Sorry, I seem to have realised that the 'default' vlan 1 is not the same as 'untagged'. but these switches have the most ridiculously convoluted interfaces of any piece of networking gear I've ever touched. I don't want to be the guy to blame the equipment when other people are able to do it. I'm sure I'll get it figured out eventually, but for the time I've wasted on this needlessly complicated task, I would have been better off just buying a different switch with a reasonable configuration method.
#Mikrotik routeros vlan plus
so for some reason, these switches are taking ALL packets (untagged, plus VLANs 64, 66, and 68), funnelling them into my VLAN 1, and then all sending them all out as untagged traffic (but also sending them out properly in their respective VLANs). This only happens when plugging into a port on these MikroTik switches, and NOT when plugging into my main switch that supplies these two switches.
For some reason, my computer, when plugged into a port without specifying a VLAN tag, is receiving the IPv6 Router Announcements from ALL of the VLANs, and is autoconfiguring addresses from all four networks (untagged, VLAN 64, VLAN 66, and VLAN 68). This isn't what I wanted, so I added an equivalent egress-vlan-translation (taking VLAN ID 1 and changing them to ID '0' when leaving the switch), and at first, everything seemed to work perfectly - I got access to my network without VLAN packets. It seems that the /interface ethernet switch ingress-vlan-translation command you gave (translating VLAN ID 0 to ID 1) was taking untagged packets and tagging them with VLAN 1, but that they would leave the switch again with the VLAN 1 tag still on them instead of being untagged. The tagged VLANs (64, 66, 68) are working as expected, but when I plugged a computer directly into one of the ports expecting it to have access to the untagged network, the computer did not get network access. interface ethernet switch egress-vlan-tagĪdd tagged-ports=ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,sfp10,sfp9,sfp12,sfp11 vlan-id=1Īdd tagged-ports=switch1-cpu,ether8,sfp9,sfp10,sfp11,sfp12 vlan-id=64Īdd tagged-ports=ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,sfp10,sfp9,sfp12,sfp11 vlan-id=66Īdd tagged-ports=ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,sfp10,sfp9,sfp12,sfp11 vlan-id=68 Set drop-if-invalid-or-src-port-not-member-of-vlan-on-ports=ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,sfp9,sfp10,sfp11,sfp12
interface bridgeĪdd admin-mac=12:34:56:65:43:21 auto-mac=no name=bridge priority=0x9000Īdd interface=bridge name=MGMT vlan-id=64 You can leave the default route to limit access or add a firewall rule on your router to restrict access. The crs1xx are totally different than a crs3xx config. Here is a config that matches what you specified. I hope I'm just missing something stupidly obvious! but RouterOS has possibly the most confusing UI and command line that I've ever used.Īny assistance or pointers (apart from MikroTik's wiki, which I've now spent hours on.) would be really, really appreciated.
#Mikrotik routeros vlan how to
I have now spent about four hours trying out the MikroTik Wiki's VLAN examples, looking at posts online, trying to set this up using the GUI (VLANs showing up in "Interfaces", "Bridge", AND "Switch" is really confusing me), and repeatedly starting over, and I'm just about at wit's end.Ĭan anyone provide a little guidance on how to set this up? I've done this sort of thing without an issue on ZyXEL, Cisco, D-Link, and SwOS.
I've had pretty good results with MikroTik switches running SwOS, but recently made the mistake of getting a switch (CRS112-8P-4S-IN) without realising it only comes with RouterOS.