Hi folks! Thank you in advance for reading, and double thanks if you choose to help.
I've got 2 firewalls in active/passive which need to communicate to a single ISP. Currently, $20 unmanaged switch is doing the trick. I needed the capability to port mirror for a security appliance, as well as redundant power supplies, so the CRS305-1G-4S+ seemed perfect for the job. Here's an overview:
Because an unmanaged switch works no problem, I've been bashing my head into a wall trying to figure out how to configure this CRS305 to simply act in the same way. VLAN 1000 is arbitrary. As soon as I move cables from the unmanaged switch to the CRS305, internet connectivity is lost, and never recovers. Plugging cables back into the old switch, connectivity is restored in <5 seconds. I'm clearly lacking critical information, but my Cisco/HP/Dell skills are next to useless when configuring RouterOS.
To confirm that I'm not a total idiot, I connected a couple of laptops to SFP1 and SFP4 using random IPs on the same subnet (i.e. 123.123.123.1/24 and 123.123.123.2/24), and they were able to ping each other no problem. What's the special sauce I'm missing here?
I've got 2 firewalls in active/passive which need to communicate to a single ISP. Currently, $20 unmanaged switch is doing the trick. I needed the capability to port mirror for a security appliance, as well as redundant power supplies, so the CRS305-1G-4S+ seemed perfect for the job. Here's an overview:
Because an unmanaged switch works no problem, I've been bashing my head into a wall trying to figure out how to configure this CRS305 to simply act in the same way. VLAN 1000 is arbitrary. As soon as I move cables from the unmanaged switch to the CRS305, internet connectivity is lost, and never recovers. Plugging cables back into the old switch, connectivity is restored in <5 seconds. I'm clearly lacking critical information, but my Cisco/HP/Dell skills are next to useless when configuring RouterOS.
To confirm that I'm not a total idiot, I connected a couple of laptops to SFP1 and SFP4 using random IPs on the same subnet (i.e. 123.123.123.1/24 and 123.123.123.2/24), and they were able to ping each other no problem. What's the special sauce I'm missing here?
Code:
[admin@CRS305] > export hide-sensitive compact # 1970-01-16 05:43:13 by RouterOS 7.12.1# software id = U730-MHG3## model = CRS305-1G-4S+# serial number = /interface bridgeadd name=bridge1 vlan-filtering=yes/interface vlanadd interface=bridge1 name=MGMT vlan-id=99/interface ethernet switchset 0 mirror-source=sfp-sfpplus4 mirror-target=sfp-sfpplus3/interface wireless security-profilesset [ find default=yes ] supplicant-identity=MikroTik/ip hotspot profileset [ find default=yes ] html-directory=hotspot/portset 0 name=serial0/interface bridge portadd bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=sfp-sfpplus4 pvid=1000add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=sfp-sfpplus1 pvid=1000add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=ether1 pvid=99add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=sfp-sfpplus2 pvid=1000/ip neighbor discovery-settingsset discover-interface-list=none/interface bridge vlanadd bridge=bridge1 tagged=bridge1 vlan-ids=99add bridge=bridge1 untagged=ether1 vlan-ids=99/ip addressadd address=10.99.0.2/24 interface=MGMT network=10.99.0.0/ip serviceset telnet disabled=yesset ftp disabled=yesset www disabled=yesset ssh disabled=yesset www-ssl address=10.99.0.0/24,10.90.0.0/24 certificate=www-ssl-Server disabled=noset api disabled=yesset winbox address=10.99.0.0/24,10.90.0.0/24set api-ssl disabled=yes/system identityset name=CRS305/system noteset show-at-login=no/system routerboard settingsset boot-os=router-os/tool bandwidth-serverset enabled=no/tool mac-serverset allowed-interface-list=none/tool mac-server mac-winboxset allowed-interface-list=none/tool mac-server pingset enabled=noStatistics: Posted by VanillaAntibody — Tue Jan 16, 2024 6:47 pm