Sign up with Google...kRiLLin...
Active Member
Hi,
Hoping that I can get get some sort of assistance if possible, Mikrotik forums haven't helped thus far, post is still waiting to be approved, seems a bit quiet there,
I currently have 2 Mikrotik switches:
1x CRS326-24G-2S+
1x CRS328-24P-4S+
I have ran through a multitude if docs and how tos/Youtube videos over the past month and have not had any joy. if someone is able to assist me, I would really appreciate it. I think its something really stupid that I'm missing, as I'm new to Mikrotik.
The situation:
I currently have a L3 switch, connected to a FW
All my Vlans reside on the L3 switch, with a default route to to the interface connected to Port 1 on the FW. The problem with this is that Inter Vlan routing happens without Policies, and all the Vlans can route to each other. The switch is also in the brink of death, hence the replacement and move to Mikrotik.
I have set up the Mikrotik switches in SwOS, as I only want them to do L2 switching, as all the Vlans will be moved to the FW, and traffic between them will be controlled via access lists.
This is a fairly simple setup, and I have done it tons of times with other equipment, mainly Cisco.
The FW will have a single interface with 4 Sub-interfaces for each Vlan, and Voice. The DHCP Server will reside in the Server Segment on Vlan on of the Vlans.
Most of the previous occasions, on Cisco, I would Create a trunk on the link connecting to the FW, and allow the specific Vlans to traverse the trunk. Create each Vlan on the switch, and then issue the command (switchport mode access vlan x) and then set the voice vlan with command (voice vlan x)
I believe the concept should be the same in the Mikrotik, but the way it gets done is slightly different, and I think its just a knowledge barrier
What I want to Achieve:
What I have done is the below:
Switch Trunks
Linked the two switches Via Ethernet for now(To bw changed to Fibre at a later stage).
Created all the Vlans on both switches.
For the Trunk between switches, on the VLANs tab, I made all the Vlans a member
I left the Default Vlan to 1 under the VLAN Tab.
For the Access Ports:
For ports that I only wanted to access a single Vlan, I changed the Vlan Mode to "Strict" and under the VLANs tab I specified which port is assigned to which Vlan.(I noticed that I have to change the Default Vlan to the Vlan that I want the port to be a part of for this to work?)
Port isolation and Learning is ticked.
How do I allow a Voice Vlan with a Data Vlan on these ports?
For the Trunk Port to the FW:
I left the Default Vlan ID as 1
Then under the VLANs tab, I ticked all the Vlans that I wanted to go across that port to the Firewall
On the Firewall I assigned a Vlan Tag to each Subinterface, and set the gateway.
I also created a DHCP Relay for DHCP.
What I noticed when Testing:
DHCP relay does not work, unless I change the Default Vlan ID on the Link going to the Firewall to the Vlan that needs DHCP. This would present a problem, as all the Vlans need DHCP.
I'm just trying to figure out where I went off track here.
Any Assistance would be Greatly appreciated.
I have attempted to use Youtube
I have attempted this article as well:
https://wiki.mikrotik.com/wiki/SWOS/CSS326-VLAN-Example
I have also read the user manuals, but seem to be missing something.
I also noticed that SwOS does not have a CLI to test connectivity via pings etc,
Hoping that I can get get some sort of assistance if possible, Mikrotik forums haven't helped thus far, post is still waiting to be approved, seems a bit quiet there,
I currently have 2 Mikrotik switches:
1x CRS326-24G-2S+
1x CRS328-24P-4S+
I have ran through a multitude if docs and how tos/Youtube videos over the past month and have not had any joy. if someone is able to assist me, I would really appreciate it. I think its something really stupid that I'm missing, as I'm new to Mikrotik.
The situation:
I currently have a L3 switch, connected to a FW
All my Vlans reside on the L3 switch, with a default route to to the interface connected to Port 1 on the FW. The problem with this is that Inter Vlan routing happens without Policies, and all the Vlans can route to each other. The switch is also in the brink of death, hence the replacement and move to Mikrotik.
I have set up the Mikrotik switches in SwOS, as I only want them to do L2 switching, as all the Vlans will be moved to the FW, and traffic between them will be controlled via access lists.
This is a fairly simple setup, and I have done it tons of times with other equipment, mainly Cisco.
The FW will have a single interface with 4 Sub-interfaces for each Vlan, and Voice. The DHCP Server will reside in the Server Segment on Vlan on of the Vlans.
Most of the previous occasions, on Cisco, I would Create a trunk on the link connecting to the FW, and allow the specific Vlans to traverse the trunk. Create each Vlan on the switch, and then issue the command (switchport mode access vlan x) and then set the voice vlan with command (voice vlan x)
I believe the concept should be the same in the Mikrotik, but the way it gets done is slightly different, and I think its just a knowledge barrier
What I want to Achieve:
What I have done is the below:
Switch Trunks
Linked the two switches Via Ethernet for now(To bw changed to Fibre at a later stage).
Created all the Vlans on both switches.
For the Trunk between switches, on the VLANs tab, I made all the Vlans a member
I left the Default Vlan to 1 under the VLAN Tab.
For the Access Ports:
For ports that I only wanted to access a single Vlan, I changed the Vlan Mode to "Strict" and under the VLANs tab I specified which port is assigned to which Vlan.(I noticed that I have to change the Default Vlan to the Vlan that I want the port to be a part of for this to work?)
Port isolation and Learning is ticked.
How do I allow a Voice Vlan with a Data Vlan on these ports?
For the Trunk Port to the FW:
I left the Default Vlan ID as 1
Then under the VLANs tab, I ticked all the Vlans that I wanted to go across that port to the Firewall
On the Firewall I assigned a Vlan Tag to each Subinterface, and set the gateway.
I also created a DHCP Relay for DHCP.
What I noticed when Testing:
DHCP relay does not work, unless I change the Default Vlan ID on the Link going to the Firewall to the Vlan that needs DHCP. This would present a problem, as all the Vlans need DHCP.
I'm just trying to figure out where I went off track here.
Any Assistance would be Greatly appreciated.
I have attempted to use Youtube
I have attempted this article as well:
https://wiki.mikrotik.com/wiki/SWOS/CSS326-VLAN-Example
I have also read the user manuals, but seem to be missing something.
I also noticed that SwOS does not have a CLI to test connectivity via pings etc,
