...
This page will show how to configure multiple switches to use bonding interfaces and port-based VLANs, it will also show a working example with a DHCP-Server, interVLAN inter-VLAN routing, management IP, and invalid VLAN filtering configuration.
| Note |
|---|
This article applies to CRS3xx, CRS5xx, CCR2116, and CCR2216 devices and not . It doesn't apply to CRS1xx/CRS2xx series. |
For this network topology, we will be using two CRS326-24G-2S+, one CRS317-1G-16S+, and one CCR1072-1G-8S+, but the same principles can be applied to any CRS3xx, CRS5xx series devices, and a router.
In this setup, SwitchA and SwitchC will tag all traffic from ports ether1-ether8 to VLAN ID 10, ether9-ether16 to VLAN ID 20, and ether17-ether24 to VLAN ID 30. Management will only be possible if a user is connecting with tagged traffic with VLAN ID 99 from ether1 on SwitchA or SwitchB, connecting to all devices will also be possible from the router using tagged traffic with VLAN ID 99. The SFP+ ports in this setup are going to be used as VLAN trunk ports while being in a bond to create a LAG interface.
...
To create a 40Gbps bonding interface between SwitchB and the Router and a 20Gbps bonding interfaces interface between SwitchA and SwitchC, use these commands on SwitchB:
...
| Info |
|---|
Interface bonding does not create an interface with a larger link speed. Interface bonding creates a virtual interface that can load balance traffic over multiple interfaces. More details can be found in on the LAG interfaces and load balancing page. |
...
It is very useful to create a management interface and assign an IP address to it in order to preserve access to the switch. This is also very useful when updating your switches since such traffic to the switch will be blocked when enabling invalid VLAN filtering.
...
| Code Block | ||
|---|---|---|
| ||
/interface vlan add interface=bond_1-2-3-4 name=MGMT vlan-id=99 |
For this guide, we are going to use these addresses for each device:
...
| Code Block | ||
|---|---|---|
| ||
/interface bridge port set [ find ] frame-types=admit-only-untagged-and-priority-tagged |
...
| Code Block | ||
|---|---|---|
| ||
/interface bridge port set [ find ] frame-types=admit-only-vlan-tagged |
An optional step is to set frame-types=admit-only-vlan-tagged on the bridge interface in order to disable the default untagged VLAN 1 (pvid=1). We are using the tagged VLAN on the bridge for management access, so there is no need to accept untagged traffic on the bridge. Use these commands on the SwitchA, SwitchB and SwitchC:
...
| Info |
|---|
These commands are required for DHCP-Server. In case interVLAN routing is not desired but a DHCP-Server on a single router is required, then use Firewall Filter to block access between different subnets. |
| Info |
|---|
Since RouterOS v7, it is possible to route traffic using the L3 HW offloading on certain devices. See more details on L3 Hardware Offloading. |
DHCP-Server
To get the DHCP-Server working for each VLAN ID, the server must be set up on the previously created VLAN interfaces (one server for each VLAN ID). Preferably each VLAN ID should have its own subnet and its own IP pool. A DNS Server could be specified as the router's IP address for a particular VLAN ID or a global DNS Server could be used, but this address must be reachable.
...
| Warning |
|---|
Make sure to secure your local DNS Server with Firewall from the outside when using |
...
In this case, if clients behind SwitchA and client behind SwitchC supports support jumbo frames, then enabling jumbo frames will be beneficial. Before enabling jumbo frames, determine the MAX-L2MTU by using this command:
...
When MAX-L2MTU is determined, choose the MTU size depending on the traffic on your network, use this command on SwitchA, SwitchB, and SwitchC:
| Code Block | ||
|---|---|---|
| ||
/interface ethernet set [ find ] l2mtu=10218 mtu=10218 |
...