Since I’ve been working with Xarix Cloud Computing and knowing what gear they use for core networking, I’ve decided to procure similar gear that they use to setup a home lab.
The Mikrotik CRS125 series switch is what I’ve settled on. The specific model I got features 24 Gigabit Ethernet Ports, a single SFP port and a Console port. Internals wise, this switch uses the AR9344 SoC for the switch’s main CPU functions and the QCA8513 26 port switch ASIC. Pretty much standard for a managed switch nowadays. All their CRS series switches run off on RouterOS 6.x with switching functionality added on top of the OS.
However, configuring a basic VLAN using RouterOS isn’t as easy as it seems to be. The way how VLANs are configured does not conform to industry standard methods (i.e. Trunk and Access ports). In Mikrotik’s RouterOS world, trunk ports relate to something similar to LACP or IEEE 802.3ad compatible implementations and access ports aren’t even defined.
To configure a basic trunk/access port setup, you’ll need to keep the following things in mind:
- Have all ports be the slave of Port 1 (For the CRS125 series switch, this should be ether1-gateway-local)
- VLAN and ports related to the VLAN must be defined first in order for Trunk Ports to function. This roughly equates to Trunk ports for other Ethernet switch vendors.
- Ingress/Egress VLAN Translation Tables must also be defined in order for Access Ports to function. This roughly equates to Access ports for other Ethernet switch vendors.
For the following examples, I will be configuring the switch as follows:
- Ports 1 through 4 are trunk ports. The SFP port will also be included as a trunk port for the following configuration
- Ports 5 through 8 are access ports for VLAN 50
- Ports 9 through 24 are access ports for VLAN 100
Before we begin, we first rename all our ports and set all the ports to be the slave of ether1:
/interface ethernet
set [ find default-name=ether1 ] master-port=none name=ether1
set [ find default-name=ether2 ] master-port=ether1 name=ether2
set [ find default-name=ether3 ] master-port=ether1 name=ether3
set [ find default-name=ether4 ] master-port=ether1 name=ether4
set [ find default-name=ether5 ] master-port=ether1 name=ether5
set [ find default-name=ether6 ] master-port=ether1 name=ether6
set [ find default-name=ether7 ] master-port=ether1 name=ether7
set [ find default-name=ether8 ] master-port=ether1 name=ether8
set [ find default-name=ether9 ] master-port=ether1 name=ether9
set [ find default-name=ether10 ] master-port=ether1 name=ether10
set [ find default-name=ether11 ] master-port=ether1 name=ether11
set [ find default-name=ether12 ] master-port=ether1 name=ether12
set [ find default-name=ether13 ] master-port=ether1 name=ether13
set [ find default-name=ether14 ] master-port=ether1 name=ether14
set [ find default-name=ether15 ] master-port=ether1 name=ether15
set [ find default-name=ether16 ] master-port=ether1 name=ether16
set [ find default-name=ether17 ] master-port=ether1 name=ether17
set [ find default-name=ether18 ] master-port=ether1 name=ether18
set [ find default-name=ether19 ] master-port=ether1 name=ether19
set [ find default-name=ether20 ] master-port=ether1 name=ether20
set [ find default-name=ether21 ] master-port=ether1 name=ether21
set [ find default-name=ether22 ] master-port=ether1 name=ether22
set [ find default-name=ether23 ] master-port=ether1 name=ether23
set [ find default-name=ether24 ] master-port=ether1 name=ether24
set [ find default-name=sfp1 ] master-port=ether1 name=sfp1
Then to define the VLANs within the switch, we issue the following commands
/interface ethernet switch vlan
add ports="ether1,ether2,ether3,ether4,sfp1,ether5,ether6,ether7,ether8" vlan-id=50
add ports="ether1,ether2,ether3,ether4,sfp1,ether9,ether10,ether11,ether12,ether13,ether14,\
ether15,ether16,ether17,ether18,ether19,ether20,ether21,ether22,ether23,ether24" vlan-id=100
After the VLAN’s have been defined, let’s use the Ingress/Egress translation feature to add/strip the VLAN tags for our clients that are connected on ports 5 through 24:
/interface ethernet switch ingress-vlan-translation
add new-customer-vid=50 ports=\
ether5,ether6,ether7,ether8
add new-customer-vid=100 ports=\
ether9,ether10,ether11,ether12,ether13,ether14,\
ether15,ether16,ether17,ether18,ether19,ether20,\
ether21,ether22,ether23,ether24
/interface ethernet switch egress-vlan-translation
add customer-vid=50 new-customer-vid=0 ports=\
ether5,ether6,ether7,ether8
add customer-vid=100 new-customer-vid=0 ports=\
ether9,ether10,ether11,ether12,ether13,ether14,\
ether15,ether16,ether17,ether18,ether19,ether20,\
ether21,ether22,ether23,ether24
After that, you should have ports 1 through 4 as your trunk ports, ports 5 through 8 as access ports for VLAN 50 and finally, ports 9 through 24 as access ports for VLAN 100.
Hopefully people should find this basic example of configuring a CRS switch for simple trunk and access ports useful as I had trouble myself trying to wrap my head around with the way how RouterOS exposes the configuration options for the built-in hardware switch that the platform offers. Thankfully, I had some guidance from the folks over at Xarix Cloud Computing on how the switch is to be configured, otherwise I myself would have gone crazy on trying to configure this switch.