Community discussions

MikroTik App
 
ste
Forum Guru
Forum Guru
Topic Author
Posts: 1932
Joined: Sun Feb 13, 2005 11:21 pm

CRS Documentation

Tue Nov 12, 2013 9:27 am

Hi MT,

I've ordered a CRS for testing. I need much more info to get running with this device.
I see a lot of options in Winbox which are described nowhere.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26912
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: CRS Documentation

Tue Nov 12, 2013 11:11 am

Could you clarify which options are not documented yet?

Here is the CRS examples page http://wiki.mikrotik.com/wiki/Manual:CRS_examples
 
ste
Forum Guru
Forum Guru
Topic Author
Posts: 1932
Joined: Sun Feb 13, 2005 11:21 pm

Re: CRS Documentation

Tue Nov 12, 2013 11:31 am

Could you clarify which options are not documented yet?

Here is the CRS examples page http://wiki.mikrotik.com/wiki/Manual:CRS_examples
Starting with Switch Generic:

Bridge Type
MAC Level Isolation
VLAN Level Isolation
Use SVID in 1:1 VLAN Lookup
Use CVID in 1:1 VLAB Lookup
IPv4 Multicast Lookup Mode
Unicast FDB Timeout


Then there are Tabs "VLAN", "Exceptions","Mirror"

Examples are nice but I need some sort of Manual which describes all of the Parameters/Options.
 
petterg
Member Candidate
Member Candidate
Posts: 230
Joined: Wed Sep 16, 2009 2:55 pm

Re: CRS Documentation

Sun Dec 01, 2013 10:32 pm

I have to admit that after upgrading CRS125 to ROS 6.6, the switch configuration in winbox is rather confusing.

What does "Bridge Type" = "service / customer vlan bridge" do?
 
efaden
Forum Guru
Forum Guru
Posts: 1708
Joined: Sat Mar 30, 2013 1:55 am
Location: New York, USA

Re: CRS Documentation

Sun Dec 01, 2013 10:36 pm

Could you clarify which options are not documented yet?

Here is the CRS examples page http://wiki.mikrotik.com/wiki/Manual:CRS_examples
Starting with Switch Generic:

Bridge Type
MAC Level Isolation
VLAN Level Isolation
Use SVID in 1:1 VLAN Lookup
Use CVID in 1:1 VLAB Lookup
IPv4 Multicast Lookup Mode
Unicast FDB Timeout


Then there are Tabs "VLAN", "Exceptions","Mirror"

Examples are nice but I need some sort of Manual which describes all of the Parameters/Options.
+1... A manual describing the settings would be great.
 
scampbell
Trainer
Trainer
Posts: 487
Joined: Thu Jun 22, 2006 5:20 am
Location: Wellington, NZ
Contact:

Re: CRS Documentation

Wed Dec 11, 2013 8:24 pm

Could you clarify which options are not documented yet?

Here is the CRS examples page http://wiki.mikrotik.com/wiki/Manual:CRS_examples
Starting with Switch Generic:

Bridge Type
MAC Level Isolation
VLAN Level Isolation
Use SVID in 1:1 VLAN Lookup
Use CVID in 1:1 VLAB Lookup
IPv4 Multicast Lookup Mode
Unicast FDB Timeout


Then there are Tabs "VLAN", "Exceptions","Mirror"

Examples are nice but I need some sort of Manual which describes all of the Parameters/Options.
+1!
 
steen
Member
Member
Posts: 475
Joined: Sat Oct 23, 2010 2:15 am
Location: Sweden
Contact:

Re: CRS Documentation

Fri Dec 13, 2013 10:18 pm

Hello Folks!

Device here is supposed to be a pure managed layer 2 switch for gigabit traffic using one trunk link and access ports connected to vlans, but the device is leaking traffic between vlans and trunk or both.

We urgently need help get it sorted out, we have another tread here, what we have done and so on, we tried all, eithe rthe device does not pass traffic at all or fully locks up so a power cycle is needed or it start leaking:

http://forum.mikrotik.com/viewtopic.php?f=13&t=79698

Here is a tcpdump, this traffic on a fully different vlan100 seen on the access ports of vlan200, I dont know what to do:
21:10:55.046323 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 80-84-42-28.jscnet.se (Broadcast) tell 80-84-42-1.jscnet.se, length 46
21:10:55.054901 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 80-84-42-33.jscnet.se (Broadcast) tell 80-84-42-1.jscnet.se, length 46
21:10:55.062553 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 80-84-42-133.jscnet.se (Broadcast) tell 80-84-42-129.jscnet.se, length 46
21:10:55.070438 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 80-84-42-135.jscnet.se (Broadcast) tell 80-84-42-129.jscnet.se, length 46
21:10:55.078090 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 80-84-42-147.jscnet.se (Broadcast) tell 80-84-42-129.jscnet.se, length 46
21:10:55.086669 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 80-84-42-148.jscnet.se (Broadcast) tell 80-84-42-129.jscnet.se, length 46
21:10:55.094321 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 80-84-42-159.jscnet.se (Broadcast) tell 80-84-42-129.jscnet.se, length 46
21:10:55.102205 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 80-84-42-164.jscnet.se (Broadcast) tell 80-84-42-129.jscnet.se, length 46
21:10:55.110089 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 80-84-42-170.jscnet.se (Broadcast) tell 80-84-42-129.jscnet.se, length 46
21:10:55.118205 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 80-84-42-172.jscnet.se (Broadcast) tell 80-84-42-129.jscnet.se, length 46
21:10:55.125393 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 80-84-42-169.jscnet.se (Broadcast) tell 80-84-42-129.jscnet.se, length 46
21:10:55.134205 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 80-84-42-177.jscnet.se (Broadcast) tell 80-84-42-129.jscnet.se, length 46

Please help!

I have dropped a supout file to MT for help...
 
Neilson
Member Candidate
Member Candidate
Posts: 174
Joined: Tue Nov 06, 2012 10:42 pm
Location: Auckland, New Zealand

Re: CRS Documentation

Mon Dec 16, 2013 5:36 am

@steen

Ask for access to latest beta release.

Draft changelog says:
*) fixed port isolation on CRSs (bug introduced in v6.6);

While port isolation != VLAN leakage it could be how they are describing it.

Regards
Alexander
 
steen
Member
Member
Posts: 475
Joined: Sat Oct 23, 2010 2:15 am
Location: Sweden
Contact:

Re: CRS Documentation

Mon Dec 16, 2013 4:05 pm

@steen

Ask for access to latest beta release.

Draft changelog says:
*) fixed port isolation on CRSs (bug introduced in v6.6);

While port isolation != VLAN leakage it could be how they are describing it.

Regards
Alexander
Hello Alexander!

I got from mikrotik support that RoS6.8 release candidate has that issue fixed. Also I got copy of image from them.
A full reconfigure is needed after RoS6.8 release candidate is installed.
I have not yet tried it, but I will not put something into production with release candidates, it must be stable release.
 
scampbell
Trainer
Trainer
Posts: 487
Joined: Thu Jun 22, 2006 5:20 am
Location: Wellington, NZ
Contact:

Re: CRS Documentation

Mon Dec 16, 2013 9:10 pm

@steen

Ask for access to latest beta release.

Draft changelog says:
*) fixed port isolation on CRSs (bug introduced in v6.6);

While port isolation != VLAN leakage it could be how they are describing it.

Regards
Alexander
Hi Alexander,

I popped that release on a CRS and it looks like Pacific/Auckland time now says GMT-7 instead of GMT + 13 :-)
GMT.JPG
You do not have the required permissions to view the files attached to this post.
 
Neilson
Member Candidate
Member Candidate
Posts: 174
Joined: Tue Nov 06, 2012 10:42 pm
Location: Auckland, New Zealand

Re: CRS Documentation

Tue Dec 17, 2013 4:09 am

@steen

Ask for access to latest beta release.

Draft changelog says:
*) fixed port isolation on CRSs (bug introduced in v6.6);

While port isolation != VLAN leakage it could be how they are describing it.

Regards
Alexander
Hello Alexander!

I got from mikrotik support that RoS6.8 release candidate has that issue fixed. Also I got copy of image from them.
A full reconfigure is needed after RoS6.8 release candidate is installed.
I have not yet tried it, but I will not put something into production with release candidates, it must be stable release.

I understand your position of not putting release candidates into production.

I had a laugh however as I am logged into an edge router I have in the field running 6.6RC1 which if we remember worked however the released version had that VLAN bug.

I am running 6.8 in some secondary devices at the moment to give them some real traffic.

I didn't know about the full reconfigure being required as I havent tried 6.8 on any of my CRS's yet so thanks for the heads up

Note to Mikrotik: this may do to be noted on the beta release page.

I more pointed you in the direction of that beta release to test on your spare CRS in the lab trying to generate the bug.

Regards
Alexander
 
Neilson
Member Candidate
Member Candidate
Posts: 174
Joined: Tue Nov 06, 2012 10:42 pm
Location: Auckland, New Zealand

Re: CRS Documentation

Tue Dec 17, 2013 4:12 am

@steen

Ask for access to latest beta release.

Draft changelog says:
*) fixed port isolation on CRSs (bug introduced in v6.6);

While port isolation != VLAN leakage it could be how they are describing it.

Regards
Alexander
Hi Alexander,

I popped that release on a CRS and it looks like Pacific/Auckland time now says GMT-7 instead of GMT + 13 :-)
GMT.JPG

@scampbell

Good of Mikrotik to "fix" our timezone along with all the others.

I can confirm the time in Auckland now is 7:11 pm yesterday (I should look at getting ready for bed soon)

Not sure how Mikrotik stores and updates TZData however it looks like someone accidentially blasted a bad database into it.

Regards
Alexander
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26912
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: CRS Documentation

Tue Dec 17, 2013 9:50 am

6.8rc next release will fix the timezones. there was a bug where all timezones got shifted
 
scampbell
Trainer
Trainer
Posts: 487
Joined: Thu Jun 22, 2006 5:20 am
Location: Wellington, NZ
Contact:

Re: CRS Documentation

Sat Dec 21, 2013 9:47 am

Any sign of cli documentation yet ?
 
mukas
just joined
Posts: 4
Joined: Mon Mar 11, 2013 11:10 am

Re: CRS Documentation

Thu Jan 02, 2014 4:45 am

any news?
 
lashguti
Frequent Visitor
Frequent Visitor
Posts: 97
Joined: Sat Apr 21, 2012 7:42 am

Re: CRS Documentation

Sat Jan 04, 2014 7:18 pm

where is promised documentation, without it crs is useless, and previous link with crs_examples needs to be updated as syntax has changed
 
vflorin
just joined
Posts: 6
Joined: Wed Jul 04, 2012 5:42 pm

Re: CRS Documentation

Tue Jan 21, 2014 9:51 pm

Please MikroTik team, post documentation of CRS125! We have 20 new switchs here, we need to put up VLAN everywhere, and the examples in the page http://wiki.mikrotik.com/wiki/Manual:CRS_examples don't work with 6.7 version.

CRS125 seems to be a great product, but how could we use it?

Thanks for your help.

Vincent Florin.
 
User avatar
honzam
Forum Guru
Forum Guru
Posts: 2397
Joined: Wed Feb 27, 2008 10:27 pm
Location: Czech Republic

Re: CRS Documentation

Tue Jan 21, 2014 10:09 pm

+ 2
 
User avatar
cbrown
Trainer
Trainer
Posts: 1839
Joined: Thu Oct 14, 2010 8:57 pm
Contact:

Re: CRS Documentation

Wed Jan 22, 2014 1:42 am

+1

This is absolutely needed.
 
User avatar
honzam
Forum Guru
Forum Guru
Posts: 2397
Joined: Wed Feb 27, 2008 10:27 pm
Location: Czech Republic

Re: CRS Documentation

Thu Jan 23, 2014 4:44 pm

MT support - Can you promise something?
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26912
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: CRS Documentation

Fri Jan 24, 2014 7:49 am

Next week we will publish an update of the documentation. Sorry about the delay.
 
vflorin
just joined
Posts: 6
Joined: Wed Jul 04, 2012 5:42 pm

Re: CRS Documentation

Fri Jan 24, 2014 10:56 am

Thanks for the reply.

Could you please publish NOW something updated (even in beta stage) on configuring VLANs? We have 20 CRS-125 here for the new network of one of our customers, users will start to work next week and we need to set up VLANs for them before! Just the grammar to set up VLAN and affect ports in terminal…
 
efaden
Forum Guru
Forum Guru
Posts: 1708
Joined: Sat Mar 30, 2013 1:55 am
Location: New York, USA

Re: CRS Documentation

Thu Jan 30, 2014 8:15 pm

Next week we will publish an update of the documentation. Sorry about the delay.
Almost Friday... any update on this?
 
vflorin
just joined
Posts: 6
Joined: Wed Jul 04, 2012 5:42 pm

Re: CRS Documentation

Thu Jan 30, 2014 8:24 pm

 
efaden
Forum Guru
Forum Guru
Posts: 1708
Joined: Sat Mar 30, 2013 1:55 am
Location: New York, USA

Re: CRS Documentation

Thu Jan 30, 2014 8:27 pm

 
User avatar
omidkosari
Trainer
Trainer
Posts: 640
Joined: Fri Sep 01, 2006 4:18 pm
Location: Canada, Toronto

Re: CRS Documentation

Wed Mar 05, 2014 9:53 am

I have followed instruction from http://wiki.mikrotik.com/wiki/Manual:CR ... Based_VLAN but still leak happens in v6.9 :(
Playing with the configs makes switch crash so i could not try and false .
Anybody found a workaround ?
You do not have the required permissions to view the files attached to this post.
 
User avatar
omidkosari
Trainer
Trainer
Posts: 640
Joined: Fri Sep 01, 2006 4:18 pm
Location: Canada, Toronto

Re: CRS Documentation

Sat Mar 15, 2014 2:36 pm

Please add some documentation about 1:1 Vlan Switching
 
Bitto
Frequent Visitor
Frequent Visitor
Posts: 94
Joined: Wed May 02, 2012 10:15 am

Re: CRS Documentation

Wed Mar 19, 2014 6:38 pm

Finally we have our new CRS125-24G-1S-RM in our hands, but switch menu changed. There is a menu about mirroring that makes none sense..
It seems cpu is mirroring all traffic to one port.
I couldn't find examples and manuals in wiki can any one send a configuration example of where ether2 is fully mirrored to ether3 (ingress and egress) ?
 
lashguti
Frequent Visitor
Frequent Visitor
Posts: 97
Joined: Sat Apr 21, 2012 7:42 am

Re: CRS Documentation

Thu Apr 24, 2014 6:03 pm

example shown here: http://wiki.mikrotik.com/wiki/Manual:CR ... _Isolation

does not match CLI commands, I checked isolated ports section,

I managed to do it via GUI, it is working well, but I have question, How should I make so that router was accessible on all ports,
I can only access it through master port(promiscuous)
 
becs
MikroTik Support
MikroTik Support
Posts: 501
Joined: Thu Jul 07, 2011 8:26 am

Re: CRS Documentation

Fri Apr 25, 2014 2:03 pm

I managed to do it via GUI, it is working well, but I have question, How should I make so that router was accessible on all ports,
I can only access it through master port(promiscuous)
Add switch1-cpu port to all port-profiles from which you want access to the router, for wiki example it is:
/interface ethernet switch port-isolation
add port-profile=1 ports=ether2,switch1-cpu type=dst
add port-profile=2 ports=ether2,ether7,ether8,switch1-cpu type=dst
add port-profile=3 ports=ether2,ether9,ether10,switch1-cpu type=dst
 
steen
Member
Member
Posts: 475
Joined: Sat Oct 23, 2010 2:15 am
Location: Sweden
Contact:

Re: CRS Documentation

Wed Apr 30, 2014 3:55 pm

Hello Folks!

I can not get this vlan stuff working, the switch is leaking traffic all over like a hub, or not working at all.

All I want is a trunk line for my vlans coming from cisco trunk and then attach access ports to the vlans.

By guesswork the most suitable example should be "Port Based VLAN" (http://wiki.mikrotik.com/wiki/Manual:CRS_examples)
My trunk has vlans 10, 20, 100, 110, 200, 220coming in at ether2 and accessports connect to vlans is
10 -> ether3, ether4, ether5
20 -> ether6
100 -> ether7, ether8
110 -> ether9, ether10
200 -> ether11
220 -> ether 12 towards ether16

Can anyone share howto setup a switch with one trunk and vlans and accessports that does not leak traffic please ?
 
Quindor
Member
Member
Posts: 347
Joined: Tue Aug 14, 2012 2:57 am
Location: Noord-Brabant, The Netherlands
Contact:

Re: CRS Documentation

Thu May 01, 2014 2:33 am

Hello Folks!

I can not get this vlan stuff working, the switch is leaking traffic all over like a hub, or not working at all.

All I want is a trunk line for my vlans coming from cisco trunk and then attach access ports to the vlans.

By guesswork the most suitable example should be "Port Based VLAN" (http://wiki.mikrotik.com/wiki/Manual:CRS_examples)
My trunk has vlans 10, 20, 100, 110, 200, 220coming in at ether2 and accessports connect to vlans is
10 -> ether3, ether4, ether5
20 -> ether6
100 -> ether7, ether8
110 -> ether9, ether10
200 -> ether11
220 -> ether 12 towards ether16

Can anyone share howto setup a switch with one trunk and vlans and accessports that does not leak traffic please ?
Are you running the newest version (6.12) of RouterOS? It fixes a lot of switch related CRS issues.
 
steen
Member
Member
Posts: 475
Joined: Sat Oct 23, 2010 2:15 am
Location: Sweden
Contact:

Re: CRS Documentation

Fri May 02, 2014 12:59 am

Hello Folks!

I am running 6.12.

Yesterday I got this from Microtik: You, probably, need to configure invalid VLAN filtering to block broadcasts from unwanted VLANs. Sample configuration is in the last section of this CRS example: http://wiki.mikrotik.com/wiki/Manual:CR ... _filtering

I never heard about invalid vlan filtering, never had to do that in any Cisco or HP switch, there you simply configure your vlans and access ports, thats it. But I will give it a try.
 
steen
Member
Member
Posts: 475
Joined: Sat Oct 23, 2010 2:15 am
Location: Sweden
Contact:

Re: CRS Documentation

Sun May 18, 2014 7:12 pm

Hello Folks!

I am very sorry RoS v6.13, the switch does still not work in this very basic accessport+vlan+trunk configuration. Not even the CRS example configurations work.

Anyone out there who ever got it working, and how did you solve it ?
How do we continue ?
 
ncd
just joined
Posts: 18
Joined: Sun Feb 23, 2014 10:18 pm

Re: CRS Documentation

Mon May 19, 2014 10:06 pm

I'm suffering the same issues. I even tried the examples and they don't work!
Each new release I hope will fix it but each time I'm let down.
 
steen
Member
Member
Posts: 475
Joined: Sat Oct 23, 2010 2:15 am
Location: Sweden
Contact:

Re: CRS Documentation

Tue May 20, 2014 10:09 pm

I'm suffering the same issues. I even tried the examples and they don't work!
Each new release I hope will fix it but each time I'm let down.
Hello Folks!

I receved something yesterday from MT support, I am currently in Stockholm so I can not test, but it look very promocing and will eventually work. I am back on Friday and will immediate write an report if it was successful and publish how.
 
Kampfwurst
Member Candidate
Member Candidate
Posts: 113
Joined: Mon Mar 24, 2014 2:53 pm

Re: CRS Documentation

Wed May 21, 2014 10:13 am

great ;-)
 
steen
Member
Member
Posts: 475
Joined: Sat Oct 23, 2010 2:15 am
Location: Sweden
Contact:

Re: CRS Documentation

Sat May 24, 2014 12:48 am

great ;-)
Okey, now I tested the suggested solution I was given from MT support.

The result:
It is _NOT_ working when /interface ethernet switch set forward-unknown-vlan=no
It has to be /interface ethernet switch set forward-unknown-vlan=yes or no traffic is passed at all.

Leaking traffic ?:
I did connect one MT device to ether6 of my CRS switch, and logged in to it and then I did /tools packet sniffer
I let it run for one hour during prime time backup and lot of noice in all vlans, I was not able to pick up any traffic leaking, I saw only traffic belonging to that VLAN.

I will connect one network analyzer to ether6 and the other ports as well tomorrow and come back with that result as well.
But so far, it looks like it actually was working!


Here is my devices lab configuration:

Cisco2960 --- vlan trunk (20, 100, 200, 220, 300, 400) --- CRS ether1

Here is the Cisco2960 switch configuration, port 13 is connected to ether1 of the CRS switch.
==================================================================
swfredriksdal2#show interfaces fastEthernet 0/13 status
Port Name Status Vlan Duplex Speed Type
Fa0/13 Desktop trunk connected trunk a-full a-100 10/100BaseTX

swfredriksdal2#show ip interface fastEthernet 0/13
FastEthernet0/13 is up, line protocol is up
Inbound access list is not set

swfredriksdal2# show interfaces trunk

Port Mode Encapsulation Status Native vlan
Fa0/13 on 802.1q trunking 1

Port Vlans allowed on trunk
Fa0/13 20,100,200,220,300,400

Port Vlans allowed and active in management domain
Fa0/13 20,100,200,220,300,400

Port Vlans in spanning tree forwarding state and not pruned
Fa0/13 20,100,200,220,300,400

VLAN 20 comes from another switch, and it does not have any access ports in this switch.
swfredriksdal2#show vlan brief

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
200 dmz1 active Fa0/5, Fa0/10, Fa0/11, Fa0/12
Fa0/21
220 dmz3 active Fa0/15, Fa0/19, Fa0/20, Gi0/2
300 MGT active Fa0/6, Fa0/9, Fa0/18, Fa0/22
Fa0/24
310 mgt2 active Fa0/7, Fa0/8
320 mgt3 active
400 dmz2 active Fa0/2

Here is my CRS configuration:
======================
/interface ethernet
set [ find default-name=ether6 ] master-port=ether1
set [ find default-name=ether7 ] master-port=ether1
set [ find default-name=ether8 ] master-port=ether1
set [ find default-name=ether9 ] master-port=ether1
set [ find default-name=ether10 ] master-port=ether1
set [ find default-name=ether11 ] master-port=ether1

# Tagging should be set on ether1 because it is a VLAN trunk port.
# Additionally, set switch1-cpu for VLAN200 to access IP address on VLAN
interface, the frames should be tagged on it as well.

/interface ethernet switch egress-vlan-tag
add tagged-ports=ether1 vlan-id=20
add tagged-ports=ether1 vlan-id=100
add tagged-ports=ether1,switch1-cpu vlan-id=200
add tagged-ports=ether1 vlan-id=220
add tagged-ports=ether1 vlan-id=300
add tagged-ports=ether1 vlan-id=400

/interface ethernet switch ingress-vlan-translation
add new-customer-vid=20 ports=ether6 sa-learning=yes
add new-customer-vid=100 ports=ether7 sa-learning=yes
add new-customer-vid=200 ports=ether8 sa-learning=yes
add new-customer-vid=220 ports=ether9 sa-learning=yes
add new-customer-vid=300 ports=ether10 sa-learning=yes
add new-customer-vid=400 ports=ether11 sa-learning=yes

# VLAN mebership should be adjusted according to VLAN tagging.
# VLAN id on ether1 and access port and for VLAN200 switch1-cpu port as well.

/interface ethernet switch vlan
add ports=ether1,ether6 vlan-id=20
add ports=ether1,ether7 vlan-id=100
add ports=ether1,ether8,switch1-cpu vlan-id=200
add ports=ether1,ether9 vlan-id=220
add ports=ether1,ether10 vlan-id=300
add ports=ether1,ether11 vlan-id=400

# Other VLAN interfaces seem to be unnecessary because they do not have IP address.

/interface vlan
add interface=ether1 l2mtu=1584 name=vlan200 vlan-id=200

/ip address
add address=172.16.1.111/24 interface=vlan200 network=172.16.1.0

# Putting no directly fully disables ALL traffic through the switch, it seems to work with yes, so far...
/interface ethernet switch
set forward-unknown-vlan=yes

Some tests
=========
Pinging from CRS:
[admin@MikroTik] > ping 172.16.1.1
HOST SIZE TTL TIME STATUS
172.16.1.1 56 64 1ms
172.16.1.1 56 64 0ms
172.16.1.1 56 64 0ms
172.16.1.1 56 64 0ms
sent=4 received=4 packet-loss=0% min-rtt=0ms avg-rtt=0ms max-rtt=1ms

Pinging from PC:
Microsoft Windows [Version 6.0.6002]
Copyright (c) 2006 Microsoft Corporation. Med ensamrätt.

C:\Users\peter>ping 172.16.1.111

Skickar ping-signal till 172.16.1.111 med 32 byte data:
Svar från 172.16.1.111: byte=32 tid < 1 ms TTL=64
Svar från 172.16.1.111: byte=32 tid < 1 ms TTL=64
Svar från 172.16.1.111: byte=32 tid < 1 ms TTL=64
Svar från 172.16.1.111: byte=32 tid=1ms TTL=64

Ping-statistik för 172.16.1.111:
Paket: Skickade = 4, Mottagna = 4, Förlorade = 0 (0 %),
Ungefärlig överföringstid i millisekunder:
Lägsta = 0 ms, Högsta = 1 ms, Medel = 0 ms

C:\Users\peter>

Pinging the ether6 connected AP from CRS:
[admin@MikroTik SW1] > ping 192.168.1.35
HOST SIZE TTL TIME STATUS
192.168.1.35 56 63 1ms
192.168.1.35 56 63 0ms
192.168.1.35 56 63 0ms
sent=3 received=3 packet-loss=0% min-rtt=0ms avg-rtt=0ms max-rtt=1ms

Pinging the connected AP from the PC in another subnet, through the Cisco- > CRS -> AP:
C:\Users\peter>ping 192.168.1.35

Skickar ping-signal till 192.168.1.35 med 32 byte data:
Svar från 192.168.1.35: byte=32 tid=4ms TTL=63
Svar från 192.168.1.35: byte=32 tid=1ms TTL=63
Svar från 192.168.1.35: byte=32 tid=1ms TTL=63
Svar från 192.168.1.35: byte=32 tid=1ms TTL=63

Ping-statistik för 192.168.1.35:
Paket: Skickade = 4, Mottagna = 4, Förlorade = 0 (0 %),
Ungefärlig överföringstid i millisekunder:
Lägsta = 1 ms, Högsta = 4 ms, Medel = 1 ms

So far so good, as written above, I will do network analysis on the CRS switchports tomorrow and see if it leaks traffic like before. If not, I will say this configuration might work. Then next up will be load tests and stability tests.
 
steen
Member
Member
Posts: 475
Joined: Sat Oct 23, 2010 2:15 am
Location: Sweden
Contact:

Re: CRS Documentation

Sat May 24, 2014 1:02 am

Hello Folks!

More discoveries, the CRS sometimes hangs forever in starting services after a reboot, a power cycle usually brings it back to operation again.

So it looks like that older bug is not fully removed.
I will tell MT support about it as well because the device is rendered as useless in production with that defect.

Not yet any network analyzis.
 
steen
Member
Member
Posts: 475
Joined: Sat Oct 23, 2010 2:15 am
Location: Sweden
Contact:

Re: CRS Documentation

Sat May 24, 2014 3:15 pm

Hello Folks!

More discoveries, the CRS sometimes hangs forever in starting services after a reboot, a power cycle usually brings it back to operation again.

So it looks like that older bug is not fully removed.
I will tell MT support about it as well because the device is rendered as useless in production with that defect.

Not yet any network analyzis.
Network analyzis done now.
The usual setup, redhat linux server hooked up to ether6 and another to ether8, then running TCPDUMP for 1 hour.
As far I could see, there was no leakage, only traffic that belonged to that vlan was visible and signalling traffic from switches and bridges in our network, for example spanning tree protocols and cisco discovery protocol and mikrotik own discovery protocol plus one and another broadcasts and dhcp stuff.

To test further, I added one more port to the CRS switch, ether12 ant attached it to vlan20:
/interface ethernet set ether12 master-port=ether1
/interface ethernet switch vlan add ports=ether1,ether6,ether12 vlan-id=20
/interface ethernet switch ingress-vlan-translation add new-customer-vid=20 ports=ether12 sa-learning=yes
Then I did move one of the servers to ether12 and did a ifdown && ifup command to get new IP from dhcp server.
Same test, tcpdump for 1 hour on eth0 on that server. same result as above, no visible leakage.

Next up is loadtests, to see what happens when we try to push the limit, if it still work, we will put one in production on test.

What now pussles me is that setting I was recommended to stop leakage:
/interface ethernet switch set forward-unknown-vlan=no
If you set it to yes, then all traffic stops and no more packages traverses the switch, anyone who can explain ?
I asked support yesterday late night, so eventually explanations comes in next week.

But so far, it looks promicing, lets hope it continues doing so.
 
steen
Member
Member
Posts: 475
Joined: Sat Oct 23, 2010 2:15 am
Location: Sweden
Contact:

Re: CRS Documentation

Sat May 24, 2014 3:52 pm

Hello Folks!

More discoveries, the CRS sometimes hangs forever in starting services after a reboot, a power cycle usually brings it back to operation again.

So it looks like that older bug is not fully removed.
I will tell MT support about it as well because the device is rendered as useless in production with that defect.

Not yet any network analyzis.
Network analyzis done now.
The usual setup, redhat linux server hooked up to ether6 and another to ether8, then running TCPDUMP for 1 hour.
As far I could see, there was no leakage, only traffic that belonged to that vlan was visible and signalling traffic from switches and bridges in our network, for example spanning tree protocols and cisco discovery protocol and mikrotik own discovery protocol plus one and another broadcasts and dhcp stuff.

To test further, I added one more port to the CRS switch, ether12 ant attached it to vlan20:
/interface ethernet set ether12 master-port=ether1
/interface ethernet switch vlan add ports=ether1,ether6,ether12 vlan-id=20
/interface ethernet switch ingress-vlan-translation add new-customer-vid=20 ports=ether12 sa-learning=yes
Then I did move one of the servers to ether12 and did a ifdown && ifup command to get new IP from dhcp server.
Same test, tcpdump for 1 hour on eth0 on that server. same result as above, no visible leakage.

Next up is loadtests, to see what happens when we try to push the limit, if it still work, we will put one in production on test.

What now pussles me is that setting I was recommended to stop leakage:
/interface ethernet switch set forward-unknown-vlan=no
If you set it to yes, then all traffic stops and no more packages traverses the switch, anyone who can explain ?
I asked support yesterday late night, so eventually explanations comes in next week.

But so far, it looks promicing, lets hope it continues doing so.
First load test also went well, copying data between the servers and through the trunk up and down in same time, speeds 30Mbit/s internet traffic at all time, up and down in same time 70-90Mbit/s copy between servers. The LAB servers had only 100Mbit/s interfaces that is whi speed is below 100Mbit/s. I let it run for some time and did not notice anything unusal.

So it is time to move on with CRS, to see how it works in a limited production environment, with gigabit and all nice stuff. I will be back with more information about it in some time.

There are remaining questions, how does CRS handle spanning tree and broadcast storms and garbagled packages ?
I am used to Cisco and HP, they deal with it in a good manner.
 
michaelahess
just joined
Posts: 17
Joined: Thu Nov 11, 2010 4:56 am

Re: CRS Documentation

Tue Jun 10, 2014 4:28 am

I've duplicated the config, mostly, for what steen has done. I have the switch working almost as expected now. However all the ports assigned to vlan 100 for example, seem to be leaking, traffic on the tx side is equal on all ports in that vlan.

This has caused two strange issues, my Konica Minolta 2430DL is inaccessible, even though all other devices on my network are fine. And my freenas server is accessible via ping and scp, but not smb and https. Literally nothing has changed on my clients other than swapping my old cisco switch with this one.

Also, I can't get the wireless to work. Bridged to port 2 where I have the master port with all my vlan's, I get no rx on the bridge. Setting it to bridge from wireless to vlan100 (primary network), I get traffic but can't pickup my DHCP server.

I've attached my config, if anyone could please help me fix these last few issues, I'd very much appreciate it!
You do not have the required permissions to view the files attached to this post.
 
becs
MikroTik Support
MikroTik Support
Posts: 501
Joined: Thu Jul 07, 2011 8:26 am

Re: CRS Documentation

Wed Jun 11, 2014 12:23 pm

@michaelahess
The Ingress VLAN translation rules need enabled source address learning (sa-learning=yes), that will prevent traffic flooding.

And seems that wireless interface should be bridged with specific VLAN interfaces which have IP addresses and DHCP servers configured.
 
michaelahess
just joined
Posts: 17
Joined: Thu Nov 11, 2010 4:56 am

Re: CRS Documentation

Thu Jun 12, 2014 7:49 pm

@michaelahess
The Ingress VLAN translation rules need enabled source address learning (sa-learning=yes), that will prevent traffic flooding.

And seems that wireless interface should be bridged with specific VLAN interfaces which have IP addresses and DHCP servers configured.
I enabled SA Learning on all ports on vlan100, traffic dropped considerable but it still seems like there is something doing a lot of broadcasts. I fired up Torch and it froze the device after a short while. A reboot didn't help, I had to default and restore a previous backup.

Now I'm running with SA Learning on all ports, and wireless bridged to a vlan, DHCP is applied to the bridge now, I'd tried applying to the vlan which was apparently wrong. I will do a wireshark on my Freenas server as I still have only random ability to access that device. Everything else seems to be working.

Thanks for the help becs!!!!!!
 
steen
Member
Member
Posts: 475
Joined: Sat Oct 23, 2010 2:15 am
Location: Sweden
Contact:

Re: CRS Documentation

Sat Jun 21, 2014 10:25 pm

Hello Folks!

I have another strange issue with CRS, the sfp cage leds is normally on regardless it is enabled or not, I do not have any sfp device attached either. But on one of the CRS the led is on during boot and then shut off when CRS comes available after boot is finished. It came after upgrading to RoS6.15, all other CRS has lights on so to say.

I have no gbic to test with to see if it is broken in a way.

Any who have observed this "led" issue ?
 
steen
Member
Member
Posts: 475
Joined: Sat Oct 23, 2010 2:15 am
Location: Sweden
Contact:

Re: CRS Documentation

Sat Jun 21, 2014 11:46 pm

Hello Folks!

I have another strange issue with CRS, the sfp cage leds is normally on regardless it is enabled or not, I do not have any sfp device attached either. But on one of the CRS the led is on during boot and then shut off when CRS comes available after boot is finished. It came after upgrading to RoS6.15, all other CRS has lights on so to say.

Any who have observed this "led" issue ?
Okidoki, led issue solved by doing a rollback on the trouble device.
1. resetted to fectory default with no default settings, led still off.
2. rolled back to RoS6.13 restarted with powe cycle afterwards etc, sfp led still off.
3. rolled back system routerboard firmware to 3.14, sfp led now on like before.

4. upgrade to RoS6.14, whole CRS hang at starting service had to do a power cycle, led is now off and there is no system routerboard firmware 3.15

So it got broken at this stage, at least for this CRS, strange that all except this one worked.

5. upgrade to RoS6.15 again, led is off..
6. upgrade to system routerboard firmware 3.16, led is off..

Okey, next up is then a full reset again and netinstall to see if it helps.
Still no sfp led.

So it seems like CRS sfp is broken from RoS6.13

Who is online

Users browsing this forum: No registered users and 6 guests