I have a CRS326-24G-2S+IN device booting to RouterOS and working as I want with the following simple configuration. I want to switch over to SwitchOS. I need some help making this same exact configuration in SwitchOS. Any help would be appreciated. Thank you.
# jan/02/1970 06:36:49 by RouterOS 6.48.6
# model = CRS326-24G-2S+
/interface bridge
add name=bridge vlan-filtering=yes
/interface bridge port
add bridge=bridge interface=ether1
add bridge=bridge interface=ether2 pvid=20
add bridge=bridge interface=ether3 pvid=20
add bridge=bridge interface=ether4 pvid=30
add bridge=bridge interface=ether5 pvid=40
add bridge=bridge interface=ether6 pvid=50
/interface bridge vlan
add bridge=bridge tagged=ether1 untagged=ether2,ether3 vlan-ids=20
add bridge=bridge tagged=ether1 untagged=ether4 vlan-ids=30
add bridge=bridge tagged=ether1 untagged=ether5 vlan-ids=40
add bridge=bridge tagged=ether1 untagged=ether6 vlan-ids=50
/system identity
set name=CRS326-SW
/system routerboard settings
set boot-os=router-os
/system swos
set allow-from-ports="p1,p2,p3,p4,p5,p6,p7,p8,p9,p10,p11,p12,p13,p14,p15,p16,p\
17,p18,p19,p20,p21,p22,p23,p24,p25,p26" identity=RouterOS
Re: Need help to convert RouterOS to SwitchOS
Out of curiosity...why would you like to switch to SwOS?
What problem are you running into?
Have you seen this help page:
https://help.mikrotik.com/docs/pages/vi ... ionExample
What problem are you running into?
Have you seen this help page:
https://help.mikrotik.com/docs/pages/vi ... ionExample
Re: Need help to convert RouterOS to SwitchOS
Easiest way to do this is include two screen captures of one of my CSS326 switches. BTW, in my collection of Mikrotik devices I have a CRS326 that I have running in SwitchOS.
Most of everything you will do will be on the VLAN and VLANs tabs. First is the VLAN tab. I will point out a few lines. Port 1 "Garage CU trunk" is a trunk to another CSS326 in my garage. I use "Strict" for VLAN mode on trunks and "only tagged" for VLAN Receive. Since VLAN is only tagged, the Default VLAN ID is a bogus number. I use 970 + port number so port 1 is 971. Port 2 is an untagged connection to my laser printer. VLAN mode is set to "disabled" and VLAN receive is set to "only untagged". In this case, the default VLAN ID needs to be set to whatever VLAN will be used for that port - 101 in this case which is one of my two primary house LANs. The last one I will point out is 4th from the bottom - "Open Mesh #2". This is a WiFi access point that uses a different VLAN for each SSID, and untagged traffic for management. Often called a hybrid port. So VLAN receive is set to "any", and the default VLAN ID is whatever VLAN is desired to be used for the management. In this case it is VLAN 201 which is my other primary house LAN.
Now, on to the VLANs tab. Here you will list every VLAN in use on the switch (note the previously mentioned "bogus" VLANs are not listed). For each VLAN, you check the boxes on the right for each VLAN that will appear on each port. Note that as you rest the mouse pointer over any checkbox, the name of that port (defined on the "Link" tab) will be shown, so you don't need to try to count ports. You can see that the first port (the trunk to the garage) is connected to almost every VLAN that I have. Most of the rest of the ports only have one VLAN connected. For the keen readers, there are at least two errors on this configuration...
Did that help?
Most of everything you will do will be on the VLAN and VLANs tabs. First is the VLAN tab. I will point out a few lines. Port 1 "Garage CU trunk" is a trunk to another CSS326 in my garage. I use "Strict" for VLAN mode on trunks and "only tagged" for VLAN Receive. Since VLAN is only tagged, the Default VLAN ID is a bogus number. I use 970 + port number so port 1 is 971. Port 2 is an untagged connection to my laser printer. VLAN mode is set to "disabled" and VLAN receive is set to "only untagged". In this case, the default VLAN ID needs to be set to whatever VLAN will be used for that port - 101 in this case which is one of my two primary house LANs. The last one I will point out is 4th from the bottom - "Open Mesh #2". This is a WiFi access point that uses a different VLAN for each SSID, and untagged traffic for management. Often called a hybrid port. So VLAN receive is set to "any", and the default VLAN ID is whatever VLAN is desired to be used for the management. In this case it is VLAN 201 which is my other primary house LAN.
Now, on to the VLANs tab. Here you will list every VLAN in use on the switch (note the previously mentioned "bogus" VLANs are not listed). For each VLAN, you check the boxes on the right for each VLAN that will appear on each port. Note that as you rest the mouse pointer over any checkbox, the name of that port (defined on the "Link" tab) will be shown, so you don't need to try to count ports. You can see that the first port (the trunk to the garage) is connected to almost every VLAN that I have. Most of the rest of the ports only have one VLAN connected. For the keen readers, there are at least two errors on this configuration...
Did that help?
Re: Need help to convert RouterOS to SwitchOS
BTW, newer version of SwitchOS allow you to name the VLANs on the VLANs tab so it is easier to remember what is what. Also, the checkboxes are colored so they are easier to see. My screen captures were from several years ago and an earlier version of SwitchOS.
Re: Need help to convert RouterOS to SwitchOS
I like RouterOS and Winbox for the routers but for the switches it feels heavy and confusing. Particularly becuase there are things that don't apply to switches but they still show up and are not grayed-out. Thank you for the link to these tutorial examples. They were very helpful.Out of curiosity...why would you like to switch to SwOS?
What problem are you running into?
Have you seen this help page:
https://help.mikrotik.com/docs/pages/vi ... ionExample
Re: Need help to convert RouterOS to SwitchOS
Thanks for posting your conifgs. Between these and the examples that erlinden sent I was able to setup my switch with SwitchOS and have it working the same way as in RouterOS.BTW, newer version of SwitchOS allow you to name the VLANs on the VLANs tab so it is easier to remember what is what. Also, the checkboxes are colored so they are easier to see. My screen captures were from several years ago and an earlier version of SwitchOS.
Re: Need help to convert RouterOS to SwitchOS
Do you mean in RouterOS or SwitchOS? If the latter, please give examples. If the former, I largely agree. Has a lot to do with why I am using routers exclusively as routers and switches as switches. I know some people don't like SwitchOS, but I do - despite a couple limitations.Particularly becuase there are things that don't apply to switches but they still show up and are not grayed-out.
Re: Need help to convert RouterOS to SwitchOS
I was talking about RouterOS so we are in agreement. I like SwitchOS for switches and RouterOS for routers.Do you mean in RouterOS or SwitchOS? If the latter, please give examples. If the former, I largely agree.
Re: Need help to convert RouterOS to SwitchOS
OK ;)
Last edited by rextended on Wed Aug 16, 2023 6:09 pm, edited 2 times in total.
Re: Need help to convert RouterOS to SwitchOS
The screen captures above are from the Family room switch. Port 1 is the trunk between the Family room switch and the Garage switch. You can see in the VLANs tab that essentially every VLAN is included on that trunk. That allows everything to be able to flow between the two switches.
As far as keeping VLANs from communicating with each other, that's all in my RB4011 router (connected to several ports on the Garage switch). For all practical purposes, none of the VLANs can communicate with each other. There are a few specific exceptions that are allowed in firewall rules, and then at the end of the forward chain in the router is a drop everything rule. For example, the first two are the pretty standard allow DST NATed and Established and Related traffic through the router, and the last this rule allows all LANs access to my NTP server:
This of course is just a subset of what is actually there. Then at the end of the forward chain is a drop everything rule.
As far as keeping VLANs from communicating with each other, that's all in my RB4011 router (connected to several ports on the Garage switch). For all practical purposes, none of the VLANs can communicate with each other. There are a few specific exceptions that are allowed in firewall rules, and then at the end of the forward chain in the router is a drop everything rule. For example, the first two are the pretty standard allow DST NATed and Established and Related traffic through the router, and the last this rule allows all LANs access to my NTP server:
Code: Select all
add action=accept chain=forward comment="Accept all that is DST NATed" \
connection-nat-state=dstnat connection-state=new
add action=accept chain=forward comment=\
"Allow Established, Related, & Untracked connections through router" \
connection-state=established,related,untracked
add action=accept chain=forward comment=\
"Allow all LANs access to NTP server UDP port 123." dst-address=\
192.168.123.123 dst-port=123 in-interface-list=LAN protocol=udp
This of course is just a subset of what is actually there. Then at the end of the forward chain is a drop everything rule.
Code: Select all
add action=drop chain=forward comment=\
"Drop any forward packets that get this far."
Who is online
Users browsing this forum: No registered users and 5 guests