MikroTik

Community discussions
https://forum.mikrotik.com/

CRS-125 works like-hub

https://forum.mikrotik.com/viewtopic.php?t=84535

Page 1 of 1

CRS-125 works like-hub

Posted: Wed Apr 30, 2014 9:57 am
by enman
Hi, CRS-125 works as a hub, sending all packets to all ports. Command that recommend to apply does not work on the latest firmware.
Code: Select all
/interface ethernet switch port set [find] learn-restricted-unknown-sa=yes
This command does not work. Recommend any hack? Please.

Re: CRS-125 works like-hub

Posted: Wed Apr 30, 2014 2:30 pm
by efaden
Hi, CRS-125 works as a hub, sending all packets to all ports. Command that recommend to apply does not work on the latest firmware.
Code: Select all
/interface ethernet switch port set [find] learn-restricted-unknown-sa=yes
This command does not work. Recommend any hack? Please.
Running 6.12? Post your export. Reset your configuration to defaults and test it.

Re: CRS-125 works like-hub

Posted: Wed Apr 30, 2014 2:44 pm
by enman
Hi, CRS-125 works as a hub, sending all packets to all ports. Command that recommend to apply does not work on the latest firmware.
Code: Select all
/interface ethernet switch port set [find] learn-restricted-unknown-sa=yes
This command does not work. Recommend any hack? Please.
Running 6.12? Post your export. Reset your configuration to defaults and test it.
Yes, 6.12. Any problems are solved by resetting the Mikrotik? Every time? Device in other city ~6000 km. I have only remote access...
Code: Select all
[ivn@yakut1-gtw01] /interface ethernet switch port> print
Flags: I - invalid 
 0   name="ISP1" egress-customer-tpid=0x8100 egress-service-tpid=0x88A8 learn=no allow-unicast-loopback=no allow-multicast-loopback=no action-on-static-station-move=forward drop-when-ufdb-entry-src-drop=yes isolation-leakage-profile=30 vlan-type=network-port allow-fdb-based-vlan-translate=no allow-mac-based-service-vlan-assignment-for=all 
     allow-mac-based-customer-vlan-assignment-for=all filter-untagged-frame=no filter-priority-tagged-frame=no filter-tagged-frame=no egress-vlan-tag-table-lookup-key=egress-vid egress-vlan-mode=unmodified ingress-mirror-to=none ingress-mirroring-according-to-vlan=no egress-mirror-to=none 
     qos-scheme-precedence=ingress-acl-based,sa-based,da-based,dscp-based,protocol-based,vlan-based,pcp-based default-customer-pcp=0 default-service-pcp=0 pcp-propagation-for-initial-pcp=no egress-pcp-propagation=no dscp-based-qos-dscp-to-dscp-mapping=no pcp-or-dscp-based-qos-change-dei=no pcp-or-dscp-based-qos-change-pcp=no 
     pcp-or-dscp-based-qos-change-dscp=no pcp-based-qos-drop-precedence-mapping=0-15:green pcp-based-qos-dscp-mapping=0-15:0 pcp-based-qos-dei-mapping=0-15:0 pcp-based-qos-pcp-mapping=0-15:0 pcp-based-qos-priority-mapping=0-15:0 priority-to-queue=0-15:0,1:1,2:2,3:3 
     per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128 custom-drop-counter-includes="" queue-custom-drop-counter0-includes="" queue-custom-drop-counter1-includes="" policy-drop-counter-includes="" 

 1   name="ISP2" egress-customer-tpid=0x8100 egress-service-tpid=0x88A8 learn=no allow-unicast-loopback=no allow-multicast-loopback=no action-on-static-station-move=forward drop-when-ufdb-entry-src-drop=yes isolation-leakage-profile=30 vlan-type=network-port allow-fdb-based-vlan-translate=no allow-mac-based-service-vlan-assignment-for=all 
     allow-mac-based-customer-vlan-assignment-for=all filter-untagged-frame=no filter-priority-tagged-frame=no filter-tagged-frame=no egress-vlan-tag-table-lookup-key=egress-vid egress-vlan-mode=unmodified ingress-mirror-to=none ingress-mirroring-according-to-vlan=no egress-mirror-to=none 
     qos-scheme-precedence=ingress-acl-based,sa-based,da-based,dscp-based,protocol-based,vlan-based,pcp-based default-customer-pcp=0 default-service-pcp=0 pcp-propagation-for-initial-pcp=no egress-pcp-propagation=no dscp-based-qos-dscp-to-dscp-mapping=no pcp-or-dscp-based-qos-change-dei=no pcp-or-dscp-based-qos-change-pcp=no 
     pcp-or-dscp-based-qos-change-dscp=no pcp-based-qos-drop-precedence-mapping=0-15:green pcp-based-qos-dscp-mapping=0-15:0 pcp-based-qos-dei-mapping=0-15:0 pcp-based-qos-pcp-mapping=0-15:0 pcp-based-qos-priority-mapping=0-15:0 priority-to-queue=0-15:0,1:1,2:2,3:3 
     per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128 custom-drop-counter-includes="" queue-custom-drop-counter0-includes="" queue-custom-drop-counter1-includes="" policy-drop-counter-includes="" 

 2   name="ether03-master" ingress-customer-tpid=0x8100 egress-customer-tpid=0x8100 ingress-service-tpid=0x88A8 egress-service-tpid=0x88A8 learn=yes allow-unicast-loopback=no allow-multicast-loopback=no action-on-static-station-move=forward drop-when-ufdb-entry-src-drop=yes isolation-leakage-profile=29 vlan-type=network-port 
     allow-fdb-based-vlan-translate=no allow-mac-based-service-vlan-assignment-for=all allow-mac-based-customer-vlan-assignment-for=all filter-untagged-frame=no filter-priority-tagged-frame=no filter-tagged-frame=no egress-vlan-tag-table-lookup-key=egress-vid egress-vlan-mode=unmodified ingress-mirror-to=none 
     ingress-mirroring-according-to-vlan=no egress-mirror-to=none qos-scheme-precedence=ingress-acl-based,sa-based,da-based,dscp-based,protocol-based,vlan-based,pcp-based default-customer-pcp=0 default-service-pcp=0 pcp-propagation-for-initial-pcp=no egress-pcp-propagation=no dscp-based-qos-dscp-to-dscp-mapping=no 
     pcp-or-dscp-based-qos-change-dei=no pcp-or-dscp-based-qos-change-pcp=no pcp-or-dscp-based-qos-change-dscp=no pcp-based-qos-drop-precedence-mapping=0-15:green pcp-based-qos-dscp-mapping=0-15:0 pcp-based-qos-dei-mapping=0-15:0 pcp-based-qos-pcp-mapping=0-15:0 pcp-based-qos-priority-mapping=0-15:0 priority-to-queue=0-15:0,1:1,2:2,3:3 
     per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128 custom-drop-counter-includes="" queue-custom-drop-counter0-includes="" queue-custom-drop-counter1-includes="" policy-drop-counter-includes="" 

 3   name="ether04-slave" ingress-customer-tpid=0x8100 egress-customer-tpid=0x8100 ingress-service-tpid=0x88A8 egress-service-tpid=0x88A8 learn=yes allow-unicast-loopback=no allow-multicast-loopback=no action-on-static-station-move=forward drop-when-ufdb-entry-src-drop=yes isolation-leakage-profile=29 vlan-type=network-port 
     allow-fdb-based-vlan-translate=no allow-mac-based-service-vlan-assignment-for=all allow-mac-based-customer-vlan-assignment-for=all filter-untagged-frame=no filter-priority-tagged-frame=no filter-tagged-frame=no egress-vlan-tag-table-lookup-key=egress-vid egress-vlan-mode=unmodified ingress-mirror-to=none 
     ingress-mirroring-according-to-vlan=no egress-mirror-to=none qos-scheme-precedence=ingress-acl-based,sa-based,da-based,dscp-based,protocol-based,vlan-based,pcp-based default-customer-pcp=0 default-service-pcp=0 pcp-propagation-for-initial-pcp=no egress-pcp-propagation=no dscp-based-qos-dscp-to-dscp-mapping=no 
     pcp-or-dscp-based-qos-change-dei=no pcp-or-dscp-based-qos-change-pcp=no pcp-or-dscp-based-qos-change-dscp=no pcp-based-qos-drop-precedence-mapping=0-15:green pcp-based-qos-dscp-mapping=0-15:0 pcp-based-qos-dei-mapping=0-15:0 pcp-based-qos-pcp-mapping=0-15:0 pcp-based-qos-priority-mapping=0-15:0 priority-to-queue=0-15:0,1:1,2:2,3:3 
     per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128 custom-drop-counter-includes="" queue-custom-drop-counter0-includes="" queue-custom-drop-counter1-includes="" policy-drop-counter-includes="" 

 4   name="ether05-slave" ingress-customer-tpid=0x8100 egress-customer-tpid=0x8100 ingress-service-tpid=0x88A8 egress-service-tpid=0x88A8 learn=yes allow-unicast-loopback=no allow-multicast-loopback=no action-on-static-station-move=forward drop-when-ufdb-entry-src-drop=yes isolation-leakage-profile=29 vlan-type=network-port 
     allow-fdb-based-vlan-translate=no allow-mac-based-service-vlan-assignment-for=all allow-mac-based-customer-vlan-assignment-for=all filter-untagged-frame=no filter-priority-tagged-frame=no filter-tagged-frame=no egress-vlan-tag-table-lookup-key=egress-vid egress-vlan-mode=unmodified ingress-mirror-to=none 
     ingress-mirroring-according-to-vlan=no egress-mirror-to=none qos-scheme-precedence=ingress-acl-based,sa-based,da-based,dscp-based,protocol-based,vlan-based,pcp-based default-customer-pcp=0 default-service-pcp=0 pcp-propagation-for-initial-pcp=no egress-pcp-propagation=no dscp-based-qos-dscp-to-dscp-mapping=no 
     pcp-or-dscp-based-qos-change-dei=no pcp-or-dscp-based-qos-change-pcp=no pcp-or-dscp-based-qos-change-dscp=no pcp-based-qos-drop-precedence-mapping=0-15:green pcp-based-qos-dscp-mapping=0-15:0 pcp-based-qos-dei-mapping=0-15:0 pcp-based-qos-pcp-mapping=0-15:0 pcp-based-qos-priority-mapping=0-15:0 priority-to-queue=0-15:0,1:1,2:2,3:3 
     per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128 custom-drop-counter-includes="" queue-custom-drop-counter0-includes="" queue-custom-drop-counter1-includes="" policy-drop-counter-includes=""

Re: CRS-125 works like-hub

Posted: Wed Apr 30, 2014 2:48 pm
by efaden
Hi, CRS-125 works as a hub, sending all packets to all ports. Command that recommend to apply does not work on the latest firmware.
Code: Select all
/interface ethernet switch port set [find] learn-restricted-unknown-sa=yes
This command does not work. Recommend any hack? Please.
Running 6.12? Post your export. Reset your configuration to defaults and test it.
Yes, 6.12. Any problems are solved by resetting the Mikrotik? Every time? Device in other city ~6000 km. I have only remote access...
Code: Select all
[ivn@yakut1-gtw01] /interface ethernet switch port> print
Flags: I - invalid 
 0   name="ISP1" egress-customer-tpid=0x8100 egress-service-tpid=0x88A8 learn=no allow-unicast-loopback=no allow-multicast-loopback=no action-on-static-station-move=forward drop-when-ufdb-entry-src-drop=yes isolation-leakage-profile=30 vlan-type=network-port allow-fdb-based-vlan-translate=no allow-mac-based-service-vlan-assignment-for=all 
     allow-mac-based-customer-vlan-assignment-for=all filter-untagged-frame=no filter-priority-tagged-frame=no filter-tagged-frame=no egress-vlan-tag-table-lookup-key=egress-vid egress-vlan-mode=unmodified ingress-mirror-to=none ingress-mirroring-according-to-vlan=no egress-mirror-to=none 
     qos-scheme-precedence=ingress-acl-based,sa-based,da-based,dscp-based,protocol-based,vlan-based,pcp-based default-customer-pcp=0 default-service-pcp=0 pcp-propagation-for-initial-pcp=no egress-pcp-propagation=no dscp-based-qos-dscp-to-dscp-mapping=no pcp-or-dscp-based-qos-change-dei=no pcp-or-dscp-based-qos-change-pcp=no 
     pcp-or-dscp-based-qos-change-dscp=no pcp-based-qos-drop-precedence-mapping=0-15:green pcp-based-qos-dscp-mapping=0-15:0 pcp-based-qos-dei-mapping=0-15:0 pcp-based-qos-pcp-mapping=0-15:0 pcp-based-qos-priority-mapping=0-15:0 priority-to-queue=0-15:0,1:1,2:2,3:3 
     per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128 custom-drop-counter-includes="" queue-custom-drop-counter0-includes="" queue-custom-drop-counter1-includes="" policy-drop-counter-includes="" 

 1   name="ISP2" egress-customer-tpid=0x8100 egress-service-tpid=0x88A8 learn=no allow-unicast-loopback=no allow-multicast-loopback=no action-on-static-station-move=forward drop-when-ufdb-entry-src-drop=yes isolation-leakage-profile=30 vlan-type=network-port allow-fdb-based-vlan-translate=no allow-mac-based-service-vlan-assignment-for=all 
     allow-mac-based-customer-vlan-assignment-for=all filter-untagged-frame=no filter-priority-tagged-frame=no filter-tagged-frame=no egress-vlan-tag-table-lookup-key=egress-vid egress-vlan-mode=unmodified ingress-mirror-to=none ingress-mirroring-according-to-vlan=no egress-mirror-to=none 
     qos-scheme-precedence=ingress-acl-based,sa-based,da-based,dscp-based,protocol-based,vlan-based,pcp-based default-customer-pcp=0 default-service-pcp=0 pcp-propagation-for-initial-pcp=no egress-pcp-propagation=no dscp-based-qos-dscp-to-dscp-mapping=no pcp-or-dscp-based-qos-change-dei=no pcp-or-dscp-based-qos-change-pcp=no 
     pcp-or-dscp-based-qos-change-dscp=no pcp-based-qos-drop-precedence-mapping=0-15:green pcp-based-qos-dscp-mapping=0-15:0 pcp-based-qos-dei-mapping=0-15:0 pcp-based-qos-pcp-mapping=0-15:0 pcp-based-qos-priority-mapping=0-15:0 priority-to-queue=0-15:0,1:1,2:2,3:3 
     per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128 custom-drop-counter-includes="" queue-custom-drop-counter0-includes="" queue-custom-drop-counter1-includes="" policy-drop-counter-includes="" 

 2   name="ether03-master" ingress-customer-tpid=0x8100 egress-customer-tpid=0x8100 ingress-service-tpid=0x88A8 egress-service-tpid=0x88A8 learn=yes allow-unicast-loopback=no allow-multicast-loopback=no action-on-static-station-move=forward drop-when-ufdb-entry-src-drop=yes isolation-leakage-profile=29 vlan-type=network-port 
     allow-fdb-based-vlan-translate=no allow-mac-based-service-vlan-assignment-for=all allow-mac-based-customer-vlan-assignment-for=all filter-untagged-frame=no filter-priority-tagged-frame=no filter-tagged-frame=no egress-vlan-tag-table-lookup-key=egress-vid egress-vlan-mode=unmodified ingress-mirror-to=none 
     ingress-mirroring-according-to-vlan=no egress-mirror-to=none qos-scheme-precedence=ingress-acl-based,sa-based,da-based,dscp-based,protocol-based,vlan-based,pcp-based default-customer-pcp=0 default-service-pcp=0 pcp-propagation-for-initial-pcp=no egress-pcp-propagation=no dscp-based-qos-dscp-to-dscp-mapping=no 
     pcp-or-dscp-based-qos-change-dei=no pcp-or-dscp-based-qos-change-pcp=no pcp-or-dscp-based-qos-change-dscp=no pcp-based-qos-drop-precedence-mapping=0-15:green pcp-based-qos-dscp-mapping=0-15:0 pcp-based-qos-dei-mapping=0-15:0 pcp-based-qos-pcp-mapping=0-15:0 pcp-based-qos-priority-mapping=0-15:0 priority-to-queue=0-15:0,1:1,2:2,3:3 
     per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128 custom-drop-counter-includes="" queue-custom-drop-counter0-includes="" queue-custom-drop-counter1-includes="" policy-drop-counter-includes="" 

 3   name="ether04-slave" ingress-customer-tpid=0x8100 egress-customer-tpid=0x8100 ingress-service-tpid=0x88A8 egress-service-tpid=0x88A8 learn=yes allow-unicast-loopback=no allow-multicast-loopback=no action-on-static-station-move=forward drop-when-ufdb-entry-src-drop=yes isolation-leakage-profile=29 vlan-type=network-port 
     allow-fdb-based-vlan-translate=no allow-mac-based-service-vlan-assignment-for=all allow-mac-based-customer-vlan-assignment-for=all filter-untagged-frame=no filter-priority-tagged-frame=no filter-tagged-frame=no egress-vlan-tag-table-lookup-key=egress-vid egress-vlan-mode=unmodified ingress-mirror-to=none 
     ingress-mirroring-according-to-vlan=no egress-mirror-to=none qos-scheme-precedence=ingress-acl-based,sa-based,da-based,dscp-based,protocol-based,vlan-based,pcp-based default-customer-pcp=0 default-service-pcp=0 pcp-propagation-for-initial-pcp=no egress-pcp-propagation=no dscp-based-qos-dscp-to-dscp-mapping=no 
     pcp-or-dscp-based-qos-change-dei=no pcp-or-dscp-based-qos-change-pcp=no pcp-or-dscp-based-qos-change-dscp=no pcp-based-qos-drop-precedence-mapping=0-15:green pcp-based-qos-dscp-mapping=0-15:0 pcp-based-qos-dei-mapping=0-15:0 pcp-based-qos-pcp-mapping=0-15:0 pcp-based-qos-priority-mapping=0-15:0 priority-to-queue=0-15:0,1:1,2:2,3:3 
     per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128 custom-drop-counter-includes="" queue-custom-drop-counter0-includes="" queue-custom-drop-counter1-includes="" policy-drop-counter-includes="" 

 4   name="ether05-slave" ingress-customer-tpid=0x8100 egress-customer-tpid=0x8100 ingress-service-tpid=0x88A8 egress-service-tpid=0x88A8 learn=yes allow-unicast-loopback=no allow-multicast-loopback=no action-on-static-station-move=forward drop-when-ufdb-entry-src-drop=yes isolation-leakage-profile=29 vlan-type=network-port 
     allow-fdb-based-vlan-translate=no allow-mac-based-service-vlan-assignment-for=all allow-mac-based-customer-vlan-assignment-for=all filter-untagged-frame=no filter-priority-tagged-frame=no filter-tagged-frame=no egress-vlan-tag-table-lookup-key=egress-vid egress-vlan-mode=unmodified ingress-mirror-to=none 
     ingress-mirroring-according-to-vlan=no egress-mirror-to=none qos-scheme-precedence=ingress-acl-based,sa-based,da-based,dscp-based,protocol-based,vlan-based,pcp-based default-customer-pcp=0 default-service-pcp=0 pcp-propagation-for-initial-pcp=no egress-pcp-propagation=no dscp-based-qos-dscp-to-dscp-mapping=no 
     pcp-or-dscp-based-qos-change-dei=no pcp-or-dscp-based-qos-change-pcp=no pcp-or-dscp-based-qos-change-dscp=no pcp-based-qos-drop-precedence-mapping=0-15:green pcp-based-qos-dscp-mapping=0-15:0 pcp-based-qos-dei-mapping=0-15:0 pcp-based-qos-pcp-mapping=0-15:0 pcp-based-qos-priority-mapping=0-15:0 priority-to-queue=0-15:0,1:1,2:2,3:3 
     per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128 custom-drop-counter-includes="" queue-custom-drop-counter0-includes="" queue-custom-drop-counter1-includes="" policy-drop-counter-includes=""
Post your actual export. Not a print.

Personally I'd reset it and reconfigure it. NOT restore it from a backup. I have three of them and after that procedure it works fine.

Re: CRS-125 works like-hub

Posted: Wed Apr 30, 2014 3:43 pm
by steen
Hello Folks!

I tried all that, reset to factory default, netinstall, reconfigure from scratch.
Nothing works, it still leaks traffic, you can see traffic from all vlans.

Anyone who have any real working ways fixing it.

We tried to make a trunk and attach access ports to various vlans coming in from the trunk, it works in a way but it leaks.
So I am out of any clues how to fix this.

Re: CRS-125 works like-hub

Posted: Wed Apr 30, 2014 3:55 pm
by becs
You, probably, need to configure invalid VLAN filtering to block broadcasts from unwanted VLANs.
Sample configuration is in the last section of this CRS example:
http://wiki.mikrotik.com/wiki/Manual:CR ... _filtering

Re: CRS-125 works like-hub

Posted: Fri May 02, 2014 6:56 pm
by steen
You, probably, need to configure invalid VLAN filtering to block broadcasts from unwanted VLANs.
Sample configuration is in the last section of this CRS example:
http://wiki.mikrotik.com/wiki/Manual:CR ... _filtering
I do not fully understand invalid vlan filtering, I tried to follow the example but it differs we do not have intervlan routing and do not desire to have it in the switch either.

That configuration did not work at all, if I connect a server to the switch it becomes fully unavailable.

Can you please come up with a "normal switch with vlan and trunks example connected to cisco/hp trunk" or something similar.

Re: CRS-125 works like-hub

Posted: Fri May 02, 2014 9:03 pm
by docmarius
Downgrade to 6.10, apply the fix you posted in the first post and upgrade back to 6.12...

Re: CRS-125 works like-hub

Posted: Mon May 05, 2014 3:51 pm
by steen
You, probably, need to configure invalid VLAN filtering to block broadcasts from unwanted VLANs.
Sample configuration is in the last section of this CRS example:
http://wiki.mikrotik.com/wiki/Manual:CR ... _filtering
I do not fully understand invalid vlan filtering, I tried to follow the example but it differs we do not have intervlan routing and do not desire to have it in the switch either.

That configuration did not work at all, if I connect a server to the switch it becomes fully unavailable.

Can you please come up with a "normal switch with vlan and trunks example connected to cisco/hp trunk" or something similar.
Okey, I got support from my Mikrotik vendor, he says, basically use example "InterVLAN Routing with unknown VLAN filtering":
1. Slave against ether1 not ether2!
2. Then you must connect your management vlans to switch1-cpu
3. Then you must put the switch admin ip address on vlan(s), if you want to be able reaching it.
I will test this and come back with the result within the neares days.
If all then work, CRS has start become very useful.

Re: CRS-125 works like-hub

Posted: Fri May 09, 2014 11:25 pm
by steen
You, probably, need to configure invalid VLAN filtering to block broadcasts from unwanted VLANs.
Sample configuration is in the last section of this CRS example:
http://wiki.mikrotik.com/wiki/Manual:CR ... _filtering
I do not fully understand invalid vlan filtering, I tried to follow the example but it differs we do not have intervlan routing and do not desire to have it in the switch either.

That configuration did not work at all, if I connect a server to the switch it becomes fully unavailable.

Can you please come up with a "normal switch with vlan and trunks example connected to cisco/hp trunk" or something similar.
Okey, I got support from my Mikrotik vendor, he says, basically use example "InterVLAN Routing with unknown VLAN filtering":
1. Slave against ether1 not ether2!
2. Then you must connect your management vlans to switch1-cpu
3. Then you must put the switch admin ip address on vlan(s), if you want to be able reaching it.
I will test this and come back with the result within the neares days.
If all then work, CRS has start become very useful.
The tip from vendor did not work at all, the device now hangs forever starting services, device is bricked.....

Re: CRS-125 works like-hub

Posted: Sat May 10, 2014 5:03 pm
by gkornato
There's a known bug in 6.12, adding some VLAN options causes the switch to hang on reboot. It's probably not bricked, you can probably reset the config using a serial cable or holding the reset button. Here's the bug:

http://forum.mikrotik.com/viewtopic.php ... 50#p421493

Re: CRS-125 works like-hub

Posted: Fri May 16, 2014 10:22 pm
by steen
Hello Folks!

Tested ROS6.13 today (full reset without defaults and updated it, no netinstall yet).
The same CRS port based vlans and inter vlan routing examples same results all fail, no traffic at all is passed through the device to any ports, and yes we tried using both ether1 and ether2 as master port.

Positive is that CRS does not hang anymore, and it was not bricket a reset helped out.

If it works, with some other settings, then I start to feel we do not have that deep competence to deal with ingress/outgress tagging and policy groups I have seen people discussing here and there but never saw anyone coming up with some working results that I could understand, so maybe CRS as a switch is not for us after all. It has also started to consume lot of time doing all those tests when a new RoS is rolled out.

However, the device is usful as a plain switch, without using any vlans and such stuff, and we do use some for that here since months back.

We did never try using it as a router due to it's weak CPU, it might work in some small SOHO network which yet has not got 100Mbit/s internet.

Re: CRS-125 works like-hub

Posted: Sat May 24, 2014 3:54 pm
by steen
Hello Folks!

Tested ROS6.13 today (full reset without defaults and updated it, no netinstall yet).
The same CRS port based vlans and inter vlan routing examples same results all fail, no traffic at all is passed through the device to any ports, and yes we tried using both ether1 and ether2 as master port.

Positive is that CRS does not hang anymore, and it was not bricket a reset helped out.

If it works, with some other settings, then I start to feel we do not have that deep competence to deal with ingress/outgress tagging and policy groups I have seen people discussing here and there but never saw anyone coming up with some working results that I could understand, so maybe CRS as a switch is not for us after all. It has also started to consume lot of time doing all those tests when a new RoS is rolled out.

However, the device is usful as a plain switch, without using any vlans and such stuff, and we do use some for that here since months back.

We did never try using it as a router due to it's weak CPU, it might work in some small SOHO network which yet has not got 100Mbit/s internet.
We finally got it working in LAB, thanks to MT support: http://forum.mikrotik.com/viewtopic.php?f=3&t=78797 see bottom of link.

Re: CRS-125 works like-hub

Posted: Sun May 25, 2014 12:20 am
by docmarius
Could you please post the solution?

On the link you gave are a lot of configurations, a lot of tests, but where is the solution to the problem described?
Something like: do this command and that command and it's done. If possible without decorations of any kind...

Re: CRS-125 works like-hub

Posted: Sun May 25, 2014 9:34 am
by steen
Could you please post the solution?

On the link you gave are a lot of configurations, a lot of tests, but where is the solution to the problem described?
Something like: do this command and that command and it's done. If possible without decorations of any kind...
Absolutely, I put in all the steps because I have had so much struggles with it that I dont know if it will work if leaving one of the steps below out. So I am sorry, it will be relaitively much text, hopefully it helps you out.

Daisy chanied Cisco2960, CRS A, CRS B
Cisco 2960 <--TRUNK vlans:20,100,200,220,300,400 --> ether1 [CRS A] ether13 <--TRUNK vlans:20,100,200,220,300,400 --> ether1 [CRS B]

Configuration CRS A = CRS B, two access ports on vlan 20, one access port to each one of the other vlans and vlan trunk on ether1 and ether13

CRS A is set to have admin ip on vlan200: 172.16.1.111
CRS B is set to have admin ip on vlan200: 172.16.1.112

There are some more ip settings like default gw 172.16.1.1 and dns settings plus some route to another network 192.168.1.0/24 as well.

Also I did set passwords for admin, when done using winbox.

Preparing the CRS, fully reset and netinstall RoS6.14 (all steps from console port):
1. Connecting my laptop to the console port through USB to RS232 dongle.

2. Reset the switch fully:
/system reset-configuration no-defaults=yes skip-backup=yes
Power off by plugging cable out and in.

3. Netinstall CRS the ususal way by holding in the reset button whilst putting in the power cable in and same time have netinstal running on pc.
Here is how that is done: http://wiki.mikrotik.com/wiki/Manual:Netinstall

4. Upgrade to firmware 3.14:
/system routerboard upgrade
system reboot

5. Reset the switch fully again:
/system reset-configuration no-defaults=yes skip-backup=yes
Power off by plugging cable out and in.

Note!
On the second CRS I did simply skipped netinstall and simply upgrate to RoS6.14 and resetted + power cycled afterwards, and it worked, but hang in starting services first boot, a new power cycle and it hang in export compact, a new power cycle and then no more problems.

Configuring the switch CRS A from the console:
## BEGIN CONFIGURATION CRS A##
# 1. Configure a Switch group
/interface ethernet
set [ find default-name=ether6 ] master-port=ether1
set [ find default-name=ether7 ] master-port=ether1
set [ find default-name=ether8 ] master-port=ether1
set [ find default-name=ether9 ] master-port=ether1
set [ find default-name=ether10 ] master-port=ether1
set [ find default-name=ether11 ] master-port=ether1
set [ find default-name=ether12 ] master-port=ether1
set [ find default-name=ether13 ] master-port=ether1


# 2. Tagging should be set on ether1 because it is a VLAN trunk port.
# ether1 and ether13 is vlan trunks for vlan 20,100,200,220,300,400
# Additionally, set switch1-cpu for VLAN200 to access IP address on VLAN interface, the frames should be tagged on it as well.
/interface ethernet switch egress-vlan-tag
add tagged-ports=ether1,ether13 vlan-id=20
add tagged-ports=ether1,ether13 vlan-id=100
add tagged-ports=ether1,ether13,switch1-cpu vlan-id=200
add tagged-ports=ether1,ether13 vlan-id=220
add tagged-ports=ether1,ether13 vlan-id=300
add tagged-ports=ether1,ether13 vlan-id=400

/interface ethernet switch ingress-vlan-translation
add new-customer-vid=20 ports=ether6 sa-learning=yes
add new-customer-vid=100 ports=ether7 sa-learning=yes
add new-customer-vid=200 ports=ether8 sa-learning=yes
add new-customer-vid=220 ports=ether9 sa-learning=yes
add new-customer-vid=300 ports=ether10 sa-learning=yes
add new-customer-vid=400 ports=ether11 sa-learning=yes
add new-customer-vid=20 ports=ether12 sa-learning=yes

# 3. VLAN mebership should be adjusted according to VLAN tagging.
# VLAN id on ether1 and access port and for VLAN200 switch1-cpu port as well.
/interface ethernet switch vlan
add ports=ether1,ether6,ether12,ether13 vlan-id=20
add ports=ether1,ether7,ether13 vlan-id=100
add ports=ether1,ether8,ether13,switch1-cpu vlan-id=200
add ports=ether1,ether9,ether13 vlan-id=220
add ports=ether1,ether10,ether13 vlan-id=300
add ports=ether1,ether11,ether13 vlan-id=400

# 4. Other VLAN interfaces seem to be unnecessary because they do not have IP address.
/interface vlan
add interface=ether1 l2mtu=1584 name=vlan200 vlan-id=200

# 5. Put CRS A IP address on vlan200
/ip address
add address=172.16.1.111/24 interface=vlan200 network=172.16.1.0

# 6. Forward-Unknown-Vlan, MT say no, but that does not work, say yes and it works
# This has ben debatted a lot, I could never got it working with no, then swicth do not pass any traffic at all
/interface ethernet switch
set forward-unknown-vlan=yes

# 7. Other settings like routning, dns, ntp and CRS name
/ip dns
set servers=172.16.1.1
/ip dns static
add address=172.16.1.111 name=mikrotiksw1
/ip route
add distance=1 gateway=172.16.1.1
add distance=1 dst-address=192.168.0.0/16 gateway=172.16.1.253
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set api-ssl disabled=yes
/lcd
set backlight-timeout=15m
/snmp
set contact="Peter Steen" enabled=yes location="Some Place" trap-community=public
/system clock
set time-zone-name=Europe/Stockholm
/system identity
set name="MikroTik SW1"
/system ntp client
set enabled=yes mode=unicast primary-ntp=10.30.0.5 secondary-ntp=172.16.1.11
## END CONFIGURATION CRS A##

The do some tests:
Connect CRS A to Cisco, try pinging it's IP 172.16.1.111 and then access from winbox and try ping default gateway, and check that time is right and DNS is working.
Connect some device at ether6 (vlan 20) and see if it accessable and so on.
If all works, go on and configure CRS B!

Now we are done with CRS A, we configured CRS B the same way, exept IP, move the console cable to CRS B

## BEGIN CONFIGURATION CRS B##
# 1. Configure a Switch group
/interface ethernet
set [ find default-name=ether6 ] master-port=ether1
set [ find default-name=ether7 ] master-port=ether1
set [ find default-name=ether8 ] master-port=ether1
set [ find default-name=ether9 ] master-port=ether1
set [ find default-name=ether10 ] master-port=ether1
set [ find default-name=ether11 ] master-port=ether1
set [ find default-name=ether12 ] master-port=ether1
set [ find default-name=ether13 ] master-port=ether1


# 2. Tagging should be set on ether1 because it is a VLAN trunk port.
# ether1 and ether13 is vlan trunks for vlan 20,100,200,220,300,400
# Additionally, set switch1-cpu for VLAN200 to access IP address on VLAN interface, the frames should be tagged on it as well.
/interface ethernet switch egress-vlan-tag
add tagged-ports=ether1,ether13 vlan-id=20
add tagged-ports=ether1,ether13 vlan-id=100
add tagged-ports=ether1,ether13,switch1-cpu vlan-id=200
add tagged-ports=ether1,ether13 vlan-id=220
add tagged-ports=ether1,ether13 vlan-id=300
add tagged-ports=ether1,ether13 vlan-id=400

/interface ethernet switch ingress-vlan-translation
add new-customer-vid=20 ports=ether6 sa-learning=yes
add new-customer-vid=100 ports=ether7 sa-learning=yes
add new-customer-vid=200 ports=ether8 sa-learning=yes
add new-customer-vid=220 ports=ether9 sa-learning=yes
add new-customer-vid=300 ports=ether10 sa-learning=yes
add new-customer-vid=400 ports=ether11 sa-learning=yes
add new-customer-vid=20 ports=ether12 sa-learning=yes

# 3. VLAN mebership should be adjusted according to VLAN tagging.
# VLAN id on ether1 and access port and for VLAN200 switch1-cpu port as well.
/interface ethernet switch vlan
add ports=ether1,ether6,ether12,ether13 vlan-id=20
add ports=ether1,ether7,ether13 vlan-id=100
add ports=ether1,ether8,ether13,switch1-cpu vlan-id=200
add ports=ether1,ether9,ether13 vlan-id=220
add ports=ether1,ether10,ether13 vlan-id=300
add ports=ether1,ether11,ether13 vlan-id=400

# 4. Other VLAN interfaces seem to be unnecessary because they do not have IP address.
/interface vlan
add interface=ether1 l2mtu=1584 name=vlan200 vlan-id=200

# 5. Put CRS A IP address on vlan200
/ip address
add address=172.16.1.112/24 interface=vlan200 network=172.16.1.0

# 6. Forward-Unknown-Vlan, MT say no, but that does not work, say yes and it works
# This has ben debatted a lot, I could never got it working with no, then swicth do not pass any traffic at all
/interface ethernet switch
set forward-unknown-vlan=yes

# 7. Other settings like routning, dns, ntp and CRS name
/ip dns
set servers=172.16.1.1
/ip dns static
add address=172.16.1.112 name=mikrotiksw2
/ip route
add distance=1 gateway=172.16.1.1
add distance=1 dst-address=192.168.0.0/16 gateway=172.16.1.253
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set api-ssl disabled=yes
/lcd
set backlight-timeout=15m
/snmp
set contact="Peter Steen" enabled=yes location="Some Place" trap-community=public
/system clock
set time-zone-name=Europe/Stockholm
/system identity
set name="MikroTik SW1"
/system ntp client
set enabled=yes mode=unicast primary-ntp=10.30.0.5 secondary-ntp=172.16.1.11
## END CONFIGURATION CRS A##

Now connecto CRS A ether13 to CRS A ether1!

Try ping CRS B(172.16.1.112) from CRS A or any pc in vlan200.
Login using winbox to CRS B, and try ping default gw and the other switch and some else device, check the time and other stuff like DNS.

Re: CRS-125 works like-hub

Posted: Sun Jun 01, 2014 4:09 pm
by steen
Hello Folks!

I now got the forward-unknows-vlan=no working, before it locked CRS up fully and it did not pass any traffic, now it does.

"/interface ethernet switch set forward-unknown-vlan=no"

How I did it, MT Support again:
1. Login to CRS using serial port
2. Set /interface ethernet switch set forward-unknown-vlan=no
3. /export file=mikrotik_sw1
(4. Drag and drop the file to your pc so you can do a copy paste later)
5. /system reset-configuration no-defaults=yes skip-backup=yes
-reboot-
6. Login to CRS again using serial port
7. Restore configuration from export file.
8. /system reboot
9. From within crs successfully pinged 172.16.1.112 and 172.16.1.1 and http://www.google.com and some other devices, it also become green in the dude.

Observation!
Every time the CRS is rebooted, a autosupout file is generated, dont know why.
Beside from that all seems to work.

Trying to flip the no to a yes did not have any effect on our CRS, like the flag had no meaning, but in our lab setup the cisco 2960 only trunk the vlans specified in CRS, so that can be one reason.
No leakage has been observed either.

We will postpone to put them in production till the problem with autosupout file has been solved, well I can disable it manually, but it must come there for some reason also, so we wait.

Hope this helped some of you.
All times are UTC+02:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/