Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

Attempting to use OpnSense with MikroTik as managed switch

Post Reply
 
GWarrior5595
just joined
Topic Author
Posts: 11
Joined: Sat Dec 28, 2024 5:12 am

Attempting to use OpnSense with MikroTik as managed switch

Sat Dec 28, 2024 5:47 am

Hello,

I am relatively new to the networking world and have recently purchased a CRS304-4XG-IN to be used as a managed switch for my home network. I want to use OpnSense as my firewall and the MikroTik switch in front of it with an AP after that. I was hoping to use swOS but I heard it doesn't work on this device yet so I am trying to prepare ahead of time before the device comes in to have as little downtime as possible.

I am currently following this guide on OpnSense, https://homenetworkguy.com/how-to/begin ... -opnsense/ and writing down notes on everything I need to do just to get something basic set up and then expand from there. I didn't want to go with TP Link like the guide has since I heard that it may be banned in the US and I am worried about future firmware support. I am trying to mimic as much of the Configure Switch section here but for RouterOS: https://homenetworkguy.com/how-to/begin ... ure-switch

EDIT:
Found this viewtopic.php?t=143620 and I think I want to do a config similar to the switch with a different router example:
Code: Select all
/interface bridge add name=BR1 protocol-mode=none vlan-filtering=no

/interface bridge port
add bridge=BR1 interface=ether1
add bridge=BR1 interface=ether2
add bridge=BR1 interface=ether3
add bridge=BR1 interface=ether4 pvid=10

/interface bridge vlan
add bridge=BR1 tagged=ether1,ether2 vlan-ids=10
add bridge=BR1 tagged=BR1,ether1,ether2,ether3 vlan-ids=99

/interface vlan add interface=BR1 name=BASE_VLAN vlan-id=99
/ip address add address=192.168.1.2/24 interface=BASE_VLAN
/ip route add distance=1 gateway=192.168.1.2

/interface bridge port
set bridge=BR1 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged [find interface=ether4]
set bridge=BR1 ingress-filtering=yes frame-types=admit-only-vlan-tagged [find interface=ether1]
set bridge=BR1 ingress-filtering=yes frame-types=admit-only-vlan-tagged [find interface=ether2]
set bridge=BR1 ingress-filtering=yes frame-types=admit-only-vlan-tagged [find interface=ether3]

/interface list add name=BASE
/interface list member add interface=BASE_VLAN list=BASE
/ip neighbor discovery-settings set discover-interface-list=BASE
/tool mac-server mac-winbox set allowed-interface-list=BASE
/tool mac-server set allowed-interface-list=BASE
/interface bridge set BR1 vlan-filtering=yes
Thoughts? ether1 would be OpnSense, ether2 would be my WAP, ether3 would be my PC and ether4 would be my untrusted vlan
Top
Post Reply

Who is online

Users browsing this forum: No registered users and 25 guests
  4. RouterOS
  5. Beginner Basics