Hello, who can helps me with setup a vlan config on my crs125-24g-1s devices.
Device 1: router crs125-24g-1s-2hnd-in (latest firmware)
ether1: wan1
ether2: management
ether3: connection to device2
ether04-16: vlan10
ether17-20: vlan20
ether21-24: vlan30
Device 2: switch crs125-25g-1s-rm (latest firmware)
ether1: management
ether2: connection to device1
ether03-16: vlan10
ether17-20: vlan20
ether21-24: vlan30
Goals:
- vlan10 are my servers (communication between servers allowed, wan traffic allowed, only limited traffic to/from vlan10)
- vlan20 are my workstations (no communication between workstations, wan traffic allowed, only limited traffic to/from vlan10)
- vlan30 guest network (only wan traffic allowed)
Who can give me some advice?
-
-
gjniewenhuijse
just joined
- Posts: 20
- Joined:
Re: vlan on crs125-24g-1s-2hnd-in and crs125-25g-1s-rm
for now i make a little test on the and here's the stripped compact dump (only important commands).
please shoot on it
ether3 is used as trunck for my next switch (not used now)
vlan10(port17+18) and vlan20(port 9+10) received an ipaddress from the right dhcp server in that range, thats correct
vlan10 and vlan20 can't ping each other, thats correct
vlan10 and vlan20 are permitted to access the internet, thats correct
but switching vlan-filtering on or off doesn't change if i can ping vlan10 from 20 or 20 from 10 , is that correct?
Do i need vlan-filtering for this router model?
How to ping devices in vlan10 from vlan20?
# nov/23/2018 13:57:44 by RouterOS 6.43.4
# model = CRS125-24G-1S-2HnD
/interface bridge
add name=bridge-vlan10 pvid=10 vlan-filtering=yes
add name=bridge-vlan20 pvid=20 vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] name=ether1-wan
/interface vlan
add interface=ether3 name=vlan10 vlan-id=10
add interface=ether3 name=vlan20 vlan-id=20
/ip pool
add name=dhcppool_base ranges=192.168.90.10-192.168.90.254
add name=dhcppool_vlan10 ranges=192.168.91.10-192.168.91.254
add name=dhcppool_vlan20 ranges=192.168.92.10-192.168.92.254
/ip dhcp-server
add address-pool=dhcppool_base disabled=no interface=bridge lease-time=1d name=dhcpsrv_base
add address-pool=dhcppool_vlan10 disabled=no interface=bridge-vlan10 lease-time=1d name=dhcpsrv_vlan10
add address-pool=dhcppool_vlan20 disabled=no interface=bridge-vlan20 lease-time=1d name=dhcpsrv_vlan20
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge-vlan20 comment=defconf interface=ether9 pvid=20
add bridge=bridge-vlan20 comment=defconf interface=ether10 pvid=20
add bridge=bridge comment=defconf interface=ether11
add bridge=bridge comment=defconf interface=ether12
add bridge=bridge comment=defconf interface=ether13
add bridge=bridge comment=defconf interface=ether14
add bridge=bridge comment=defconf interface=ether15
add bridge=bridge comment=defconf interface=ether16
add bridge=bridge-vlan10 comment=defconf interface=ether17 pvid=10
add bridge=bridge-vlan10 comment=defconf interface=ether18 pvid=10
add bridge=bridge comment=defconf interface=ether19
add bridge=bridge comment=defconf interface=ether20
add bridge=bridge comment=defconf interface=ether21
add bridge=bridge comment=defconf interface=ether22
add bridge=bridge comment=defconf interface=ether23
add bridge=bridge comment=defconf interface=ether24
add bridge=bridge comment=defconf interface=sfp1
add bridge=bridge comment=defconf interface=wlan1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface bridge vlan
add bridge=bridge tagged=bridge untagged=ether17,ether18 vlan-ids=10
add bridge=bridge tagged=bridge untagged=ether9,ether10 vlan-ids=20
/interface list member
add comment=defconf interface=bridge list=LAN
add interface=bridge-vlan10 list=LAN
add interface=bridge-vlan20 list=LAN
add comment=defconf interface=ether1-wan list=WAN
/ip address
add address=192.168.90.1/24 comment=defconf interface=ether2 network=192.168.90.0
add address=192.168.91.1/24 interface=bridge-vlan10 network=192.168.91.0
add address=192.168.92.1/24 interface=bridge-vlan20 network=192.168.92.0
/ip dhcp-server network
add address=192.168.90.0/24 comment=defconf gateway=192.168.90.1 netmask=24
add address=192.168.91.0/24 gateway=192.168.91.1
add address=192.168.92.0/24 gateway=192.168.92.1
please shoot on it
ether3 is used as trunck for my next switch (not used now)
vlan10(port17+18) and vlan20(port 9+10) received an ipaddress from the right dhcp server in that range, thats correct
vlan10 and vlan20 can't ping each other, thats correct
vlan10 and vlan20 are permitted to access the internet, thats correct
but switching vlan-filtering on or off doesn't change if i can ping vlan10 from 20 or 20 from 10 , is that correct?
Do i need vlan-filtering for this router model?
How to ping devices in vlan10 from vlan20?
# nov/23/2018 13:57:44 by RouterOS 6.43.4
# model = CRS125-24G-1S-2HnD
/interface bridge
add name=bridge-vlan10 pvid=10 vlan-filtering=yes
add name=bridge-vlan20 pvid=20 vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] name=ether1-wan
/interface vlan
add interface=ether3 name=vlan10 vlan-id=10
add interface=ether3 name=vlan20 vlan-id=20
/ip pool
add name=dhcppool_base ranges=192.168.90.10-192.168.90.254
add name=dhcppool_vlan10 ranges=192.168.91.10-192.168.91.254
add name=dhcppool_vlan20 ranges=192.168.92.10-192.168.92.254
/ip dhcp-server
add address-pool=dhcppool_base disabled=no interface=bridge lease-time=1d name=dhcpsrv_base
add address-pool=dhcppool_vlan10 disabled=no interface=bridge-vlan10 lease-time=1d name=dhcpsrv_vlan10
add address-pool=dhcppool_vlan20 disabled=no interface=bridge-vlan20 lease-time=1d name=dhcpsrv_vlan20
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge-vlan20 comment=defconf interface=ether9 pvid=20
add bridge=bridge-vlan20 comment=defconf interface=ether10 pvid=20
add bridge=bridge comment=defconf interface=ether11
add bridge=bridge comment=defconf interface=ether12
add bridge=bridge comment=defconf interface=ether13
add bridge=bridge comment=defconf interface=ether14
add bridge=bridge comment=defconf interface=ether15
add bridge=bridge comment=defconf interface=ether16
add bridge=bridge-vlan10 comment=defconf interface=ether17 pvid=10
add bridge=bridge-vlan10 comment=defconf interface=ether18 pvid=10
add bridge=bridge comment=defconf interface=ether19
add bridge=bridge comment=defconf interface=ether20
add bridge=bridge comment=defconf interface=ether21
add bridge=bridge comment=defconf interface=ether22
add bridge=bridge comment=defconf interface=ether23
add bridge=bridge comment=defconf interface=ether24
add bridge=bridge comment=defconf interface=sfp1
add bridge=bridge comment=defconf interface=wlan1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface bridge vlan
add bridge=bridge tagged=bridge untagged=ether17,ether18 vlan-ids=10
add bridge=bridge tagged=bridge untagged=ether9,ether10 vlan-ids=20
/interface list member
add comment=defconf interface=bridge list=LAN
add interface=bridge-vlan10 list=LAN
add interface=bridge-vlan20 list=LAN
add comment=defconf interface=ether1-wan list=WAN
/ip address
add address=192.168.90.1/24 comment=defconf interface=ether2 network=192.168.90.0
add address=192.168.91.1/24 interface=bridge-vlan10 network=192.168.91.0
add address=192.168.92.1/24 interface=bridge-vlan20 network=192.168.92.0
/ip dhcp-server network
add address=192.168.90.0/24 comment=defconf gateway=192.168.90.1 netmask=24
add address=192.168.91.0/24 gateway=192.168.91.1
add address=192.168.92.0/24 gateway=192.168.92.1
Re: vlan on crs125-24g-1s-2hnd-in and crs125-25g-1s-rm
This is how I would do it on my router (hex).
++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Second device......... Very similar acting as a switch/bridge
Code: Select all
/interface bridge
add name=bridgehome vlan-filtering=yes
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface list members
eth1=WAN
bridgehome=LAN
vlan10=LAN
vlan20=LAN
vlan30=LAN
/interface ethernet (sfp1 and wlan assuming disabled??)
set [ find default-name=ether1 ] name=ether1-wan
eth2 = mgnmtLAN
eth3 = trunkLAN
eth4 - eth16 = vlan10LAN
eth17-eth20 = vlan20LAN
eth21-24 = vlan30LAN
/interface vlan
add interface=bridgehome name=vlan10 vlan-id=10
add interface=bridgehome name=vlan20 vlan-id=20
add interface=bridgehome name=vlan30 vlan-id=30
/ip address
add address=192.168.90.1/24 comment=defconf interface=bridgehome network=192.168.90.0
add address=192.168.91.1/24 interface=vlan10 network=192.168.91.0
add address=192.168.92.1/24 interface=vlan20 network=192.168.92.0
add address=192.168.93.1/24 interface=vlan30 network=192.168.93.0
/ip dhcp-server network
add address=192.168.90.0/24 comment=defconf gateway=192.168.90.1 netmask=24
add address=192.168.91.0/24 gateway=192.168.91.1
add address=192.168.92.0/24 gateway=192.168.92.1
add address=192.168.93.0/24 gateway=192.168.93.1
/ip pool
add name=dhcppool_base ranges=192.168.90.10-192.168.90.254
add name=dhcppool_vlan10 ranges=192.168.91.10-192.168.91.254
add name=dhcppool_vlan20 ranges=192.168.92.10-192.168.92.254
add name=dhcppool_vlan30 ranges=192.168.93.10-192.168.92.254
/ip dhcp-server
add address-pool=dhcppool_base disabled=no interface=bridgehome lease-time=1d name=dhcpsrv_base
add address-pool=dhcppool_vlan10 disabled=no interface=vlan10 lease-time=1d name=dhcpsrv_vlan10
add address-pool=dhcppool_vlan20 disabled=no interface=vlan20 lease-time=1d name=dhcpsrv_vlan20
add address-pool=dhcppool_vlan30 disabled=no interface=vlan30 lease-time=1d name=dhcpsrv_vlan30
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4 pvid=10 ingress filtering=yes
add bridge=bridge comment=defconf interface=ether5 pvid=10 ingress filtering=yes
add bridge=bridge comment=defconf interface=ether6 pvid=10 ingress filtering=yes
add bridge=bridge comment=defconf interface=ether7 pvid=10 ingress filtering=yes
add bridge=bridge comment=defconf interface=ether8 pvid=10 ingress filtering=yes
add bridge=bridge comment=defconf interface=ether9 pvid=10 ingress filtering=yes
add bridge=bridge comment=defconf interface=ether10 pvid=10 ingress filtering=yes
add bridge=bridge comment=defconf interface=ether11 pvid=10 ingress filtering=yes
add bridge=bridge comment=defconf interface=ether12 pvid=10 ingress filtering=yes
add bridge=bridge comment=defconf interface=ether13 pvid=10 ingress filtering=yes
add bridge=bridge comment=defconf interface=ether14 pvid=10 ingress filtering=yes
add bridge=bridge comment=defconf interface=ether15 pvid=10 ingress filtering=yes
add bridge=bridge comment=defconf interface=ether16 pvid=10 ingress filtering=yes
add bridge=bridge comment=defconf interface=ether17 pvid=20 ingress filtering=yes
add bridge=bridge comment=defconf interface=ether18 pvid=20 ingress filtering=yes
add bridge=bridge comment=defconf interface=ether19 pvid=20 ingress filtering=yes
add bridge=bridge comment=defconf interface=ether20 pvid=20 ingress filtering=yes
add bridge=bridge comment=defconf interface=ether21 pvid=30 ingress filtering=yes
add bridge=bridge comment=defconf interface=ether22 pvid=30 ingress filtering=yes
add bridge=bridge comment=defconf interface=ether23 pvid=30 ingress filtering=yes
add bridge=bridge comment=defconf interface=ether24 pvid=30 ingress filtering=yes
/interface bridge vlan
add bridge=bridgehome tagged=bridgehome, eth3 vlanids=10,20,30
add bridge=bridgehome tagged=bridgehome untagged=eth4-eth16 vlanid=10
add bridge=bridgehome tagged=bridgehome untagged=eth17-20 vlanid=20
add bridge=bridgehome tagged=bridgehome untagged=eth21-24 vlandid=30Second device......... Very similar acting as a switch/bridge
Code: Select all
/interface bridge
add name=bridgedevice vlan-filtering=yes
/interface list members (not sure if required but just to communicate intent)
eth1=mnmgtLAN
bridgedevice=LAN
vlan10=LAN
vlan20=LAN
vlan30=LAN
/interface ethernet (sfp1 and wlan assuming disabled??)
eth1 = mgnmtLAN
eth2 = trunkLAN
eth3 - eth16 = vlan10LAN
eth17-eth20 = vlan20LAN
eth21-24 = vlan30LAN
/interface vlan
add interface=bridgedevice name=vlan10 vlan-id=10
add interface=bridgedevice name=vlan20 vlan-id=20
add interface=bridgedevice name=vlan30 vlan-id=30
/interface bridge port
add bridge=bridge comment=defconf interface=ether1
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3 pvid=10 ingress filtering=yes
add bridge=bridge comment=defconf interface=ether4 pvid=10 ingress filtering=yes
add bridge=bridge comment=defconf interface=ether5 pvid=10 ingress filtering=yes
add bridge=bridge comment=defconf interface=ether6 pvid=10 ingress filtering=yes
add bridge=bridge comment=defconf interface=ether7 pvid=10 ingress filtering=yes
add bridge=bridge comment=defconf interface=ether8 pvid=10 ingress filtering=yes
add bridge=bridge comment=defconf interface=ether9 pvid=10 ingress filtering=yes
add bridge=bridge comment=defconf interface=ether10 pvid=10 ingress filtering=yes
add bridge=bridge comment=defconf interface=ether11 pvid=10 ingress filtering=yes
add bridge=bridge comment=defconf interface=ether12 pvid=10 ingress filtering=yes
add bridge=bridge comment=defconf interface=ether13 pvid=10 ingress filtering=yes
add bridge=bridge comment=defconf interface=ether14 pvid=10 ingress filtering=yes
add bridge=bridge comment=defconf interface=ether15 pvid=10 ingress filtering=yes
add bridge=bridge comment=defconf interface=ether16 pvid=10 ingress filtering=yes
add bridge=bridge comment=defconf interface=ether17 pvid=20 ingress filtering=yes
add bridge=bridge comment=defconf interface=ether18 pvid=20 ingress filtering=yes
add bridge=bridge comment=defconf interface=ether19 pvid=20 ingress filtering=yes
add bridge=bridge comment=defconf interface=ether20 pvid=20 ingress filtering=yes
add bridge=bridge comment=defconf interface=ether21 pvid=30 ingress filtering=yes
add bridge=bridge comment=defconf interface=ether22 pvid=30 ingress filtering=yes
add bridge=bridge comment=defconf interface=ether23 pvid=30 ingress filtering=yes
add bridge=bridge comment=defconf interface=ether24 pvid=30 ingress filtering=yes
/interface bridge vlan
add bridge=bridgehome tagged=bridgehome, eth2 vlanids=10,20,30
add bridge=bridgehome tagged=bridgehome untagged=eth3-eth16 vlanid=10
add bridge=bridgehome tagged=bridgehome untagged=eth17-20 vlanid=20
add bridge=bridgehome tagged=bridgehome untagged=eth21-24 vlandid=30
Last edited by anav on Mon Nov 26, 2018 2:40 pm, edited 1 time in total.
Re: vlan on crs125-24g-1s-2hnd-in and crs125-25g-1s-rm
No. You don't use vlan-filtering on anything with a switch chip apart from a CRS3xx series. If you do, it disables Hardware Offload and kills the performance, as everything goes through the CPU (which isn't very powerful).Do i need vlan-filtering for this router model?
And you don't use more than one bridge for the same reason.
You need to configure VLANs on the Switch menu.
Re: vlan on crs125-24g-1s-2hnd-in and crs125-25g-1s-rm
My apologies, I am not aware of any type of vlan filtering other than what works for a hex or RB450Gx4.
I suppose its best to ignore my input unless someone wants to critique it from a hex doing it on the bridge point of view.
I suppose its best to ignore my input unless someone wants to critique it from a hex doing it on the bridge point of view.
Who is online
Users browsing this forum: Bing [Bot] and 15 guests