Manual:CRS1xx/2xx series switches: Difference between revisions
added CRS Protocol VLAN table |
added CRS MAC VLAN table |
||
Line 761: | Line 761: | ||
untagged-or-priority-tagged</em>; Default: <b>none</b>)</td> | untagged-or-priority-tagged</em>; Default: <b>none</b>)</td> | ||
<td>Service VLAN id assignment command for different packet type.</td> | <td>Service VLAN id assignment command for different packet type.</td> | ||
</tr> | |||
</table> | |||
<p></p> | |||
===MAC Based VLAN=== | |||
<p id="shbox"><b>Sub-menu:</b> <code>/interface ethernet switch | |||
mac-based-vlan</code></p><br /> | |||
MAC Based VLAN table is used to assign VLAN based on source MAC. | |||
<table class="styled_table"> | |||
<tr> | |||
<th width="50%">Property</th> | |||
<th >Description</th> | |||
</tr> | |||
<tr> | |||
<td><var><b>disabled</b></var> (<em>yes | no</em>; Default: <b>no</b>)</td> | |||
<td>Enables or disables MAC Based VLAN entry.</td> | |||
</tr> | |||
<tr> | |||
<td><var><b>new-customer-vid</b></var> (<em>0..4095</em>; Default: | |||
<b>0</b>)</td> | |||
<td>The new customer VLAN id which replaces original service VLAN id for | |||
matched packets.</td> | |||
</tr> | |||
<tr> | |||
<td><var><b>new-service-vid</b></var> (<em>0..4095</em>; Default: | |||
<b>0</b>)</td> | |||
<td>The new service VLAN id which replaces original service VLAN id for | |||
matched packets.</td> | |||
</tr> | |||
<tr> | |||
<td><var><b>src-mac-address</b></var> (<em>MAC address</em>)</td> | |||
<td>Matching source MAC address for MAC based VLAN rule.</td> | |||
</tr> | </tr> | ||
</table> | </table> | ||
<p></p> | <p></p> |
Revision as of 09:41, 29 January 2014
Applies to RouterOS: v6.8 +
Summary
The Cloud Router Switch series are highly integrated switches with high performance MIPS CPU and feature-rich packet processor. The CRS switches can be designed into various Ethernet applications including unmanaged switch, Layer 2 managed switch, carrier switch and wireless/wired unified packet processing.
Abbreviations and Explanations
CVID - Customer VLAN id: inner VLAN tag id of the IEEE 802.1ad frame
SVID - Service VLAN id: outer VLAN tag id of the IEEE 802.1ad frame
IVL - Independent VLAN learning - learning/lookup is based on both MAC addresses and VLAN IDs.
SVL - Shared VLAN learning - learning/lookup is based on MAC addresses - not on VLAN IDs.
TPID - Tag Protocol Identifier
PCP - Priority Code Point: a 3-bit field which refers to the IEEE 802.1p priority
DEI - Drop Eligible Indicator
DSCP - Differentiated services Code Point
Drop precedence - internal CRS switch QoS attribute used for packet enqueuing or dropping.
Generic Configuration
Sub-menu: /interface ethernet switch
CRS switch chip is configurable from the /interface ethernet switch
console menu.
Property | Description |
---|---|
bridge-type (customer-vlan-bridge | service-vlan-bridge; Default: service-vlan-bridge) | Bridge type defines which VLAN tag is used as Lookup-VID. Lookup-VID serves as the VLAN key for all VLAN-based lookup. |
bypass-l2-security-check-filter-for (protocols; Default: none) | Protocols which are excluded from Policy rule security check. (arp, dhcpv4, dhcpv6, eapol, igmp, mld, nd, pppoe-discovery, ripv1) |
bypass-vlan-ingress-filter-for (protocols; Default: none) | Protocols which are excluded from Ingress VLAN filtering. These
protocols are not dropped if they have invalid VLAN. (arp, dhcpv4, dhcpv6, eapol, igmp, mld, nd, pppoe-discovery, ripv1) |
drop-if-invalid-or-src-port-
-not-member-of-vlan-on-ports (ports; Default: none) |
Ports which drop invalid and other port VLAN id frames. |
drop-if-no-vlan-assignment-on-ports (ports; Default: none) | Ports which drop frames if no VLAN assignment is applied. |
egress-mirror-ratio (1/32768..1/1; Default: 1/1) | Proportion of egress mirrored packets compared to all packets. |
egress-mirror0-enable (yes | no; Default: yes) | Enables or disables egress mirroring on Mirror0 port. |
egress-mirror0-format (analyzer-configured | modified | original; Default: modified) |
|
egress-mirror0-port (port; Default: switch1-cpu) | The first egress mirroring analyzer port. |
egress-mirror1-enable (yes | no; Default: yes) | Enables or disables egress mirroring on Mirror1 port. |
egress-mirror1-format (analyzer-configured | modified | original; Default: modified) |
|
egress-mirror1-port (port; Default: switch1-cpu) | The second egress mirroring analyzer port. |
egress-sampling-ratio (1/32768..1/1; Default: 1/1) | |
fdb-uses (mirror0 | mirror1; Default: mirror0) | Analyzer port used for FDB-based mirroring. |
forward-invalid-vlan (yes | no; Default: yes) | Whether to allow forwarding VLANs which are not members of VLAN table. |
ingress-mirror-ratio (1/32768..1/1; Default: 1/1) | Proportion of ingress mirrored packets compared to all packets. |
ingress-mirror0-enable (yes | no; Default: yes) | Enables or disables ingress mirroring on Mirror0 port. |
ingress-mirror0-format (analyzer-configured | modified | original; Default: modified) |
|
ingress-mirror0-port (port; Default: switch1-cpu) | The first ingress mirroring analyzer port. |
ingress-mirror1-enable (yes | no; Default: yes) | Enables or disables ingress mirroring on Mirror1 port. |
ingress-mirror1-format (analyzer-configured | modified | original; Default: modified) |
|
ingress-mirror1-port (port; Default: switch1-cpu) | The second ingress mirroring analyzer port. |
invalid-vlan-lookup-mode (ivl | svl; Default: ivl) | Lookup and learning mode for packets with invalid VLAN. |
ipv4-multicast-lookup-mode
(dst-ip-and-vid-for-ipv4 | dst-mac-and-vid-always; Default: dst-mac-and-vid-always) |
Lookup mode for IPv4 multicast bridging.
|
mac-level-isolation (yes | no; Default: no) | Enables or disables MAC level isolation. |
mirror-egress-if-ingress-mirrored (yes | no; Default: no) | When packet is applied to both ingress and egress mirroring, if this
setting is disabled, only ingress mirroring is performed on the packet; if this setting is enabled both mirroring types are applied. |
mirror-tx-on-mirror-port (yes | no; Default: no) | |
mirrored-packet-drop-precedence (drop | green | red | yellow; Default: green) | Remarked drop precedence in mirrored packets. This QoS attribute is used for mirrored packet enqueuing or dropping. |
mirrored-packet-qos-priority (0..7; Default: 0) | Remarked priority in mirrored packets. |
name (string value; Default: switch1) | Name of the switch. |
override-existing-when-ufdb-full (yes | no; Default: no) | Enable or disable to override existing entry which has the lowest aging value when UFDB is full. |
unicast-fdb-timeout (time interval; Default: 5m) | Timeout for Unicast FDB entries. |
use-cvid-in-one2one-vlan-lookup (yes | no; Default: yes) | Whether to use customer VLAN id for 1:1 VLAN switching lookup. |
use-svid-in-one2one-vlan-lookup (yes | no; Default: no) | Whether to use service VLAN id for 1:1 VLAN switching lookup. |
vlan-level-isolation (yes | no; Default: no) | Enables or disables VLAN level isolation. |
vlan-uses (mirror0 | mirror1; Default: mirror0) | Analyzer port used for VLAN-based mirroring. |
Port Configuration
Sub-menu: /interface ethernet switch
port
Property | Description |
---|---|
action-on-restricted-unknown-sa (copy-to-cpu | drop | forward | redirect-to-cpu; Default: forward) | Forwarding action for packets with restricted unknown source MAC address. |
action-on-static-station-move (copy-to-cpu | drop | forward | redirect-to-cpu; Default: forward) | Forwarding action for packets with normal static station move. |
allow-multicast-loopback (yes | no; Default: no) | Multicast loopback on port. When enabled, it permits sending back when
source port and destination port are the same for registered multicast or broadcast packets. |
allow-unicast-loopback (yes | no; Default: no) | Unicast loopback on port. When enabled, it permits sending back when
source port and destination port are the same one for known unicast packets. |
default-customer-pcp (0..7; Default: 0) | Default customer priority of the port. |
default-service-pcp (0..7; Default: 0) | Default service priority of the port. |
drop-counter-config (; Default: none) | |
drop-when-ufdb-entry-sa-drop (yes | no; Default: no) | Enable or disable to drop packets when UFDB entry has action "src-drop". |
dynamic-mac-move-is-restricted-unknown-sa (yes | no; Default: no) | |
egress-customer-tpid (0..10000; Default: 0x8100) | |
egress-mirror-to (mirror0 | mirror1; Default: mirror0) | Analyzer port for port-based egress mirroring. |
egress-mirroring (yes | no; Default: no) | Enable or disable egress mirroring on the port. |
egress-pcp-propagation (yes | no; Default: no) | Enables or disables egress PCP propagation.
|
egress-sampling (yes | no; Default: no) | |
egress-service-tpid (0..10000; Default: 0x88A8) | |
egress-vlan-lookup (according-to-bridge-type |
according-to-egress-vlan-type; Default: according-to-egress-vlan-type) |
Egress VLAN table (VLAN Tagging) lookup:
|
egress-vlan-mode (tagged | unmodified | untagged; Default: unmodified) | Egress VLAN tagging action on the port. |
egress-vlan-type (edge-port | network-port; Default: edge-port) | Port type for Egress VLAN lookup. |
filter-priority-tagged-frame (yes | no; Default: no) | Whether to filter tagged frames with priority on the port. |
filter-tagged-frame (yes | no; Default: no) | Whether to filter tagged frames on the port. |
filter-untagged-frame (yes | no; Default: no) | Whether to filter untagged frames on the port. |
ingress-customer-tpid (0..10000; Default: 0x8100) | |
ingress-mirror-to (mirror0 | mirror1; Default: mirror0) | Analyzer port for port-based ingress mirroring. |
ingress-mirroring (yes | no; Default: no) | Enable or disable ingress mirroring on the port. |
ingress-mirroring-according-to-vlan (yes | no; Default: no) | |
ingress-sampling (yes | no; Default: no) | |
ingress-sampling-mode
(all-frames-excluding-filtered | all-frames-without-mac-error; Default: all-frames-without-mac-error) |
|
ingress-sampling-ratio (1/32768..1/1; Default: 1/1) | |
ingress-service-tpid (0..10000; Default: 0x88A8) | |
ingress-vlan-type (edge-port | network-port; Default: edge-port) | |
isolation-profile (0..31; Default: 30) |
|
learn (yes | no; Default: ) | Enable or disable MAC address learning on the port. |
learn-limit (1..1023; Default: ) | Number of allowed MAC address limit of the port. |
learn-restricted-unknown-sa (yes | no; Default: yes) | Enable to learn restricted unknown source MAC. Source MAC is classified
as Restricted Unknown if any one of the following conditions are met:
|
mac-based-customer-vlan-for (all-frames | none |
tagged-frame-only | untagged-and-priority-tagged-frame-only; Default: none) |
Frame type for which applies MAC-based customer VLAN translation. |
mac-based-service-vlan-for (all-frames | none |
tagged-frame-only | untagged-and-priority-tagged-frame-only; Default: none) |
Frame type for which applies MAC-based service VLAN translation. |
mac-based-vlan-translate (yes | no; Default: no) | Enable or disable MAC-based VLAN translation on the port. |
mac-vlan-type (edge-port | network-port; Default: edge-port) | Port type for MAC based VLAN translation. |
pcp-propagation-for-initial-pcp (yes | no; Default: no) | |
per-queue-scheduling (strict-priority | wrr-group0 | wrr-group1; Default: ) | |
priority-to-queue (; Default: 0-15:0,1:1,2:2,3:3) | |
qos-change-dei (yes | no; Default: no) | Whether to change DEI on the port. |
qos-change-dscp (yes | no; Default: no) | Whether to change DSCP on the port. |
qos-change-pcp (yes | no; Default: no) | Whether to change PCP on the port. |
qos-dscp-to-dscp-mapping (yes | no; Default: no) | Enable or disable DSCP mapping on the port. |
qos-pcp-dei-map-dei (; Default: 0-15:0) | |
qos-pcp-dei-map-drop-precedence (; Default: 0-15:green) | |
qos-pcp-dei-map-dscp (; Default: 0-15:0) | |
qos-pcp-dei-map-pcp (; Default: 0-15:0) | |
qos-pcp-dei-map-priority (yes | no; Default: 0-15:0) | |
qos-scheme-precedence (da-based | dscp-based |
pcp-based | protocol-based | sa-based | vlan-based; Default: pcp-based) |
|
secure-static-mac-move-is-restricted-unknown-sa (yes | no; Default: no) |
Ingress/Egress VLAN Translation
Sub-menu: /interface ethernet switch
ingress-vlan-translation
Sub-menu: /interface ethernet switch
egress-vlan-translation
Property | Description |
---|---|
customer-dei (0..1; Default: none) | Matching DEI of the customer tag. |
customer-pcp (0..7; Default: none) | Matching PCP of the customer tag. |
customer-vid (0..4095; Default: none) | Matching VLAN id of the customer tag. |
customer-vlan-lookup-for (all |
priority-tagged-or-tagged | tagged | untagged-or-tagged; Default: untagged-or-tagged) |
Type of frames with customer tag for which VLAN translation rule is valid. |
disabled (yes | no; Default: no) | Enables or disables VLAN translation entry. |
new-customer-vid (0..4095; Default: none) | The new customer VLAN id which replaces matching customer VLAN id. |
new-service-vid (0..4095; Default: none) | The new service VLAN id which replaces matching service VLAN id. |
pcp-propagation (yes | no; Default: no) | Enables or disables PCP propagation.
|
port (port) | Matching switch port for VLAN translation rule. |
protocol (protocols; Default: none) | Matching Ethernet protocol. |
sa-learning (yes | no; Default: no) | Enables or disables source MAC learning after VLAN translation. |
service-dei (0..1; Default: none) | Matching DEI of the service tag. |
service-pcp (0..7; Default: none) | Matching PCP of the service tag. |
service-vid (0..4095; Default: none) | Matching VLAN id of the service tag. |
service-vlan-lookup-for (all |
priority-tagged-or-tagged | tagged | untagged-or-tagged; Default: untagged-or-tagged) |
Type of frames with service tag for which VLAN translation rule is valid. |
swap-vids (yes | no; Default: no) | Allows swapping original service VLAN id with original customer VLAN id. |
Protocol Based VLAN
Sub-menu: /interface ethernet switch
protocol-based-vlan
Protocol Based VLAN table is used to assign VID and QoS attributes to related protocol packet per port.
Property | Description |
---|---|
disabled (yes | no; Default: no) | Enables or disables Protocol Based VLAN entry. |
frame-type (ethernet | llc | rfc-1042; Default: ethernet) | Encapsulation type of the matching frames. |
new-customer-vid (0..4095; Default: 0) | The new customer VLAN id which replaces original customer VLAN id for specified protocol. |
new-service-vid (0..4095; Default: 0) | The new service VLAN id which replaces original service VLAN id for specified protocol. |
port (port) | Matching switch port for Protocol based VLAN rule. |
protocol (protocol; Default: 0) | Matching protocol for Protocol based VLAN rule. |
qos-group (none; Default: none) | Defined QoS group from "QoS group" menu. |
set-customer-vid-for (all | none | tagged | untagged-or-priority-tagged; Default: none) | Customer VLAN id assignment command for different packet type. |
set-qos-for (all | none | tagged | untagged-or-priority-tagged; Default: none) | Frame type for which QoS assignment command applies. |
set-service-vid-for (all | none | tagged | untagged-or-priority-tagged; Default: none) | Service VLAN id assignment command for different packet type. |
MAC Based VLAN
Sub-menu: /interface ethernet switch
mac-based-vlan
MAC Based VLAN table is used to assign VLAN based on source MAC.
Property | Description |
---|---|
disabled (yes | no; Default: no) | Enables or disables MAC Based VLAN entry. |
new-customer-vid (0..4095; Default: 0) | The new customer VLAN id which replaces original service VLAN id for matched packets. |
new-service-vid (0..4095; Default: 0) | The new service VLAN id which replaces original service VLAN id for matched packets. |
src-mac-address (MAC address) | Matching source MAC address for MAC based VLAN rule. |