New router config with trunks ports, vlans etc

mtxpert · Wed Oct 18, 2023 10:42 pm

For some reason I can't get communication across my vlans on my new CRS310-8G+2S+
I just want trunk ports on the two sfp ports, vlan 200 on ports 5-8, vlan 100 on 2-4 and a DHCP server on vlan 200 to serve clients. I can't get any traffic across the vlans. I must be missing something SIMPLE. As a Cisco guy this would be 35 seconds of work.

I'm keeping eth1 as a management port until I figure this out otherwise I can't get into it after I apply everyting.
Hope somebody can help me see what I'm missing

Here's my config:/interface bridge
add name=BRIDGE vlan-filtering=yes
/interface vlan
add interface=BRIDGE name=DATA vlan-id=100
add interface=BRIDGE name=WLAN vlan-id=200
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip pool
add name=dhcp_pool0 ranges=192.160.10.10-192.160.10.240
/ip dhcp-server
add address-pool=dhcp_pool0 interface=WLAN name=dhcp1
/port
set 0 name=serial0
/interface bridge port
add bridge=BRIDGE interface=ether2
add bridge=BRIDGE interface=ether3
add bridge=BRIDGE interface=ether4
add bridge=BRIDGE interface=ether5
add bridge=BRIDGE interface=ether6
add bridge=BRIDGE interface=ether7
add bridge=BRIDGE interface=ether8
add bridge=BRIDGE interface=sfp-sfpplus1
add bridge=BRIDGE interface=sfp-sfpplus2
/interface bridge vlan
add bridge=BRIDGE tagged=sfp-sfpplus1,BRIDGE,sfp-sfpplus2 untagged=\
ether2,ether3,ether4 vlan-ids=100
add bridge=BRIDGE tagged=sfp-sfpplus1,sfp-sfpplus2,BRIDGE untagged=\
ether5,ether6,ether7,ether8 vlan-ids=200
/ip address
add address=192.168.0.241/24 interface=DATA network=192.168.0.0
add address=192.160.10.1/24 interface=WLAN network=192.160.10.0
/ip dhcp-client
add interface=ether1
/ip dhcp-server network
add address=192.160.10.0/24 gateway=192.160.10.1
/system note
set show-at-login=no
/system routerboard settings
set boot-os=router-os

anav · Wed Oct 18, 2023 10:54 pm

Very incomplete config. read through this......... viewtopic.php?t=143620

mtxpert · Wed Oct 18, 2023 11:19 pm

That's the full config, what else would need to happen?
Why is this SO DIFFICULT, this should be so freaking easy.
BTW, I don't really want L3 on this device, I have a firewall for that, it was just for testing. I need it to be a L2 device passing data from my firewall through 10G links to the other switches. The vlan 100 and 200 ports will connect to my firewall on this switch to pass through DHCP to the other switches/access ports.

anav · Thu Oct 19, 2023 3:52 am

So you need it to be basically a switch, have a look at viewtopic.php?t=182276

mtxpert · Thu Oct 19, 2023 3:27 pm

So I modified the output on the link and it doesn't work

/interface bridge
add ingress-filtering=no name=BRIDGE vlan-filtering=yes
/interface ethernet
set ether1 name=mgmtint
/interface vlan
add interface=BRIDGE name=MGMT vlan-id=10
/interface list
add name=management
/interface bridge port
add bridge=BRIDGE frame-types=admit-only-untagged-and-priority-tagged interface=MGMT pvid=10
add bridge=BRIDGE ingress-filtering=yes interface=ether1

#### These commands fail as there's no WLAN and LAN interface #####
add bridge=BRIDGE frame-types=admit-only-untagged-and-priority-tagged interface=WLAN pvid=200
add bridge=BRIDGE frame-types=admit-only-untagged-and-priority-tagged interface=LAN pvid=100
##### end of failed commands#####

/ip neighbor discovery-settings
set discover-interface-list=management
/interface bridge vlan
add bridge=BRIDGE tagged=ether1,BRIDGE untagged=MGMT vlan-ids=10
add bridge=BRIDGE tagged=ether1 untagged=LAN vlan-ids=100
add bridge=BRIDGE tagged=ether1 untagged=WLAN vlan-ids=200
/interface list member
add interface=MGMT list=management
add interface=emergaccess list=management
/ip address
add address=192.168.0.254/24 interface=MGMT network=192.168.0.0  comment="IP of capac on trusted subnet"

set allow-remote-requests=yes servers=192.168.0.1 
/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=192.168.0.1 comment="ensures route avail through trusted subnet gateway"

mtxpert · Thu Oct 19, 2023 8:05 pm

Latest config, still no joy but at least I don't lose mgmt on eth1
/interface bridge
add ingress-filtering=no name=BRIDGE vlan-filtering=yes
/interface vlan
add interface=BRIDGE name=DATA vlan-id=100
add interface=BRIDGE name=WLAN vlan-id=200
/interface ethernet switch
set 0 l3-hw-offloading=yes
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip pool
add name=dhcp_pool0 ranges=192.168.10.2-192.168.10.254
/ip dhcp-server
add address-pool=dhcp_pool0 interface=WLAN name=dhcp1
/port
set 0 name=serial0
/interface bridge port
add bridge=BRIDGE frame-types=admit-only-untagged-and-priority-tagged \
ingress-filtering=no interface=ether2
add bridge=BRIDGE frame-types=admit-only-untagged-and-priority-tagged \
ingress-filtering=no interface=ether3
add bridge=BRIDGE frame-types=admit-only-untagged-and-priority-tagged \
ingress-filtering=no interface=ether4
add bridge=BRIDGE frame-types=admit-only-vlan-tagged ingress-filtering=no \
interface=sfp-sfpplus1
add bridge=BRIDGE frame-types=admit-only-vlan-tagged ingress-filtering=no \
interface=sfp-sfpplus2
add bridge=BRIDGE frame-types=admit-only-untagged-and-priority-tagged \
ingress-filtering=no interface=ether5
add bridge=BRIDGE frame-types=admit-only-untagged-and-priority-tagged \
ingress-filtering=no interface=ether6
add bridge=BRIDGE frame-types=admit-only-untagged-and-priority-tagged \
ingress-filtering=no interface=ether7
add bridge=BRIDGE frame-types=admit-only-untagged-and-priority-tagged \
ingress-filtering=no interface=ether8
/interface bridge vlan
add bridge=BRIDGE tagged=sfp-sfpplus1,sfp-sfpplus2 untagged=\
ether2,ether3,ether4 vlan-ids=100
add bridge=BRIDGE tagged=sfp-sfpplus1,sfp-sfpplus2 untagged=\
ether5,ether7,ether6,ether8 vlan-ids=200
/ip address
add address=192.168.0.241/24 interface=DATA network=192.168.0.0
add address=192.168.10.1/24 interface=WLAN network=192.168.10.0
/ip dhcp-client
add interface=ether1
/ip dhcp-server network
add address=192.168.10.0/24 dns-server=192.168.0.1 gateway=192.168.10.1
#error exporting "/ip/ssh" (timeout)
/system note
set show-at-login=no
/system routerboard settings
set boot-os=router-os

anav · Thu Oct 19, 2023 10:20 pm

Sorry I gave you the link for access/switch setup. Cant help you if you elect not to follow it.

dzo · Fri Oct 20, 2023 2:00 am

I think it could be really simple:
Try pvid in the bridge-port part as the packets without vlan-tags needs to get tagged on the vlan-tagged bridge. Otherwise they get the vlan-tag 1 for untagged.

/interface bridge port
add bridge=BRIDGE frame-types=admit-only-untagged-and-priority-tagged \
ingress-filtering=no interface=ether2 pvid=100
[...]

Hope it helps.

New router config with trunks ports, vlans etc

New router config with trunks ports, vlans etc

Re: New router config with trunks ports, vlans etc

Re: New router config with trunks ports, vlans etc

Re: New router config with trunks ports, vlans etc

Re: New router config with trunks ports, vlans etc

Re: New router config with trunks ports, vlans etc

Re: New router config with trunks ports, vlans etc

Re: New router config with trunks ports, vlans etc