Hi MT,

I've ordered a CRS for testing. I need much more info to get running with this device.
I see a lot of options in Winbox which are described nowhere.

Could you clarify which options are not documented yet?

Here is the CRS examples page http://wiki.mikrotik.com/wiki/Manual:CRS_examples

Could you clarify which options are not documented yet?

Here is the CRS examples page http://wiki.mikrotik.com/wiki/Manual:CRS_examples

Starting with Switch Generic:

Bridge Type
MAC Level Isolation
VLAN Level Isolation
Use SVID in 1:1 VLAN Lookup
Use CVID in 1:1 VLAB Lookup
IPv4 Multicast Lookup Mode
Unicast FDB Timeout


Then there are Tabs "VLAN", "Exceptions","Mirror"

Examples are nice but I need some sort of Manual which describes all of the Parameters/Options.

I have to admit that after upgrading CRS125 to ROS 6.6, the switch configuration in winbox is rather confusing.

What does "Bridge Type" = "service / customer vlan bridge" do?

Could you clarify which options are not documented yet?

Here is the CRS examples page http://wiki.mikrotik.com/wiki/Manual:CRS_examples

Starting with Switch Generic:

Bridge Type
MAC Level Isolation
VLAN Level Isolation
Use SVID in 1:1 VLAN Lookup
Use CVID in 1:1 VLAB Lookup
IPv4 Multicast Lookup Mode
Unicast FDB Timeout


Then there are Tabs "VLAN", "Exceptions","Mirror"

Examples are nice but I need some sort of Manual which describes all of the Parameters/Options.

+1... A manual describing the settings would be great.

Could you clarify which options are not documented yet?

Here is the CRS examples page http://wiki.mikrotik.com/wiki/Manual:CRS_examples

Starting with Switch Generic:

Bridge Type
MAC Level Isolation
VLAN Level Isolation
Use SVID in 1:1 VLAN Lookup
Use CVID in 1:1 VLAB Lookup
IPv4 Multicast Lookup Mode
Unicast FDB Timeout


Then there are Tabs "VLAN", "Exceptions","Mirror"

Examples are nice but I need some sort of Manual which describes all of the Parameters/Options.

+1!

Hello Folks!

Device here is supposed to be a pure managed layer 2 switch for gigabit traffic using one trunk link and access ports connected to vlans, but the device is leaking traffic between vlans and trunk or both.

We urgently need help get it sorted out, we have another tread here, what we have done and so on, we tried all, eithe rthe device does not pass traffic at all or fully locks up so a power cycle is needed or it start leaking:

http://forum.mikrotik.com/viewtopic.php?f=13&t=79698

Here is a tcpdump, this traffic on a fully different vlan100 seen on the access ports of vlan200, I dont know what to do:
21:10:55.046323 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 80-84-42-28.jscnet.se (Broadcast) tell 80-84-42-1.jscnet.se, length 46
21:10:55.054901 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 80-84-42-33.jscnet.se (Broadcast) tell 80-84-42-1.jscnet.se, length 46
21:10:55.062553 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 80-84-42-133.jscnet.se (Broadcast) tell 80-84-42-129.jscnet.se, length 46
21:10:55.070438 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 80-84-42-135.jscnet.se (Broadcast) tell 80-84-42-129.jscnet.se, length 46
21:10:55.078090 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 80-84-42-147.jscnet.se (Broadcast) tell 80-84-42-129.jscnet.se, length 46
21:10:55.086669 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 80-84-42-148.jscnet.se (Broadcast) tell 80-84-42-129.jscnet.se, length 46
21:10:55.094321 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 80-84-42-159.jscnet.se (Broadcast) tell 80-84-42-129.jscnet.se, length 46
21:10:55.102205 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 80-84-42-164.jscnet.se (Broadcast) tell 80-84-42-129.jscnet.se, length 46
21:10:55.110089 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 80-84-42-170.jscnet.se (Broadcast) tell 80-84-42-129.jscnet.se, length 46
21:10:55.118205 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 80-84-42-172.jscnet.se (Broadcast) tell 80-84-42-129.jscnet.se, length 46
21:10:55.125393 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 80-84-42-169.jscnet.se (Broadcast) tell 80-84-42-129.jscnet.se, length 46
21:10:55.134205 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 80-84-42-177.jscnet.se (Broadcast) tell 80-84-42-129.jscnet.se, length 46

Please help!

I have dropped a supout file to MT for help...

@steen

Ask for access to latest beta release.

Draft changelog says:
*) fixed port isolation on CRSs (bug introduced in v6.6);

While port isolation != VLAN leakage it could be how they are describing it.

Regards
Alexander

@steen

Ask for access to latest beta release.

Draft changelog says:
*) fixed port isolation on CRSs (bug introduced in v6.6);

While port isolation != VLAN leakage it could be how they are describing it.

Regards
Alexander

Hello Alexander!

I got from mikrotik support that RoS6.8 release candidate has that issue fixed. Also I got copy of image from them.
A full reconfigure is needed after RoS6.8 release candidate is installed.
I have not yet tried it, but I will not put something into production with release candidates, it must be stable release.

@steen

Ask for access to latest beta release.

Draft changelog says:
*) fixed port isolation on CRSs (bug introduced in v6.6);

While port isolation != VLAN leakage it could be how they are describing it.

Regards
Alexander

Hi Alexander,

I popped that release on a CRS and it looks like Pacific/Auckland time now says GMT-7 instead of GMT + 13

@steen

Ask for access to latest beta release.

Draft changelog says:
*) fixed port isolation on CRSs (bug introduced in v6.6);

While port isolation != VLAN leakage it could be how they are describing it.

Regards
Alexander

Hello Alexander!

I got from mikrotik support that RoS6.8 release candidate has that issue fixed. Also I got copy of image from them.
A full reconfigure is needed after RoS6.8 release candidate is installed.
I have not yet tried it, but I will not put something into production with release candidates, it must be stable release.

I understand your position of not putting release candidates into production.

I had a laugh however as I am logged into an edge router I have in the field running 6.6RC1 which if we remember worked however the released version had that VLAN bug.

I am running 6.8 in some secondary devices at the moment to give them some real traffic.

I didn't know about the full reconfigure being required as I havent tried 6.8 on any of my CRS's yet so thanks for the heads up

Note to Mikrotik: this may do to be noted on the beta release page.

I more pointed you in the direction of that beta release to test on your spare CRS in the lab trying to generate the bug.

Regards
Alexander

@steen

Ask for access to latest beta release.

Draft changelog says:
*) fixed port isolation on CRSs (bug introduced in v6.6);

While port isolation != VLAN leakage it could be how they are describing it.

Regards
Alexander

Hi Alexander,

I popped that release on a CRS and it looks like Pacific/Auckland time now says GMT-7 instead of GMT + 13

GMT.JPG

@scampbell

Good of Mikrotik to "fix" our timezone along with all the others.

I can confirm the time in Auckland now is 7:11 pm yesterday (I should look at getting ready for bed soon)

Not sure how Mikrotik stores and updates TZData however it looks like someone accidentially blasted a bad database into it.

Regards
Alexander

6.8rc next release will fix the timezones. there was a bug where all timezones got shifted

Any sign of cli documentation yet ?

any news?

where is promised documentation, without it crs is useless, and previous link with crs_examples needs to be updated as syntax has changed

Please MikroTik team, post documentation of CRS125! We have 20 new switchs here, we need to put up VLAN everywhere, and the examples in the page http://wiki.mikrotik.com/wiki/Manual:CRS_examples don't work with 6.7 version.

CRS125 seems to be a great product, but how could we use it?

Thanks for your help.

Vincent Florin.

+ 2

+1

This is absolutely needed.

MT support - Can you promise something?

Next week we will publish an update of the documentation. Sorry about the delay.

Thanks for the reply.

Could you please publish NOW something updated (even in beta stage) on configuring VLANs? We have 20 CRS-125 here for the new network of one of our customers, users will start to work next week and we need to set up VLANs for them before! Just the grammar to set up VLAN and affect ports in terminal…

Next week we will publish an update of the documentation. Sorry about the delay.

Almost Friday... any update on this?

Here ! http://wiki.mikrotik.com/wiki/Manual:CRS_features

Here ! http://wiki.mikrotik.com/wiki/Manual:CRS_features

YAY!

I have followed instruction from http://wiki.mikrotik.com/wiki/Manual:CR ... Based_VLAN but still leak happens in v6.9
Playing with the configs makes switch crash so i could not try and false .
Anybody found a workaround ?

Please add some documentation about 1:1 Vlan Switching

Finally we have our new CRS125-24G-1S-RM in our hands, but switch menu changed. There is a menu about mirroring that makes none sense..
It seems cpu is mirroring all traffic to one port.
I couldn't find examples and manuals in wiki can any one send a configuration example of where ether2 is fully mirrored to ether3 (ingress and egress) ?

example shown here: http://wiki.mikrotik.com/wiki/Manual:CR ... _Isolation

does not match CLI commands, I checked isolated ports section,

I managed to do it via GUI, it is working well, but I have question, How should I make so that router was accessible on all ports,
I can only access it through master port(promiscuous)

I managed to do it via GUI, it is working well, but I have question, How should I make so that router was accessible on all ports,
I can only access it through master port(promiscuous)

Add switch1-cpu port to all port-profiles from which you want access to the router, for wiki example it is:

Hello Folks!

I can not get this vlan stuff working, the switch is leaking traffic all over like a hub, or not working at all.

All I want is a trunk line for my vlans coming from cisco trunk and then attach access ports to the vlans.

By guesswork the most suitable example should be "Port Based VLAN" (http://wiki.mikrotik.com/wiki/Manual:CRS_examples)
My trunk has vlans 10, 20, 100, 110, 200, 220coming in at ether2 and accessports connect to vlans is
10 -> ether3, ether4, ether5
20 -> ether6
100 -> ether7, ether8
110 -> ether9, ether10
200 -> ether11
220 -> ether 12 towards ether16

Can anyone share howto setup a switch with one trunk and vlans and accessports that does not leak traffic please ?

Hello Folks!

I can not get this vlan stuff working, the switch is leaking traffic all over like a hub, or not working at all.

All I want is a trunk line for my vlans coming from cisco trunk and then attach access ports to the vlans.

By guesswork the most suitable example should be "Port Based VLAN" (http://wiki.mikrotik.com/wiki/Manual:CRS_examples)
My trunk has vlans 10, 20, 100, 110, 200, 220coming in at ether2 and accessports connect to vlans is
10 -> ether3, ether4, ether5
20 -> ether6
100 -> ether7, ether8
110 -> ether9, ether10
200 -> ether11
220 -> ether 12 towards ether16

Can anyone share howto setup a switch with one trunk and vlans and accessports that does not leak traffic please ?

Are you running the newest version (6.12) of RouterOS? It fixes a lot of switch related CRS issues.

Hello Folks!

I am running 6.12.

Yesterday I got this from Microtik: You, probably, need to configure invalid VLAN filtering to block broadcasts from unwanted VLANs. Sample configuration is in the last section of this CRS example: http://wiki.mikrotik.com/wiki/Manual:CR ... _filtering

I never heard about invalid vlan filtering, never had to do that in any Cisco or HP switch, there you simply configure your vlans and access ports, thats it. But I will give it a try.

Hello Folks!

I am very sorry RoS v6.13, the switch does still not work in this very basic accessport+vlan+trunk configuration. Not even the CRS example configurations work.

Anyone out there who ever got it working, and how did you solve it ?
How do we continue ?

I'm suffering the same issues. I even tried the examples and they don't work!
Each new release I hope will fix it but each time I'm let down.

I'm suffering the same issues. I even tried the examples and they don't work!
Each new release I hope will fix it but each time I'm let down.

Hello Folks!

I receved something yesterday from MT support, I am currently in Stockholm so I can not test, but it look very promocing and will eventually work. I am back on Friday and will immediate write an report if it was successful and publish how.

great

great

Okey, now I tested the suggested solution I was given from MT support.

The result:
It is _NOT_ working when /interface ethernet switch set forward-unknown-vlan=no
It has to be /interface ethernet switch set forward-unknown-vlan=yes or no traffic is passed at all.

Leaking traffic ?:
I did connect one MT device to ether6 of my CRS switch, and logged in to it and then I did /tools packet sniffer
I let it run for one hour during prime time backup and lot of noice in all vlans, I was not able to pick up any traffic leaking, I saw only traffic belonging to that VLAN.

I will connect one network analyzer to ether6 and the other ports as well tomorrow and come back with that result as well.
But so far, it looks like it actually was working!


Here is my devices lab configuration:

Cisco2960 --- vlan trunk (20, 100, 200, 220, 300, 400) --- CRS ether1

Here is the Cisco2960 switch configuration, port 13 is connected to ether1 of the CRS switch.
==================================================================
swfredriksdal2#show interfaces fastEthernet 0/13 status
Port Name Status Vlan Duplex Speed Type
Fa0/13 Desktop trunk connected trunk a-full a-100 10/100BaseTX

swfredriksdal2#show ip interface fastEthernet 0/13
FastEthernet0/13 is up, line protocol is up
Inbound access list is not set

swfredriksdal2# show interfaces trunk

Port Mode Encapsulation Status Native vlan
Fa0/13 on 802.1q trunking 1

Port Vlans allowed on trunk
Fa0/13 20,100,200,220,300,400

Port Vlans allowed and active in management domain
Fa0/13 20,100,200,220,300,400

Port Vlans in spanning tree forwarding state and not pruned
Fa0/13 20,100,200,220,300,400

VLAN 20 comes from another switch, and it does not have any access ports in this switch.
swfredriksdal2#show vlan brief

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
200 dmz1 active Fa0/5, Fa0/10, Fa0/11, Fa0/12
Fa0/21
220 dmz3 active Fa0/15, Fa0/19, Fa0/20, Gi0/2
300 MGT active Fa0/6, Fa0/9, Fa0/18, Fa0/22
Fa0/24
310 mgt2 active Fa0/7, Fa0/8
320 mgt3 active
400 dmz2 active Fa0/2

Here is my CRS configuration:
======================
/interface ethernet
set [ find default-name=ether6 ] master-port=ether1
set [ find default-name=ether7 ] master-port=ether1
set [ find default-name=ether8 ] master-port=ether1
set [ find default-name=ether9 ] master-port=ether1
set [ find default-name=ether10 ] master-port=ether1
set [ find default-name=ether11 ] master-port=ether1

# Tagging should be set on ether1 because it is a VLAN trunk port.
# Additionally, set switch1-cpu for VLAN200 to access IP address on VLAN
interface, the frames should be tagged on it as well.

/interface ethernet switch egress-vlan-tag
add tagged-ports=ether1 vlan-id=20
add tagged-ports=ether1 vlan-id=100
add tagged-ports=ether1,switch1-cpu vlan-id=200
add tagged-ports=ether1 vlan-id=220
add tagged-ports=ether1 vlan-id=300
add tagged-ports=ether1 vlan-id=400

/interface ethernet switch ingress-vlan-translation
add new-customer-vid=20 ports=ether6 sa-learning=yes
add new-customer-vid=100 ports=ether7 sa-learning=yes
add new-customer-vid=200 ports=ether8 sa-learning=yes
add new-customer-vid=220 ports=ether9 sa-learning=yes
add new-customer-vid=300 ports=ether10 sa-learning=yes
add new-customer-vid=400 ports=ether11 sa-learning=yes

# VLAN mebership should be adjusted according to VLAN tagging.
# VLAN id on ether1 and access port and for VLAN200 switch1-cpu port as well.

/interface ethernet switch vlan
add ports=ether1,ether6 vlan-id=20
add ports=ether1,ether7 vlan-id=100
add ports=ether1,ether8,switch1-cpu vlan-id=200
add ports=ether1,ether9 vlan-id=220
add ports=ether1,ether10 vlan-id=300
add ports=ether1,ether11 vlan-id=400

# Other VLAN interfaces seem to be unnecessary because they do not have IP address.

/interface vlan
add interface=ether1 l2mtu=1584 name=vlan200 vlan-id=200

/ip address
add address=172.16.1.111/24 interface=vlan200 network=172.16.1.0

# Putting no directly fully disables ALL traffic through the switch, it seems to work with yes, so far...
/interface ethernet switch
set forward-unknown-vlan=yes

Some tests
=========
Pinging from CRS:
[admin@MikroTik] > ping 172.16.1.1
HOST SIZE TTL TIME STATUS
172.16.1.1 56 64 1ms
172.16.1.1 56 64 0ms
172.16.1.1 56 64 0ms
172.16.1.1 56 64 0ms
sent=4 received=4 packet-loss=0% min-rtt=0ms avg-rtt=0ms max-rtt=1ms

Pinging from PC:
Microsoft Windows [Version 6.0.6002]
Copyright (c) 2006 Microsoft Corporation. Med ensamrätt.

C:\Users\peter>ping 172.16.1.111

Skickar ping-signal till 172.16.1.111 med 32 byte data:
Svar från 172.16.1.111: byte=32 tid < 1 ms TTL=64
Svar från 172.16.1.111: byte=32 tid < 1 ms TTL=64
Svar från 172.16.1.111: byte=32 tid < 1 ms TTL=64
Svar från 172.16.1.111: byte=32 tid=1ms TTL=64

Ping-statistik för 172.16.1.111:
Paket: Skickade = 4, Mottagna = 4, Förlorade = 0 (0 %),
Ungefärlig överföringstid i millisekunder:
Lägsta = 0 ms, Högsta = 1 ms, Medel = 0 ms

C:\Users\peter>

Pinging the ether6 connected AP from CRS:
[admin@MikroTik SW1] > ping 192.168.1.35
HOST SIZE TTL TIME STATUS
192.168.1.35 56 63 1ms
192.168.1.35 56 63 0ms
192.168.1.35 56 63 0ms
sent=3 received=3 packet-loss=0% min-rtt=0ms avg-rtt=0ms max-rtt=1ms

Pinging the connected AP from the PC in another subnet, through the Cisco- > CRS -> AP:
C:\Users\peter>ping 192.168.1.35

Skickar ping-signal till 192.168.1.35 med 32 byte data:
Svar från 192.168.1.35: byte=32 tid=4ms TTL=63
Svar från 192.168.1.35: byte=32 tid=1ms TTL=63
Svar från 192.168.1.35: byte=32 tid=1ms TTL=63
Svar från 192.168.1.35: byte=32 tid=1ms TTL=63

Ping-statistik för 192.168.1.35:
Paket: Skickade = 4, Mottagna = 4, Förlorade = 0 (0 %),
Ungefärlig överföringstid i millisekunder:
Lägsta = 1 ms, Högsta = 4 ms, Medel = 1 ms

So far so good, as written above, I will do network analysis on the CRS switchports tomorrow and see if it leaks traffic like before. If not, I will say this configuration might work. Then next up will be load tests and stability tests.

Hello Folks!

More discoveries, the CRS sometimes hangs forever in starting services after a reboot, a power cycle usually brings it back to operation again.

So it looks like that older bug is not fully removed.
I will tell MT support about it as well because the device is rendered as useless in production with that defect.

Not yet any network analyzis.

Hello Folks!

More discoveries, the CRS sometimes hangs forever in starting services after a reboot, a power cycle usually brings it back to operation again.

So it looks like that older bug is not fully removed.
I will tell MT support about it as well because the device is rendered as useless in production with that defect.

Not yet any network analyzis.

Network analyzis done now.
The usual setup, redhat linux server hooked up to ether6 and another to ether8, then running TCPDUMP for 1 hour.
As far I could see, there was no leakage, only traffic that belonged to that vlan was visible and signalling traffic from switches and bridges in our network, for example spanning tree protocols and cisco discovery protocol and mikrotik own discovery protocol plus one and another broadcasts and dhcp stuff.

To test further, I added one more port to the CRS switch, ether12 ant attached it to vlan20:
/interface ethernet set ether12 master-port=ether1
/interface ethernet switch vlan add ports=ether1,ether6,ether12 vlan-id=20
/interface ethernet switch ingress-vlan-translation add new-customer-vid=20 ports=ether12 sa-learning=yes
Then I did move one of the servers to ether12 and did a ifdown && ifup command to get new IP from dhcp server.
Same test, tcpdump for 1 hour on eth0 on that server. same result as above, no visible leakage.

Next up is loadtests, to see what happens when we try to push the limit, if it still work, we will put one in production on test.

What now pussles me is that setting I was recommended to stop leakage:
/interface ethernet switch set forward-unknown-vlan=no
If you set it to yes, then all traffic stops and no more packages traverses the switch, anyone who can explain ?
I asked support yesterday late night, so eventually explanations comes in next week.

But so far, it looks promicing, lets hope it continues doing so.

Hello Folks!

More discoveries, the CRS sometimes hangs forever in starting services after a reboot, a power cycle usually brings it back to operation again.

So it looks like that older bug is not fully removed.
I will tell MT support about it as well because the device is rendered as useless in production with that defect.

Not yet any network analyzis.

Network analyzis done now.
The usual setup, redhat linux server hooked up to ether6 and another to ether8, then running TCPDUMP for 1 hour.
As far I could see, there was no leakage, only traffic that belonged to that vlan was visible and signalling traffic from switches and bridges in our network, for example spanning tree protocols and cisco discovery protocol and mikrotik own discovery protocol plus one and another broadcasts and dhcp stuff.

To test further, I added one more port to the CRS switch, ether12 ant attached it to vlan20:
/interface ethernet set ether12 master-port=ether1
/interface ethernet switch vlan add ports=ether1,ether6,ether12 vlan-id=20
/interface ethernet switch ingress-vlan-translation add new-customer-vid=20 ports=ether12 sa-learning=yes
Then I did move one of the servers to ether12 and did a ifdown && ifup command to get new IP from dhcp server.
Same test, tcpdump for 1 hour on eth0 on that server. same result as above, no visible leakage.

Next up is loadtests, to see what happens when we try to push the limit, if it still work, we will put one in production on test.

What now pussles me is that setting I was recommended to stop leakage:
/interface ethernet switch set forward-unknown-vlan=no
If you set it to yes, then all traffic stops and no more packages traverses the switch, anyone who can explain ?
I asked support yesterday late night, so eventually explanations comes in next week.

But so far, it looks promicing, lets hope it continues doing so.

First load test also went well, copying data between the servers and through the trunk up and down in same time, speeds 30Mbit/s internet traffic at all time, up and down in same time 70-90Mbit/s copy between servers. The LAB servers had only 100Mbit/s interfaces that is whi speed is below 100Mbit/s. I let it run for some time and did not notice anything unusal.

So it is time to move on with CRS, to see how it works in a limited production environment, with gigabit and all nice stuff. I will be back with more information about it in some time.

There are remaining questions, how does CRS handle spanning tree and broadcast storms and garbagled packages ?
I am used to Cisco and HP, they deal with it in a good manner.

I've duplicated the config, mostly, for what steen has done. I have the switch working almost as expected now. However all the ports assigned to vlan 100 for example, seem to be leaking, traffic on the tx side is equal on all ports in that vlan.

This has caused two strange issues, my Konica Minolta 2430DL is inaccessible, even though all other devices on my network are fine. And my freenas server is accessible via ping and scp, but not smb and https. Literally nothing has changed on my clients other than swapping my old cisco switch with this one.

Also, I can't get the wireless to work. Bridged to port 2 where I have the master port with all my vlan's, I get no rx on the bridge. Setting it to bridge from wireless to vlan100 (primary network), I get traffic but can't pickup my DHCP server.

I've attached my config, if anyone could please help me fix these last few issues, I'd very much appreciate it!

@michaelahess
The Ingress VLAN translation rules need enabled source address learning (sa-learning=yes), that will prevent traffic flooding.

And seems that wireless interface should be bridged with specific VLAN interfaces which have IP addresses and DHCP servers configured.

@michaelahess
The Ingress VLAN translation rules need enabled source address learning (sa-learning=yes), that will prevent traffic flooding.

And seems that wireless interface should be bridged with specific VLAN interfaces which have IP addresses and DHCP servers configured.

I enabled SA Learning on all ports on vlan100, traffic dropped considerable but it still seems like there is something doing a lot of broadcasts. I fired up Torch and it froze the device after a short while. A reboot didn't help, I had to default and restore a previous backup.

Now I'm running with SA Learning on all ports, and wireless bridged to a vlan, DHCP is applied to the bridge now, I'd tried applying to the vlan which was apparently wrong. I will do a wireshark on my Freenas server as I still have only random ability to access that device. Everything else seems to be working.

Thanks for the help becs!!!!!!

Hello Folks!

I have another strange issue with CRS, the sfp cage leds is normally on regardless it is enabled or not, I do not have any sfp device attached either. But on one of the CRS the led is on during boot and then shut off when CRS comes available after boot is finished. It came after upgrading to RoS6.15, all other CRS has lights on so to say.

I have no gbic to test with to see if it is broken in a way.

Any who have observed this "led" issue ?

Hello Folks!

I have another strange issue with CRS, the sfp cage leds is normally on regardless it is enabled or not, I do not have any sfp device attached either. But on one of the CRS the led is on during boot and then shut off when CRS comes available after boot is finished. It came after upgrading to RoS6.15, all other CRS has lights on so to say.

Any who have observed this "led" issue ?

Okidoki, led issue solved by doing a rollback on the trouble device.
1. resetted to fectory default with no default settings, led still off.
2. rolled back to RoS6.13 restarted with powe cycle afterwards etc, sfp led still off.
3. rolled back system routerboard firmware to 3.14, sfp led now on like before.

4. upgrade to RoS6.14, whole CRS hang at starting service had to do a power cycle, led is now off and there is no system routerboard firmware 3.15

So it got broken at this stage, at least for this CRS, strange that all except this one worked.

5. upgrade to RoS6.15 again, led is off..
6. upgrade to system routerboard firmware 3.16, led is off..

Okey, next up is then a full reset again and netinstall to see if it helps.
Still no sfp led.

So it seems like CRS sfp is broken from RoS6.13