Made this post on forum.mikrotik.com and it’s awaiting approval from moderation, figured I’d try here…
Hey everyone!
Been running into an issue the last few weeks with trying to setup a VLAN on my home network.
Hardware/OS/IP:
Router (R) = GL.iNet GL-MT6000 (Flint 2), OpenWrt 25.12.1, 10.1.10.1
Office switch (O) = CRS310-8G+2S+, MikroTik SwOS 2.18, 10.1.10.2
Living room switch (LR) = CSS610-8G-2S+, MikroTik SwOS Lite 2.21, 10.1.10.3
Followed a few different guides on the OpenWrt side of the house, primarily this one
During my multiple attempts I have wiped all devices and started fresh a few times and I always end up in the same situation…
VLAN appears to be working on the LR switch (CSS610)
VLANs tab
Port 1 is my trunk and a member of all 4 of my VLANs
10 = LAN (Used for network devices and maintenance)
20 = IoT
30 = Guest (not configured on the switch, only for WIFI)
40 = Main (Primary VLAN for my network)
50 = Servers
Ports 2-5 are members of VLAN 40
Port 6 is a member of VLAN 10
VLAN tab
Port 1 = Strict, Only tagged, Default ID 1
Port 2 -5 = Strict, Only untagged, Default ID 40
Port 6 = Strict, Only untagged, Default ID 10
This seems to work great, devices will get 10.1.40.x IP addresses and I can connect to port 6 and get 10.1.10.x IP address. Confirmed that my firewall rules also seems to work (although I’ll probably want to run this past OpenWrt forum as well).
But when I go to look at the O switch (CRS310), I’ll mirror this configuration, I’ll get DHCP and DNS, but I can’t reach the WAN or ping any other devices apart from the network equipment. Most recently I tried just VLAN 10 because I figured it would be using the LAN firewall rules and work correctly, but I get the same issue… correct IP address but no traffic.
Note: These screenshots are from last attempt to get something to work, when I mirror the CSS610 setup, I get the same results.
I had to follow these steps to get the SwOS boot to work on the CRS310
Curious if either…
- Have I configured the CRS310 incorrectly and something needs to be different vs the CSS610 which seems to work?
- Is there is a known VLAN related bug with the CRS310 & SwOS?
Any advice and guidance would be appreciated, feel like I am going in circles at this point.
Happy to share any outputs or screenshots from my OpenWrt router if it’ll help, but the issues do seem to be related directly to this CRS310 switch.
You must log in or # to comment.
I have these 2 Mikrotik switches, but in a different configuration.
It would be good to know what your router is doing. Is it tagging ports? What is between the router and the switches? What are the configs of the ports on the router?
A detailed network diagram might also be helpful.
Hey HybridSarcasm
Pulled this together this afternoon, let me know if it’s missing any key details.
root@OpenWrt:~# ubus call system board { "kernel": "6.12.74", "hostname": "OpenWrt", "system": "ARMv8 Processor rev 4", "model": "GL.iNet GL-MT6000", "board_name": "glinet,gl-mt6000", "rootfs_type": "squashfs", "release": { "distribution": "OpenWrt", "version": "25.12.1", "firmware_url": "https://downloads.openwrt.org/", "revision": "r32768-b21cfa8f8c", "target": "mediatek/filogic", "description": "OpenWrt 25.12.1 r32768-b21cfa8f8c", "builddate": "1773711117" } } root@OpenWrt:~# cat /etc/config/network config interface 'loopback' option device 'lo' option proto 'static' list ipaddr '127.0.0.1/8' config globals 'globals' option dhcp_default_duid 'REDACT' option ula_prefix 'REDACT' option packet_steering '1' config device option name 'br-lan' option type 'bridge' list ports 'lan1' list ports 'lan2' list ports 'lan5' config interface 'lan' option device 'br-lan.10' option proto 'static' option ip6assign '60' option multipath 'off' list ipaddr '10.1.10.1/24' config interface 'wan' option device 'eth1' option proto 'dhcp' config interface 'wan6' option device 'eth1' option proto 'dhcpv6' config bridge-vlan option device 'br-lan' option vlan '10' list ports 'lan1:t' list ports 'lan2:t' list ports 'lan5:u*' config bridge-vlan option device 'br-lan' option vlan '20' list ports 'lan1:t' list ports 'lan2:t' config bridge-vlan option device 'br-lan' option vlan '30' list ports 'lan1:t' list ports 'lan2:t' config bridge-vlan option device 'br-lan' option vlan '40' list ports 'lan1:t' list ports 'lan2:t' config bridge-vlan option device 'br-lan' option vlan '50' list ports 'lan1:t' list ports 'lan2:t' config interface 'IoT' option proto 'static' option device 'br-lan.20' option ipaddr '10.1.20.1' option netmask '255.255.255.0' option multipath 'off' config interface 'Guest' option proto 'static' option device 'br-lan.30' option ipaddr '10.1.30.1' option netmask '255.255.255.0' option multipath 'off' option type 'bridge' config interface 'Main' option proto 'static' option device 'br-lan.40' option ipaddr '10.1.40.1' option netmask '255.255.255.0' option multipath 'off' config interface 'Servers' option proto 'static' option device 'br-lan.50' option ipaddr '10.1.50.1' option netmask '255.255.255.0' option multipath 'off'- Yep, the Flint 2 is tagging ports 2 & 3 with all VLAN IDs (trunk?)
- Nothing between the router and switches
- Shared the
/etc/config/network
How do you have your switches configured?
Thanks for this info. I was wrong, I have a CRS320, not CRS310. And, here’s an Imgur album of how things are laid out: https://imgur.com/a/DT3htLJ
Now that I understand the topology better, I have questions about how the VLANs are assigned. Are you using a RADIUS server?
Also, I’m a little confused about the VLAN participation in both switches. I would expect an end client device (like those in your diagram) to connect to an untagged VLAN ports. But, your VLAN assignment screenshots only show your client VLANs on the trunk port.
For example, here’s how I’m doing untagged VLANs on my CRS320:
So, the fact that you can only reach VLAN10 targets from the CSS610 clients makes me think it’s related to VLAN assignment. Yes, it’s different than what’s being observed on your CRS310 clients, but one step at a time.
