I'm attempting to configure the CRS354-48P-4S+2Q+RM to be used as a router and switch. Its gateway of last resort goes to the firewall which decides on further routing. I am using the CRS328-24P-4S+RM as an IDF and all routing decisions go to the CRS354. I'm using the following features: VLANs, 802.1x, ospf, and snmp.
The only way I could find to create my VLANs and assign them IP addresses for routing was to use the VLAN function in interfaces (which uses the CPU, not the switch chip). The CPU is not powerful enough for all the networking traffic and quickly bottlenecks the bandwidth.
I have come to understand from my research that there are 3 ways to configure VLANs in MikroTik:
1. Using the Interfaces tab (CPU)
2. Using the Bridge tab (switch chip or CPU)
3. Using the Switch tab (I don't see the VLAN tab, maybe deprecated?)
My issue is this: I don't know how to do inter-vlan routing when using the bridge tab alone. I would like to assign an IP address to each of my VLANs to be used as the default gateway, but the only items I can assign IP addresses to reside in the Interfaces tab. Is it possible to assign an IP to a VLAN configured in the bridge tab? I have done so much research and watched multiple long videos by MikroTik presenters (of note: https://www.youtube.com/watch?v=JRbAqie1_AM and https://www.youtube.com/watch?v=7x5WjkhlEZg), but I still don't understand... Is the switch chip not able to be used to accelerate routing? Edit: I just found the option for L3 Hardware Offloading, but when I enabled it on the CRS354 it broke everyone's connection on both switches. I will continue to research this while I await replies.
Apologies if this is in the wrong forum; I am still new to MikroTik so I thought it would make sense to post here.
Here's my topology:
![Image]()
Config for the CRS354-48P-4S+2Q+RM:Config for CRS328-24P-4S+RM:
The only way I could find to create my VLANs and assign them IP addresses for routing was to use the VLAN function in interfaces (which uses the CPU, not the switch chip). The CPU is not powerful enough for all the networking traffic and quickly bottlenecks the bandwidth.
I have come to understand from my research that there are 3 ways to configure VLANs in MikroTik:
1. Using the Interfaces tab (CPU)
2. Using the Bridge tab (switch chip or CPU)
3. Using the Switch tab (I don't see the VLAN tab, maybe deprecated?)
My issue is this: I don't know how to do inter-vlan routing when using the bridge tab alone. I would like to assign an IP address to each of my VLANs to be used as the default gateway, but the only items I can assign IP addresses to reside in the Interfaces tab. Is it possible to assign an IP to a VLAN configured in the bridge tab? I have done so much research and watched multiple long videos by MikroTik presenters (of note: https://www.youtube.com/watch?v=JRbAqie1_AM and https://www.youtube.com/watch?v=7x5WjkhlEZg), but I still don't understand... Is the switch chip not able to be used to accelerate routing? Edit: I just found the option for L3 Hardware Offloading, but when I enabled it on the CRS354 it broke everyone's connection on both switches. I will continue to research this while I await replies.
Apologies if this is in the wrong forum; I am still new to MikroTik so I thought it would make sense to post here.
Here's my topology:
Config for the CRS354-48P-4S+2Q+RM:
Code:
[admin@MikroTik-MDF] > export# 2024-01-26 10:16:26 by RouterOS 7.13.3# software id = 6NPF-TKTK## model = CRS354-48P-4S+2Q+# serial number = [REDACTED]/interface bridgeadd name=FIREWALLadd name=bridge vlan-filtering=yes/interface vlanadd interface=bridge name=VLAN110 vlan-id=110add interface=bridge name=VLAN108 vlan-id=108add interface=bridge name=VLAN107 vlan-id=107add interface=bridge name=VLAN120 vlan-id=120add interface=bridge name=VLAN150 vlan-id=150add interface=bridge name=VLAN200 vlan-id=200add interface=bridge name=VLAN102 vlan-id=102add interface=bridge name=VLAN103 vlan-id=103add interface=bridge name=VLAN106 vlan-id=106add interface=bridge name=VLAN109 vlan-id=109add interface=bridge name=VLAN101 vlan-id=101add interface=bridge name=VLAN111 vlan-id=111add interface=bridge name=VLAN112 vlan-id=112add interface=bridge name=VLAN113 vlan-id=113add interface=bridge name=VLAN114 vlan-id=114add interface=bridge name=VLAN115 vlan-id=115add interface=bridge name=VLAN116 vlan-id=116add interface=bridge name=VLAN117 vlan-id=117add interface=bridge name=VLAN118 vlan-id=118add interface=bridge name=VLAN119 vlan-id=119add interface=bridge name=VLAN135 vlan-id=135add interface=bridge name=VLAN105 vlan-id=105add interface=bridge name=VLAN104 vlan-id=104/interface listadd name="802.1x Port"/ip hotspot profileset [ find default=yes ] html-directory=hotspot/ip pooladd name=106 ranges=10.9.6.2-10.9.6.254add name=102 ranges=10.9.2.2-10.9.2.254add name=103 ranges=10.9.3.2-10.9.3.254add name=104 ranges=10.9.4.2-10.9.4.254add name=105 ranges=10.9.5.2-10.9.5.254add name=107 ranges=10.9.7.2-10.9.7.254add name=108 ranges=10.9.8.2-10.9.8.254add name=109 ranges=10.9.9.2-10.9.9.254add name=110 ranges=10.9.10.2-10.9.10.254add name=111 ranges=10.9.11.2-10.9.11.254add name=112 ranges=10.9.12.2-10.9.12.254add name=113 ranges=10.9.13.2-10.9.13.254add name=114 ranges=10.9.14.2-10.9.14.254add name=115 ranges=10.9.15.2-10.9.15.254add name=116 ranges=10.9.16.2-10.9.16.254add name=117 ranges=10.9.17.2-10.9.17.254add name=118 ranges=10.9.18.2-10.9.18.254add name=119 ranges=10.9.19.2-10.9.19.254add name=120 ranges=10.9.20.2-10.9.20.254add name=135 ranges=10.9.35.2-10.9.35.254add name=150 ranges=10.9.50.2-10.9.50.254/ip dhcp-serveradd address-pool=106 interface=VLAN106 name=106add address-pool=102 interface=VLAN102 name=102add address-pool=103 interface=VLAN103 name=103add address-pool=104 interface=VLAN104 name=104add address-pool=105 interface=VLAN105 name=105add address-pool=107 interface=VLAN107 name=107add address-pool=108 interface=VLAN108 name=108add address-pool=110 interface=VLAN110 name=110add address-pool=111 interface=VLAN111 name=111add address-pool=112 interface=VLAN112 name=112add address-pool=113 interface=VLAN113 name=113add address-pool=114 interface=VLAN114 name=114add address-pool=115 interface=VLAN115 name=115add address-pool=116 interface=VLAN116 name=116add address-pool=117 interface=VLAN117 name=117add address-pool=118 interface=VLAN118 name=118add address-pool=119 interface=VLAN119 name=119add address-pool=120 interface=VLAN120 name=120add address-pool=135 interface=VLAN135 name=135add address-pool=150 interface=VLAN150 name=150add address-pool=109 interface=VLAN109 name=109/portset 0 name=serial0/routing ospf instanceadd disabled=no name=ospf-instance-1/routing ospf areaadd disabled=no instance=ospf-instance-1 name=backbone/snmp communityset [ find default=yes ] disabled=yesadd addresses=::/0 name=[REDACTED]/interface bridge portadd bridge=FIREWALL interface=sfp-sfpplus1 pvid=2add bridge=bridge interface=ether1add bridge=bridge interface=ether2add bridge=bridge interface=ether3add bridge=bridge interface=ether4add bridge=bridge interface=ether5add bridge=bridge interface=ether6add bridge=bridge interface=ether7add bridge=bridge interface=ether8add bridge=bridge interface=ether9add bridge=bridge interface=ether10add bridge=bridge interface=ether11add bridge=bridge interface=ether12add bridge=bridge interface=ether13add bridge=bridge interface=ether14add bridge=bridge interface=ether15add bridge=bridge interface=ether16add bridge=bridge interface=ether17add bridge=bridge interface=ether18add bridge=bridge interface=ether19add bridge=bridge interface=ether20add bridge=bridge interface=ether21add bridge=bridge interface=ether22add bridge=bridge interface=ether23add bridge=bridge interface=ether24add bridge=bridge interface=sfp-sfpplus2 pvid=200add bridge=bridge interface=ether25add bridge=bridge interface=ether26add bridge=bridge interface=ether27add bridge=bridge interface=ether28add bridge=bridge interface=ether29add bridge=bridge interface=ether30add bridge=bridge interface=ether31add bridge=bridge interface=ether32add bridge=bridge interface=ether33add bridge=bridge interface=ether34add bridge=bridge interface=ether35add bridge=bridge interface=ether36add bridge=bridge interface=ether37add bridge=bridge interface=ether38add bridge=bridge interface=ether39add bridge=bridge interface=ether40add bridge=bridge interface=ether41add bridge=bridge interface=ether42add bridge=bridge interface=ether43add bridge=bridge interface=ether44add bridge=bridge interface=ether45add bridge=bridge interface=ether46add bridge=bridge interface=ether47add bridge=bridge interface=ether48/interface bridge port-controllerset bridge=bridge/ip neighbor discovery-settingsset lldp-med-net-policy-vlan=105/interface bridge vlanadd bridge=bridge tagged=bridge,sfp-sfpplus2 vlan-ids=106add bridge=bridge tagged=bridge untagged=sfp-sfpplus2 vlan-ids=200add bridge=bridge tagged=bridge,sfp-sfpplus2 vlan-ids=101add bridge=bridge tagged=bridge,sfp-sfpplus2 vlan-ids=102add bridge=bridge tagged=bridge,sfp-sfpplus2 vlan-ids=103add bridge=bridge tagged=bridge,sfp-sfpplus2 vlan-ids=104add bridge=bridge tagged=bridge,sfp-sfpplus2 vlan-ids=105add bridge=bridge tagged=bridge,sfp-sfpplus2 vlan-ids=107add bridge=bridge tagged=bridge,sfp-sfpplus2 vlan-ids=108add bridge=bridge tagged=bridge,sfp-sfpplus2 vlan-ids=109add bridge=bridge tagged=bridge,sfp-sfpplus2 vlan-ids=110add bridge=bridge tagged=bridge,sfp-sfpplus2 vlan-ids=111add bridge=bridge tagged=bridge,sfp-sfpplus2 vlan-ids=112add bridge=bridge tagged=bridge,sfp-sfpplus2 vlan-ids=113add bridge=bridge tagged=bridge,sfp-sfpplus2 vlan-ids=114add bridge=bridge tagged=bridge,sfp-sfpplus2 vlan-ids=115add bridge=bridge tagged=bridge,sfp-sfpplus2 vlan-ids=116add bridge=bridge tagged=bridge,sfp-sfpplus2 vlan-ids=117add bridge=bridge tagged=bridge,sfp-sfpplus2 vlan-ids=118add bridge=bridge tagged=bridge,sfp-sfpplus2 vlan-ids=119add bridge=bridge tagged=bridge,sfp-sfpplus2 vlan-ids=120add bridge=bridge tagged=bridge,sfp-sfpplus2 vlan-ids=135add bridge=bridge tagged=bridge,sfp-sfpplus2 vlan-ids=150/interface dot1x serveradd auth-types=dot1x,mac-auth interface="802.1x Port" mac-auth-mode=mac-as-username-and-password/interface list memberadd interface=ether2 list="802.1x Port"add interface=ether3 list="802.1x Port"add interface=ether4 list="802.1x Port"add interface=ether5 list="802.1x Port"add interface=ether6 list="802.1x Port"add interface=ether7 list="802.1x Port"add interface=ether8 list="802.1x Port"add interface=ether9 list="802.1x Port"add interface=ether10 list="802.1x Port"add interface=ether11 list="802.1x Port"add interface=ether12 list="802.1x Port"add interface=ether13 list="802.1x Port"add interface=ether14 list="802.1x Port"add interface=ether15 list="802.1x Port"add interface=ether16 list="802.1x Port"add interface=ether17 list="802.1x Port"add interface=ether18 list="802.1x Port"add interface=ether19 list="802.1x Port"add interface=ether20 list="802.1x Port"add interface=ether21 list="802.1x Port"add interface=ether22 list="802.1x Port"add interface=ether23 list="802.1x Port"add interface=ether24 list="802.1x Port"add interface=ether1 list="802.1x Port"add interface=ether25 list="802.1x Port"add interface=ether26 list="802.1x Port"add interface=ether27 list="802.1x Port"add interface=ether28 list="802.1x Port"add interface=ether29 list="802.1x Port"add interface=ether30 list="802.1x Port"add interface=ether31 list="802.1x Port"add interface=ether32 list="802.1x Port"add interface=ether33 list="802.1x Port"add interface=ether34 list="802.1x Port"add interface=ether35 list="802.1x Port"add interface=ether36 list="802.1x Port"add interface=ether37 list="802.1x Port"add interface=ether38 list="802.1x Port"add interface=ether39 list="802.1x Port"add interface=ether40 list="802.1x Port"add interface=ether41 list="802.1x Port"add interface=ether42 list="802.1x Port"add interface=ether43 list="802.1x Port"add interface=ether44 list="802.1x Port"add interface=ether45 list="802.1x Port"add interface=ether46 list="802.1x Port"add interface=ether47 list="802.1x Port"add interface=ether48 list="802.1x Port"/ip addressadd address=[REDACTED] interface=FIREWALL network=[REDACTED]add address=10.9.6.1/24 interface=VLAN106 network=10.9.6.0add address=10.9.0.1/24 interface=VLAN200 network=10.9.0.0add address=10.9.1.1/24 interface=VLAN101 network=10.9.1.0add address=10.9.2.1/24 interface=VLAN102 network=10.9.2.0add address=10.9.3.1/24 interface=VLAN103 network=10.9.3.0add address=10.9.4.1/24 interface=VLAN104 network=10.9.4.0add address=10.9.5.1/24 interface=VLAN105 network=10.9.5.0add address=10.9.7.1/24 interface=VLAN107 network=10.9.7.0add address=10.9.8.1/24 interface=VLAN108 network=10.9.8.0add address=10.9.9.1/24 interface=VLAN109 network=10.9.9.0add address=10.9.10.1/24 interface=VLAN110 network=10.9.10.0add address=10.9.11.1/24 interface=VLAN111 network=10.9.11.0add address=10.9.12.1/24 interface=VLAN112 network=10.9.12.0add address=10.9.13.1/24 interface=VLAN113 network=10.9.13.0add address=10.9.14.1/24 interface=VLAN114 network=10.9.14.0add address=10.9.15.1/24 interface=VLAN115 network=10.9.15.0add address=10.9.16.1/24 interface=VLAN116 network=10.9.16.0add address=10.9.17.1/24 interface=VLAN117 network=10.9.17.0add address=10.9.18.1/24 interface=VLAN118 network=10.9.18.0add address=10.9.19.1/24 interface=VLAN119 network=10.9.19.0add address=10.9.20.1/24 interface=VLAN120 network=10.9.20.0add address=10.9.35.1/24 interface=VLAN135 network=10.9.35.0add address=10.9.50.1/24 interface=VLAN150 network=10.9.50.0/ip dhcp-server networkadd address=10.9.2.0/24 dns-server=[REDACTED] gateway=10.9.2.1add address=10.9.3.0/24 dns-server=[REDACTED] gateway=10.9.3.1add address=10.9.4.0/24 dns-server=[REDACTED] gateway=10.9.4.1add address=10.9.5.0/24 dns-server=[REDACTED] gateway=10.9.5.1add address=10.9.6.0/24 dns-server=[REDACTED] gateway=10.9.6.1add address=10.9.7.0/24 dns-server=[REDACTED] gateway=10.9.7.1add address=10.9.8.0/24 dns-server=[REDACTED] gateway=10.9.8.1add address=10.9.9.0/24 dns-server=[REDACTED] gateway=10.9.9.1add address=10.9.10.0/24 dns-server=[REDACTED] gateway=10.9.10.1add address=10.9.11.0/24 dns-server=[REDACTED] gateway=10.9.11.1add address=10.9.12.0/24 dns-server=[REDACTED] gateway=10.9.12.1add address=10.9.13.0/24 dns-server=[REDACTED] gateway=10.9.13.1add address=10.9.14.0/24 dns-server=[REDACTED] gateway=10.9.14.1add address=10.9.15.0/24 dns-server=[REDACTED] gateway=10.9.15.1add address=10.9.16.0/24 dns-server=[REDACTED] gateway=10.9.16.1add address=10.9.17.0/24 dns-server=[REDACTED] gateway=10.9.17.1add address=10.9.18.0/24 dns-server=[REDACTED] gateway=10.9.18.1add address=10.9.19.0/24 dns-server=[REDACTED] gateway=10.9.19.1add address=10.9.20.0/24 dns-server=[REDACTED] gateway=10.9.20.1add address=10.9.35.0/24 dns-server=[REDACTED] gateway=10.9.35.1add address=10.9.50.0/24 dns-server=[REDACTED] gateway=10.9.50.1/ip routeadd disabled=no dst-address=0.0.0.0/0 gateway=[firewall] routing-table=main suppress-hw-offload=no/radiusadd address=[REDACTED] service=dot1x/routing ospf interface-templateadd area=backbone disabled=no interfaces=FIREWALLadd area=backbone disabled=no interfaces=VLAN200add area=backbone disabled=no interfaces=VLAN101add area=backbone disabled=no interfaces=VLAN102add area=backbone disabled=no interfaces=VLAN103add area=backbone disabled=no interfaces=VLAN104add area=backbone disabled=no interfaces=VLAN105add area=backbone disabled=no interfaces=VLAN106add area=backbone disabled=no interfaces=VLAN107add area=backbone disabled=no interfaces=VLAN108add area=backbone disabled=no interfaces=VLAN109add area=backbone disabled=no interfaces=VLAN110add area=backbone disabled=no interfaces=VLAN111add area=backbone disabled=no interfaces=VLAN112add area=backbone disabled=no interfaces=VLAN113add area=backbone disabled=no interfaces=VLAN114add area=backbone disabled=no interfaces=VLAN115add area=backbone disabled=no interfaces=VLAN116add area=backbone disabled=no interfaces=VLAN117add area=backbone disabled=no interfaces=VLAN118add area=backbone disabled=no interfaces=VLAN119add area=backbone disabled=no interfaces=VLAN120add area=backbone disabled=no interfaces=VLAN135add area=backbone disabled=no interfaces=VLAN150/snmpset contact="[REDACTED]" enabled=yes location=[REDACTED] trap-community=[REDACTED] trap-version=2/system clockset time-zone-name=[REDACTED]/system health settingsset fan-min-speed-percent=25%/system identityset name=MikroTik-MDF/system noteset show-at-login=no/system ntp clientset enabled=yes/system ntp client serversadd address=[REDACTED]/system routerboard settingsset boot-os=router-osCode:
[admin@MikroTik-IDF1] > export# 2024-01-26 10:16:57 by RouterOS 7.13.1# software id = T0G4-BFMH## model = CRS328-24P-4S+# serial number = [REDACTED]/interface bridgeadd name=bridge pvid=200 vlan-filtering=yes/interface listadd name="802.1x Port"/ip hotspot profileset [ find default=yes ] html-directory=hotspot/portset 0 name=serial0/interface bridge portadd bridge=bridge interface=sfp-sfpplus1 pvid=200add bridge=bridge interface=ether1add bridge=bridge interface=ether2add bridge=bridge interface=ether3add bridge=bridge interface=ether4add bridge=bridge interface=ether5add bridge=bridge interface=ether6add bridge=bridge interface=ether7add bridge=bridge interface=ether8add bridge=bridge interface=ether9add bridge=bridge interface=ether10add bridge=bridge interface=ether11add bridge=bridge interface=ether12add bridge=bridge interface=ether13add bridge=bridge interface=ether14add bridge=bridge interface=ether15add bridge=bridge interface=ether16add bridge=bridge interface=ether17add bridge=bridge interface=ether18add bridge=bridge interface=ether19add bridge=bridge interface=ether20add bridge=bridge interface=ether21add bridge=bridge interface=ether22add bridge=bridge interface=ether23add bridge=bridge interface=ether24/interface bridge vlanadd bridge=bridge tagged=sfp-sfpplus1 vlan-ids=106add bridge=bridge tagged=sfp-sfpplus1 vlan-ids=101add bridge=bridge tagged=sfp-sfpplus1 vlan-ids=102add bridge=bridge tagged=sfp-sfpplus1 vlan-ids=103add bridge=bridge tagged=sfp-sfpplus1 vlan-ids=104add bridge=bridge tagged=sfp-sfpplus1 vlan-ids=105add bridge=bridge tagged=sfp-sfpplus1 vlan-ids=107add bridge=bridge tagged=sfp-sfpplus1 vlan-ids=108add bridge=bridge tagged=sfp-sfpplus1 vlan-ids=109add bridge=bridge tagged=sfp-sfpplus1 vlan-ids=110add bridge=bridge tagged=sfp-sfpplus1 vlan-ids=111add bridge=bridge tagged=sfp-sfpplus1 vlan-ids=112add bridge=bridge tagged=sfp-sfpplus1 vlan-ids=113add bridge=bridge tagged=sfp-sfpplus1 vlan-ids=114add bridge=bridge tagged=sfp-sfpplus1 vlan-ids=115add bridge=bridge tagged=sfp-sfpplus1 vlan-ids=116add bridge=bridge tagged=sfp-sfpplus1 vlan-ids=117add bridge=bridge tagged=sfp-sfpplus1 vlan-ids=118add bridge=bridge tagged=sfp-sfpplus1 vlan-ids=119add bridge=bridge tagged=sfp-sfpplus1 vlan-ids=120add bridge=bridge tagged=sfp-sfpplus1 vlan-ids=135add bridge=bridge tagged=sfp-sfpplus1 vlan-ids=150/interface dot1x serveradd auth-types=dot1x,mac-auth interface="802.1x Port" mac-auth-mode=mac-as-username-and-password/interface list memberadd interface=ether1 list="802.1x Port"add interface=ether2 list="802.1x Port"add interface=ether3 list="802.1x Port"add interface=ether4 list="802.1x Port"add interface=ether5 list="802.1x Port"add interface=ether6 list="802.1x Port"add interface=ether7 list="802.1x Port"add interface=ether8 list="802.1x Port"add interface=ether9 list="802.1x Port"add interface=ether10 list="802.1x Port"add interface=ether11 list="802.1x Port"add interface=ether12 list="802.1x Port"add interface=ether13 list="802.1x Port"add interface=ether14 list="802.1x Port"add interface=ether15 list="802.1x Port"add interface=ether16 list="802.1x Port"add interface=ether17 list="802.1x Port"add interface=ether18 list="802.1x Port"add interface=ether19 list="802.1x Port"add interface=ether20 list="802.1x Port"add interface=ether21 list="802.1x Port"add interface=ether22 list="802.1x Port"add interface=ether23 list="802.1x Port"add interface=ether24 list="802.1x Port"/ip addressadd address=10.9.0.2/24 interface=bridge network=10.9.0.0/ip routeadd disabled=no dst-address=0.0.0.0/0 gateway=10.9.0.1 routing-table=main suppress-hw-offload=no/radiusadd address=[REDACTED] service=dot1x/system clockset time-zone-name=[REDACTED]/system identityset name=MikroTik-IDF1/system noteset show-at-login=no/system ntp clientset enabled=yes/system ntp client serversadd address=[REDACTED]/system routerboard settingsset boot-os=router-osStatistics: Posted by cjbruck — Fri Jan 26, 2024 5:43 pm