Hi there,
I'm trying to understand the setup described https://help.mikrotik.com/docs/display/ ... with+Bonds as I want to achieve similar with my gear: CRS328-24P-4S+RM, CRS317-1G-16S+RM and RB5009UG+S+IN. I'm running 2.5Gbe Internet fibre connection using the SFP+ port of the RB5009. As per the example, I have set a bond between CRS328 and CRS317 on 2 ports, and that works just fine.
A few things that I want to achieve:
- Most of my 10G gear will be connected to CRS317
- Leverage CRS317 for Inter-VLAN access/routing
- Use the RB5009 only for the NAT with Internet
There are a few things that I don't understand.
1) What is going on with ether1? CRS317 also has an ether1 port which isn't mentioned in the configuration. Why is it set to "Admit all"? I would have expected to get only untagged traffic and use the ether1 port a way to get on the management network.
2) What is the best practise here? Is it to restrict access to VLAN 99 from a few hosts only or to have a dedicated port to access management network?
3) For the VLANs on the bridge, only VLAN 99 also has "bridge" on the tagged list. The others don't (VLAN 10, 20 and 30). Why is that? Is that preventing VLANs to "talk" to each other by default?
4) If I want to use the CRS317 as a core switch to do the inter-VLAN routing, should I consider it as the "Router' in the example and playing the L3 hardware features?
Thanks!
D.
I'm trying to understand the setup described https://help.mikrotik.com/docs/display/ ... with+Bonds as I want to achieve similar with my gear: CRS328-24P-4S+RM, CRS317-1G-16S+RM and RB5009UG+S+IN. I'm running 2.5Gbe Internet fibre connection using the SFP+ port of the RB5009. As per the example, I have set a bond between CRS328 and CRS317 on 2 ports, and that works just fine.
A few things that I want to achieve:
- Most of my 10G gear will be connected to CRS317
- Leverage CRS317 for Inter-VLAN access/routing
- Use the RB5009 only for the NAT with Internet
There are a few things that I don't understand.
1) What is going on with ether1? CRS317 also has an ether1 port which isn't mentioned in the configuration. Why is it set to "Admit all"? I would have expected to get only untagged traffic and use the ether1 port a way to get on the management network.
2) What is the best practise here? Is it to restrict access to VLAN 99 from a few hosts only or to have a dedicated port to access management network?
3) For the VLANs on the bridge, only VLAN 99 also has "bridge" on the tagged list. The others don't (VLAN 10, 20 and 30). Why is that? Is that preventing VLANs to "talk" to each other by default?
4) If I want to use the CRS317 as a core switch to do the inter-VLAN routing, should I consider it as the "Router' in the example and playing the L3 hardware features?
Thanks!
D.
Statistics: Posted by Dulcow — Sun Mar 24, 2024 10:15 am