not an option in 2.x to specify whether to leave as-is, strip, or add VLAN headers to egressing packets, do packets always egress untagged on a port where the default VLAN ID of the port matches that of the packet, and tagged if the default VLAN ID does not match?

Yes, your assumption is correct.

What does the "port isolation" checkbox on the VLANs tab do?

"Port Isolation" checkbox in the VLANs tab specifies whether configuration from Port Isolation menu applies to the particular VLAN.

@ryan3531 -- thanks very much, i'll give it a try when I get a chance and report back. I appreciate the response. -- DRC

simple question,
management vlan on a trunk port

i want to use the sfp+ port to send vlan 5,9,11,33,23,43 where management vlan will be 43.
how do i go about setting it up on the switch?

simple question,
management vlan on a trunk port

i want to use the sfp+ port to send vlan 5,9,11,33,23,43 where management vlan will be 43.
how do i go about setting it up on the switch?

also cannot get management over tagged vlan working. any new docs on it? cmon, many months passed...

Running a CSS326 with SwOS 2.4. Is management over VLAN working yet? I'm afraid to enable it as it locked me out at 2.0, but if it's not working, I have no remote access to a switch that is a 45 minute drive up a crappy dirt 4x4 road to get to.

Hello, CSS326 management VLAN with tagged packets worked before and the problems with untagged packets are fixed since SwOS v2.3:

What's new in v2.3:
*) fixed "Allow From VLAN" on untagged packets with correct default vlan id;

Hello, CSS326 management VLAN with tagged packets worked before and the problems with untagged packets are fixed since SwOS v2.3:

What's new in v2.3:
*) fixed "Allow From VLAN" on untagged packets with correct default vlan id;

Thanks becs. Turns out that shortly after I posted the question I had remoted into a computer at home and confirmed that I could access the CSS326 remotely via the microwave link trunk. Nice to get the confirmation however.

In SwOS v2.0 on CSS326 VLAN Mode "enabled" works as the VLAN Mode "strict" on RB260 (CSS106), the membership of the ingress port is important, too.
We will consider renaming it to "strict" on CSS326 for better understanding.

It seemes that this is wrong, or this is not working correctly. I just have CSS326 and following setup:
Port 2, VLAN mode=enabled, Default VLAN id=1.
This port is connected to network with VLAN1 untagged, VLAN7 tagged.
Vlan table consists of VLANs 1, 2, 3, 7, 3000, 3001. Only VLAN 1 is enabled on port 2.
All other ports on the switch are unconnected.

Nevertheless, Hosts table shows entries on VLAN 7. The switch is accessible via VLAN7.

Tested on firmware 2.0p, 2.4. Version 2.5 is broken in other ways, so I have not tested the problem with it.

Update: VLAN modes "optional" and "enabled" work exactly the same for me.

version 2.7 SWos -- CRS326

I still can not access management VLAN when set on switch while connected to port1 on same switch. Still issues?

Configure 'VLANs'
99 - all ports are members

Configure 'VLAN' on port1
Vlan Mode - enabled,
Vlan Receive - Only untagged,
Default Vlan Id - 99
Force VLANid - ticked

Configure management interface on VLAN99
Allow from Vlan - 99

What I would like to have:
Management on VLAN99, can be accessed either via trunk port for remote managment or via port1,