Manual:CRS3xx series switches: Difference between revisions
Line 293: | Line 293: | ||
===Port Settings=== | ===Port Settings=== | ||
<p id="shbox"><b>Sub-menu:</b> <code>/interface ethernet switch | |||
port</code></p><br /> | |||
<table class="styled_table"> | |||
<tr> | |||
<th width="50%">Property</th> | |||
<th >Description</th> | |||
</tr> | |||
<tr> | |||
<td><var><b>vlan-type</b></var> (<em>edge-port | network-port</em>; | |||
Default: <b>network-port</b>)</td> | |||
<td>Port VLAN type specifies whether VLAN id is used in UFDB learning. Network port learns | |||
VLAN id in UFDB, edge port does not - VLAN 0. It can be observed only in IVL learning mode.</td> | |||
</tr> | |||
<tr> | |||
<td><var><b>isolation-leakage-profile-override</b></var> (<em>yes | no</em>; Default: | |||
<b>!isolation-leakage-profile-override</b>)<br> | |||
<var><b>isolation-leakage-profile</b></var> (<em>0..31</em>;)</td> | |||
<td>Custom port profile for port isolation/leakage configurations. | |||
<ul class="bullets"> | |||
<li> Port-level isolation profile 0. Uplink port - allows the port to | |||
communicate with all ports in the device. | |||
<li> Port-level isolation profile 1. Isolated port - allows the port to | |||
communicate only with uplink ports. | |||
<li> Port-level isolation profile 2 - 31. Community port - allows | |||
communication among the same community ports and uplink ports. | |||
</ul></td> | |||
</tr> | |||
<tr> | |||
<td><var><b>learn-override</b></var> (<em>yes | no</em>; Default: <b>!learn-override</b>)<br> | |||
<var><b>learn-limit</b></var> (<em>1..1023</em>; Default: <b>!learn-limit</b>)</td> | |||
<td>Enable or disable MAC address learning and set MAC limit on the port. | |||
MAC learning limit is disabled by default when !learn-override and !learn-limit</td> | |||
</tr> | |||
<tr> | |||
<td><var><b>drop-when-ufdb-entry-src-drop</b></var> (<em>yes | no</em>; | |||
Default: <b>yes</b>)</td> | |||
<td>Enable or disable to drop packets when UFDB entry has action | |||
<var>src-drop</var>.</td> | |||
</tr> | |||
<tr> | |||
<td><var><b>allow-unicast-loopback</b></var> (<em>yes | no</em>; Default: | |||
<b>no</b>)</td> | |||
<td>Unicast loopback on port. When enabled, it permits sending back when | |||
source port and destination port are the same one for known unicast | |||
packets.</td> | |||
</tr> | |||
<tr> | |||
<td><var><b>allow-multicast-loopback</b></var> (<em>yes | no</em>; Default: | |||
<b>no</b>)</td> | |||
<td>Multicast loopback on port. When enabled, it permits sending back when | |||
source port and destination port are the same for registered multicast or | |||
broadcast packets.</td> | |||
</tr> | |||
<tr> | |||
<td><var><b>action-on-static-station-move</b></var> (<em>copy-to-cpu | drop | |||
| forward | redirect-to-cpu</em>; Default: <b>forward</b>)</td> | |||
<td>Action for packets when UFDB already contains static entry with such MAC but with a different port.</td> | |||
</tr> | |||
<tr> | |||
<td><var><b>drop-dynamic-mac-move</b></var> (<em>yes | no</em>; Default: | |||
<b>no</b>)</td> | |||
<td>Prevents MAC relearning until UFDB timeout if MAC is already learned on other port.</td> | |||
</tr> | |||
</table> | |||
<br> | |||
<table class="styled_table"> | |||
<tr> | |||
<th width="50%">Property</th> | |||
<th >Description</th> | |||
</tr> | |||
<tr> | |||
<td><var><b>allow-fdb-based-vlan-translate</b></var> (<em>yes | no</em>; Default: | |||
<b>no</b>)</td> | |||
<td>Enable or disable MAC-based VLAN translation on the port.</td> | |||
</tr> | |||
<tr> | |||
<td><var><b>allow-mac-based-service-vlan-assignment-for</b></var> (<em>all-frames | none | | |||
tagged-frame-only | untagged-and-priority-tagged-frame-only</em>; Default: | |||
<b>none</b>)</td> | |||
<td>Frame type for which applies MAC-based service VLAN translation.</td> | |||
</tr> | |||
<tr> | |||
<td><var><b>allow-mac-based-customer-vlan-assignment-for</b></var> (<em>all-frames | none | | |||
tagged-frame-only | untagged-and-priority-tagged-frame-only</em>; Default: | |||
<b>none</b>)</td> | |||
<td>Frame type for which applies MAC-based customer VLAN translation.</td> | |||
</tr> | |||
<tr> | |||
<td><var><b>default-customer-pcp</b></var> (<em>0..7</em>; Default: | |||
<b>0</b>)</td> | |||
<td>Default customer PCP of the port.</td> | |||
</tr> | |||
<tr> | |||
<td><var><b>default-service-pcp</b></var> (<em>0..7</em>; Default: | |||
<b>0</b>)</td> | |||
<td>Default service PCP of the port.</td> | |||
</tr> | |||
<tr> | |||
<td><var><b>pcp-propagation-for-initial-pcp</b></var> (<em>yes | no</em>; | |||
Default: <b>no</b>)</td> | |||
<td>Enables or disables PCP propagation for initial PCP assignment on ingress. | |||
<ul class="bullets"> | |||
<li> If the port <var>vlan-type</var> is Edge port, the service PCP is copied from the | |||
customer PCP. | |||
<li> If the port <var>vlan-type</var> is Network port, the customer PCP is copied from the | |||
service PCP. | |||
</ul></td> | |||
</tr> | |||
<tr> | |||
<td><var><b>filter-untagged-frame</b></var> (<em>yes | no</em>; Default: | |||
<b>no</b>)</td> | |||
<td>Whether to filter untagged frames on the port.</td> | |||
</tr> | |||
<tr> | |||
<td><var><b>filter-priority-tagged-frame</b></var> (<em>yes | no</em>; | |||
Default: <b>no</b>)</td> | |||
<td>Whether to filter tagged frames with priority on the port.</td> | |||
</tr> | |||
<tr> | |||
<td><var><b>filter-tagged-frame</b></var> (<em>yes | no</em>; Default: | |||
<b>no</b>)</td> | |||
<td>Whether to filter tagged frames on the port.</td> | |||
</tr> | |||
</table> | |||
<br> | |||
<table class="styled_table"> | |||
<tr> | |||
<th width="50%">Property</th> | |||
<th >Description</th> | |||
</tr> | |||
<tr> | |||
<td><var><b>egress-vlan-tag-table-lookup-key</b></var> (<em>according-to-bridge-type | | |||
egress-vid</em>; Default: <b>egress-vid</b>)</td> | |||
<td>Egress VLAN table (VLAN Tagging) lookup: | |||
<ul class="bullets"> | |||
<li> <var>egress-vid</var> - Lookup VLAN id is CVID when | |||
Edge port is configured, SVID when Network port is configured. | |||
<li> <var>according-to-bridge-type</var> - Lookup VLAN id is CVID when customer | |||
VLAN bridge is configured, SVID when service VLAN bridge is configured. Customer | |||
tag is unmodified for Edge port in service VLAN bridge. | |||
</ul></td> | |||
</tr> | |||
<tr> | |||
<td><var><b>egress-vlan-mode</b></var> (<em>tagged | unmodified | | |||
untagged</em>; Default: <b>unmodified</b>)</td> | |||
<td>Egress VLAN tagging action on the port.</td> | |||
</tr> | |||
<tr> | |||
<td><var><b>egress-pcp-propagation</b></var> (<em>yes | no</em>; Default: | |||
<b>no</b>)</td> | |||
<td>Enables or disables egress PCP propagation. | |||
<ul class="bullets"> | |||
<li> If the port <var>vlan-type</var> is Edge port, the service PCP is copied from the | |||
customer PCP. | |||
<li> If the port <var>vlan-type</var> is Network port, the customer PCP is copied from the | |||
service PCP. | |||
</ul></td> | |||
</tr> | |||
</table> | |||
<br> | |||
<table class="styled_table"> | |||
<tr> | |||
<th width="50%">Property</th> | |||
<th >Description</th> | |||
</tr> | |||
<tr> | |||
<td><var><b>ingress-mirror-to</b></var> (<em>mirror0 | mirror1 | none</em>; | |||
Default: <b>none</b>)</td> | |||
<td>Analyzer port for port-based ingress mirroring.</td> | |||
</tr> | |||
<tr> | |||
<td><var><b>ingress-mirroring-according-to-vlan</b></var> (<em>yes | | |||
no</em>; Default: <b>no</b>)</td> | |||
<td></td> | |||
</tr> | |||
<tr> | |||
<td><var><b>egress-mirror-to</b></var> (<em>mirror0 | mirror1 | none</em>; Default: | |||
<b>none</b>)</td> | |||
<td>Analyzer port for port-based egress mirroring.</td> | |||
</tr> | |||
</table> | |||
<br> | |||
<table class="styled_table"> | |||
<tr> | |||
<th width="50%">Property</th> | |||
<th >Description</th> | |||
</tr> | |||
<tr> | |||
<td><var><b>qos-scheme-precedence</b></var> (<em>da-based | dscp-based | ingress-acl-based | pcp-based | protocol-based | sa-based | vlan-based</em>; | |||
Default: <b>pcp-based, sa-based, da-based, dscp-based, protocol-based, vlan-based</b>)</td> | |||
<td>Specifies applied QoS assignment schemes on ingress of the port. | |||
<ul class="bullets"> | |||
<li> <var>da-based</var> | |||
<li> <var>dscp-based</var> | |||
<li> <var>ingress-acl-based</var> | |||
<li> <var>pcp-based</var> | |||
<li> <var>protocol-based</var> | |||
<li> <var>sa-based</var> | |||
<li> <var>vlan-based</var> | |||
</ul></td> | |||
</tr> | |||
<tr> | |||
<td><var><b>pcp-or-dscp-based-qos-change-dei</b></var> (<em>yes | no</em>; Default: | |||
<b>no</b>)</td> | |||
<td>Enable or disable PCP or DSCP based DEI change on port.</td> | |||
</tr> | |||
<tr> | |||
<td><var><b>pcp-or-dscp-based-qos-change-pcp</b></var> (<em>yes | no</em>; Default: | |||
<b>no</b>)</td> | |||
<td>Enable or disable PCP or DSCP based PCP change on port.</td> | |||
</tr> | |||
<tr> | |||
<td><var><b>pcp-or-dscp-based-qos-change-dscp</b></var> (<em>yes | no</em>; Default: | |||
<b>no</b>)</td> | |||
<td>Enable or disable PCP or DSCP based DSCP change on port.</td> | |||
</tr> | |||
<tr> | |||
<td><var><b>dscp-based-qos-dscp-to-dscp-mapping</b></var> (<em>yes | no</em>; Default: | |||
<b>yes</b>)</td> | |||
<td>Enable or disable DSCP to internal DSCP mapping on port.</td> | |||
</tr> | |||
<tr> | |||
<td><var><b>pcp-based-qos-drop-precedence-mapping</b></var> (<em>PCP/DEI-range:drop-precedence</em>; Default: | |||
<b>0-15:green</b>)</td> | |||
<td>The new value of drop precedence for the PCP/DEI to drop precedence (drop | green | red | yellow) mapping. | |||
Multiple mappings allowed separated by comma e.g. "0-7:yellow,8-15:red".</td> | |||
</tr> | |||
<tr> | |||
<td><var><b>pcp-based-qos-dscp-mapping</b></var> (<em>PCP/DEI-range:DEI</em>; Default: | |||
<b>0-15:0</b>)</td> | |||
<td>The new value of DSCP for the PCP/DEI to DSCP (0..63) mapping. | |||
Multiple mappings allowed separated by comma e.g. "0-7:25,8-15:50".</td> | |||
</tr> | |||
<tr> | |||
<td><var><b>pcp-based-qos-dei-mapping</b></var> (<em>PCP/DEI-range:DEI</em>; Default: | |||
<b>0-15:0</b>)</td> | |||
<td>The new value of DEI for the PCP/DEI to DEI (0..1) mapping. Multiple mappings allowed separated by comma e.g. "0-7:0,8-15:1".</td> | |||
</tr> | |||
<tr> | |||
<td><var><b>pcp-based-qos-pcp-mapping</b></var> (<em>PCP/DEI-range:DEI</em>; Default: | |||
<b>0-15:0</b>)</td> | |||
<td>The new value of PCP for the PCP/DEI to PCP (0..7) mapping. | |||
Multiple mappings allowed separated by comma e.g. "0-7:3,8-15:4".</td> | |||
</tr> | |||
<tr> | |||
<td><var><b>pcp-based-qos-priority-mapping</b></var> (<em>PCP/DEI-range:DEI</em>; Default: | |||
<b>0-15:0</b>)</td> | |||
<td>The new value of internal priority for the PCP/DEI to priority (0..15) mapping. | |||
Multiple mappings allowed separated by comma e.g. "0-7:5,8-15:15".</td> | |||
</tr> | |||
</table> | |||
<br> | |||
<table class="styled_table"> | |||
<tr> | |||
<th width="50%">Property</th> | |||
<th >Description</th> | |||
</tr> | |||
<tr> | |||
<td><var><b>priority-to-queue</b></var> (<em>priority-range:queue</em>; Default: | |||
<b>0-15:0,1:1,2:2,3:3</b>)</td> | |||
<td>Internal priority (0..15) mapping to queue (0..7) per port.</td> | |||
</tr> | |||
<tr> | |||
<td><var><b>per-queue-scheduling</b></var> (<em>Scheduling-type:Weight</em>; | |||
Default: <b>wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32, | |||
wrr-group0:64,wrr-group0:128</b>)</td> | |||
<td></td> | |||
</tr> | |||
</table> | |||
<br> | |||
<table class="styled_table"> | |||
<tr> | |||
<th width="50%">Property</th> | |||
<th >Description</th> | |||
</tr> | |||
<tr> | |||
<td><var><b>ingress-customer-tpid-override</b></var> (<em>yes | no</em>; | |||
Default:<b>!ingress-customer-tpid-override</b>)<br> | |||
<var><b>ingress-customer-tpid</b></var> (<em>0..10000</em>; Default: <b>0x8100</b>)</td> | |||
<td>Ingress customer TPID override allows accepting specific frames with a custom customer tag TPID. | |||
Default value is for tag of 802.1Q frames.</td> | |||
</tr> | |||
<tr> | |||
<td><var><b>egress-customer-tpid-override</b></var> (<em>yes | no</em>; Default: | |||
<b>!egress-customer-tpid-override</b>)<br> | |||
<var><b>egress-customer-tpid</b></var> (<em>0..10000</em>; Default: | |||
<b>0x8100</b>)</td> | |||
<td>Egress customer TPID override allows custom identification for egress frames with a customer tag. | |||
Default value is for tag of 802.1Q frames.</td> | |||
</tr> | |||
<tr> | |||
<td><var><b>ingress-service-tpid-override</b></var> (<em>yes | no</em>; Default: | |||
<b>!ingress-service-tpid-override</b>)<br> | |||
<var><b>ingress-service-tpid</b></var> (<em>0..10000</em>; Default: <b>0x88A8</b>)</td> | |||
<td>Ingress service TPID override allows accepting specific frames with a custom service tag TPID. | |||
Default value is for service tag of 802.1AD frames.</td> | |||
</tr> | |||
<tr> | |||
<td><var><b>egress-service-tpid-override</b></var> (<em>yes | no</em>; Default: | |||
<b>!egress-service-tpid-override</b>)<br> | |||
<var><b>egress-service-tpid</b></var> (<em>0..10000</em>; Default: | |||
<b>0x88A8</b>)</td> | |||
<td>Egress service TPID override allows custom identification for egress frames with a service tag. | |||
Default value is for service tag of 802.1AD frames.</td> | |||
</tr> | |||
</table> | |||
<br> | |||
<table class="styled_table"> | |||
<tr> | |||
<th width="50%">Property</th> | |||
<th >Description</th> | |||
</tr> | |||
<tr> | |||
<td><var><b>custom-drop-counter-includes</b></var> (<em>counters</em>; Default: | |||
<b>none</b>)</td> | |||
<td>Custom include to count dropped packets for switch port <var>custom-drop-packet</var> counter. | |||
*'''device-loopback''' | |||
*'''fdb-hash-violation''' | |||
*'''exceeded-port-learn-limitation''' | |||
*'''dynamic-station-move''' | |||
*'''static-station-move''' | |||
*'''ufdb-source-drop''' | |||
*'''host-source-drop''' | |||
*'''unknown-host''' | |||
*'''ingress-vlan-filtered''' | |||
</td> | |||
</tr> | |||
<tr> | |||
<td><var><b>queue-custom-drop-counter0-includes</b></var> (<em>counters</em>; | |||
Default: <b>none</b>)</td> | |||
<td>Custom include to count dropped packets for switch port <var>tx-queue-custom0-drop-packet</var> | |||
and bytes for <var>tx-queue-custom0-drop-byte</var> counters. | |||
*'''red''' | |||
*'''yellow''' | |||
*'''green''' | |||
*'''queue0''' | |||
*'''...''' | |||
*'''queue7''' | |||
</td> | |||
</tr> | |||
<tr> | |||
<td><var><b>queue-custom-drop-counter1-includes</b></var> (<em>counters</em>; | |||
Default: <b>none</b>)</td> | |||
<td>Custom include to count dropped packets for switch port <var>tx-queue-custom1-drop-packet</var> | |||
and bytes for <var>tx-queue-custom1-drop-byte</var> counters. | |||
*'''red''' | |||
*'''yellow''' | |||
*'''green''' | |||
*'''queue0''' | |||
*'''...''' | |||
*'''queue7''' | |||
</td> | |||
</tr> | |||
<tr> | |||
<td><var><b>policy-drop-counter-includes</b></var> (<em>counters</em>; | |||
Default: <b>none</b>)</td> | |||
<td>Custom include to count dropped packets for switch port <var>policy-drop-packet</var> counter. | |||
*'''ingress-policing''' | |||
*'''ingress-acl''' | |||
*'''egress-policing''' | |||
*'''egress-acl''' | |||
</td> | |||
</tr> | |||
</table> | |||
<p></p> | |||
===Switch Rules (ACL)=== | ===Switch Rules (ACL)=== |
Revision as of 12:51, 11 October 2017
Summary
The Cloud Router Switch series are highly integrated switches with high performance ARM CPU and feature-rich packet processor. The CRS switches can be designed into various Ethernet applications including unmanaged switch, Layer 2 managed switch, carrier switch and wired unified packet processing.
Features
Features | Description |
---|---|
Forwarding |
|
Mirroring |
|
VLAN |
|
Models
This table clarifies main differences between Cloud Router Switch models.
Model | Switch Chip | CPU | Wireless | SFP+ port | Access Control List | Jumbo Frame (Bytes) |
CRS326-24G-2S+ | Marvell-98DX3236 | 800MHz | - | + | + | 10218 |
CRS317-1G-16S+ | Marvell-98DX8216 | 800MHz | - | + | + | 10218 |
Abbreviations
- FDB - Forwarding Database
- MDB - Multicast Database
- SVL - Shared VLAN Learning
- IVL - Independent VLAN Learning
- PVID - Port VLAN ID
Port Switching
Since v6.40rc29 bridges will handle all Layer2 forwarding and the use of switch chip (hw-offload
) will automatically turn on if appropriate conditions are met.
The rest of RouterOS Switch features remain untouched in usual menus.
By default all newly created bridge ports have hw=yes
option and it allows enabling of hw-offload
when possible. If such functionality is not required, it can be disabled by hw=no
on bridge port to have completely software operated bridging.
Note: Downgrading to previous RouterOS versions will not restore master-port configuration. The bridge with no hw-offload will appear instead and master-port configuration will have to be redone from the beginning.
Example
Use the command lines below to create a bridge and add ports to it. On CRS3xx using other bridge protocol modes will also enable hardware offloading.
/interface bridge add name=bridge1 igmp-snooping=no protocol-mode=none /interface bridge port add bridge=bridge1 interface=ether2 add bridge=bridge1 interface=ether3 add bridge=bridge1 interface=ether4 add bridge=bridge1 interface=ether5
Make sure that hardware offloading is enabled. If H flag is available next to the desired interface, then hardware offloading is active on that port. If hardware offloading flag is not shown, then make sure you haven't enabled features that disable hardware offloading.
[admin@MikroTik] > /interface bridge port print Flags: X - disabled, I - inactive, D - dynamic, H - hw-offload # INTERFACE BRIDGE HW PVID PRIORITY PATH-COST INTERNAL-PATH-COST HORIZON 0 H ether2 bridge1 yes 1 0x80 10 10 none 1 H ether3 bridge1 yes 1 0x80 10 10 none 2 H ether4 bridge1 yes 1 0x80 10 10 none 3 H ether5 bridge1 yes 1 0x80 10 10 none
Note: On CRS3xx series switches bridge STP/RSTP/MSTP, IGMP Snooping and VLAN filtering settings don't affect hardware offloading, bonding on the other hand disables hardware offloading
Host Table
Sub-menu: /interface bridge host
Property | Description |
---|---|
age (read-only: time) | The time since the last packet was received from the host |
bridge (read-only: name) | The bridge the entry belongs to |
external-fdb (read-only: flag) | Whether the host was learned using wireless registration table |
local (read-only: flag) | Whether the host entry is of the bridge itself (that way all local interfaces are shown) |
mac-address (read-only: MAC address) | Host's MAC address |
on-interface (read-only: name) | Which of the bridged interfaces the host is connected to |
Example
- Use this command to get the active host table:
[admin@MikroTik] > /interface bridge host print Flags: L - local, E - external-fdb BRIDGE MAC-ADDRESS ON-INTERFACE AGE bridge1 00:00:00:00:00:01 ether2 3s bridge1 00:01:29:FF:1D:CC ether2 0s L bridge1 00:0C:42:52:2E:CF ether2 0s bridge1 00:0C:42:52:2E:D0 ether2 3s bridge1 00:0C:42:5C:A5:AE ether2 0s
VLAN
Since RouterOS v6.40rc29 bridges provides VLAN aware Layer2 forwarding and VLAN tag modifications within the bridge. This set of features makes bridge operation more like a traditional Ethernet switch and allows to overcome Spanning Tree compatibilty issues compared to configuration when tunnel-like VLAN interfaces are bridged. Bridge VLAN Filtering configuration is highly recommended to comply with STP (802.1D), RSTP (802.1w) standards and is mandatory to enable MSTP (802.1s) support in RouterOS.
VLAN Filtering
The main VLAN setting is vlan-filtering
which globally controls vlan-awareness and VLAN tag processing in the bridge. If vlan-filtering=no
, bridge ignores VLAN tags, works in a shared-VLAN-learning (SVL) mode and cannot modify VLAN tags of packets. Turning on vlan-filtering
enables all bridge VLAN related functionality and independent-VLAN-learning (IVL) mode. Besides joining the ports for Layer2 forwarding, bridge itself is also an interface therefore it has Port VLAN ID (pvid).
Sub-menu: /interface bridge
Property | Description |
---|---|
vlan-filtering (yes | no; Default: no) | Globally enables or disables VLAN functionality for bridge. |
pvid (1..4094; Default: 1) | Port VLAN ID (pvid) specifies which VLAN the untagged ingress traffic is assigned to. It applies e.g. to frames sent from bridge IP and destined to a bridge port. |
Sub-menu: /interface bridge port
Property | Description |
---|---|
frame-types (admit-all | admit-only-untagged-and-priority-tagged | admit-only-vlan-tagged; Default: admit-all) | Specifies allowed ingress frame types on a bridge port. |
ingress-filtering (yes | no; Default: no) | Enables or disables filtering which looks for an ingress port match in the Bridge VLAN table. |
pvid (1..4094; Default: 1) | Port VLAN ID (pvid) specifies which VLAN the untagged ingress traffic is assigned to. |
VLAN Table
Bridge VLAN table represents per-VLAN port mapping with an egress VLAN tag action.
tagged
ports send out frames with a learned VLAN ID tag.
untagged
ports remove VLAN tag before sending out frames if the learned VLAN ID matches the port pvid
.
Sub-menu: /interface bridge vlan
Property | Description |
---|---|
bridge (name) | The bridge interface which the respective VLAN entry is intended for. |
disabled (yes | no; Default: no) | Enables or disables Bridge VLAN entry. |
tagged (interfaces; Default: none) | Interface list with a VLAN tag adding action in egress. This setting accepts comma separated values. E.g. tagged=ether1,ether2 . |
untagged (interfaces; Default: none) | Interface list with a VLAN tag removing action in egress. This setting accepts comma separated values. E.g. tagged=ether3,ether4 . |
vlan-ids (1..4094) | The list of VLAN IDs for certain port configuration. This setting accepts VLAN ID range as well as comma separated values. E.g. vlan-ids=100-115,120,122,128-130 . |
STP/RSTP/MSTP
TODO
IGMP Snooping
IGMP Snooping which controls multicast streams and prevents multicast flooding is implemented in RouterOS starting from version 6.41. It's settings are placed in bridge menu and it works independently in every bridge interface. Software driven implementation works on all devices with RouterOS but CRS1xx/2xx/3xx series switches also support IGMP Snooping with hardware offloading.
- Use this command to enable IGMP Snooping on a bridge interface:
/interface bridge set bridge1 igmp-snooping=yes
- Use this command to get current Multicast Database entries:
[admin@MikroTik] > /interface bridge mdb print BRIDGE VID GROUP PORTS bridge1 200 229.1.1.2 ether3 ether2 ether1 bridge1 300 231.1.3.3 ether4 ether3 ether2 bridge1 400 229.10.10.4 ether4 ether3 bridge1 500 234.5.1.5 ether5 ether1
Global Switch Settings
TODO
Port Settings
Sub-menu: /interface ethernet switch
port
Property | Description |
---|---|
vlan-type (edge-port | network-port; Default: network-port) | Port VLAN type specifies whether VLAN id is used in UFDB learning. Network port learns VLAN id in UFDB, edge port does not - VLAN 0. It can be observed only in IVL learning mode. |
isolation-leakage-profile-override (yes | no; Default:
!isolation-leakage-profile-override) |
Custom port profile for port isolation/leakage configurations.
|
learn-override (yes | no; Default: !learn-override) learn-limit (1..1023; Default: !learn-limit) |
Enable or disable MAC address learning and set MAC limit on the port. MAC learning limit is disabled by default when !learn-override and !learn-limit |
drop-when-ufdb-entry-src-drop (yes | no; Default: yes) | Enable or disable to drop packets when UFDB entry has action src-drop. |
allow-unicast-loopback (yes | no; Default: no) | Unicast loopback on port. When enabled, it permits sending back when
source port and destination port are the same one for known unicast packets. |
allow-multicast-loopback (yes | no; Default: no) | Multicast loopback on port. When enabled, it permits sending back when
source port and destination port are the same for registered multicast or broadcast packets. |
action-on-static-station-move (copy-to-cpu | drop | forward | redirect-to-cpu; Default: forward) | Action for packets when UFDB already contains static entry with such MAC but with a different port. |
drop-dynamic-mac-move (yes | no; Default: no) | Prevents MAC relearning until UFDB timeout if MAC is already learned on other port. |
Property | Description |
---|---|
allow-fdb-based-vlan-translate (yes | no; Default: no) | Enable or disable MAC-based VLAN translation on the port. |
allow-mac-based-service-vlan-assignment-for (all-frames | none |
tagged-frame-only | untagged-and-priority-tagged-frame-only; Default: none) |
Frame type for which applies MAC-based service VLAN translation. |
allow-mac-based-customer-vlan-assignment-for (all-frames | none |
tagged-frame-only | untagged-and-priority-tagged-frame-only; Default: none) |
Frame type for which applies MAC-based customer VLAN translation. |
default-customer-pcp (0..7; Default: 0) | Default customer PCP of the port. |
default-service-pcp (0..7; Default: 0) | Default service PCP of the port. |
pcp-propagation-for-initial-pcp (yes | no; Default: no) | Enables or disables PCP propagation for initial PCP assignment on ingress.
|
filter-untagged-frame (yes | no; Default: no) | Whether to filter untagged frames on the port. |
filter-priority-tagged-frame (yes | no; Default: no) | Whether to filter tagged frames with priority on the port. |
filter-tagged-frame (yes | no; Default: no) | Whether to filter tagged frames on the port. |
Property | Description |
---|---|
egress-vlan-tag-table-lookup-key (according-to-bridge-type | egress-vid; Default: egress-vid) | Egress VLAN table (VLAN Tagging) lookup:
|
egress-vlan-mode (tagged | unmodified | untagged; Default: unmodified) | Egress VLAN tagging action on the port. |
egress-pcp-propagation (yes | no; Default: no) | Enables or disables egress PCP propagation.
|
Property | Description |
---|---|
ingress-mirror-to (mirror0 | mirror1 | none; Default: none) | Analyzer port for port-based ingress mirroring. |
ingress-mirroring-according-to-vlan (yes | no; Default: no) | |
egress-mirror-to (mirror0 | mirror1 | none; Default: none) | Analyzer port for port-based egress mirroring. |
Property | Description |
---|---|
qos-scheme-precedence (da-based | dscp-based | ingress-acl-based | pcp-based | protocol-based | sa-based | vlan-based; Default: pcp-based, sa-based, da-based, dscp-based, protocol-based, vlan-based) | Specifies applied QoS assignment schemes on ingress of the port.
|
pcp-or-dscp-based-qos-change-dei (yes | no; Default: no) | Enable or disable PCP or DSCP based DEI change on port. |
pcp-or-dscp-based-qos-change-pcp (yes | no; Default: no) | Enable or disable PCP or DSCP based PCP change on port. |
pcp-or-dscp-based-qos-change-dscp (yes | no; Default: no) | Enable or disable PCP or DSCP based DSCP change on port. |
dscp-based-qos-dscp-to-dscp-mapping (yes | no; Default: yes) | Enable or disable DSCP to internal DSCP mapping on port. |
pcp-based-qos-drop-precedence-mapping (PCP/DEI-range:drop-precedence; Default: 0-15:green) | The new value of drop precedence for the PCP/DEI to drop precedence (drop | green | red | yellow) mapping. Multiple mappings allowed separated by comma e.g. "0-7:yellow,8-15:red". |
pcp-based-qos-dscp-mapping (PCP/DEI-range:DEI; Default: 0-15:0) | The new value of DSCP for the PCP/DEI to DSCP (0..63) mapping. Multiple mappings allowed separated by comma e.g. "0-7:25,8-15:50". |
pcp-based-qos-dei-mapping (PCP/DEI-range:DEI; Default: 0-15:0) | The new value of DEI for the PCP/DEI to DEI (0..1) mapping. Multiple mappings allowed separated by comma e.g. "0-7:0,8-15:1". |
pcp-based-qos-pcp-mapping (PCP/DEI-range:DEI; Default: 0-15:0) | The new value of PCP for the PCP/DEI to PCP (0..7) mapping. Multiple mappings allowed separated by comma e.g. "0-7:3,8-15:4". |
pcp-based-qos-priority-mapping (PCP/DEI-range:DEI; Default: 0-15:0) | The new value of internal priority for the PCP/DEI to priority (0..15) mapping. Multiple mappings allowed separated by comma e.g. "0-7:5,8-15:15". |
Property | Description |
---|---|
priority-to-queue (priority-range:queue; Default: 0-15:0,1:1,2:2,3:3) | Internal priority (0..15) mapping to queue (0..7) per port. |
per-queue-scheduling (Scheduling-type:Weight;
Default: wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32, wrr-group0:64,wrr-group0:128) |
Property | Description |
---|---|
ingress-customer-tpid-override (yes | no;
Default:!ingress-customer-tpid-override) |
Ingress customer TPID override allows accepting specific frames with a custom customer tag TPID. Default value is for tag of 802.1Q frames. |
egress-customer-tpid-override (yes | no; Default:
!egress-customer-tpid-override) |
Egress customer TPID override allows custom identification for egress frames with a customer tag. Default value is for tag of 802.1Q frames. |
ingress-service-tpid-override (yes | no; Default:
!ingress-service-tpid-override) |
Ingress service TPID override allows accepting specific frames with a custom service tag TPID. Default value is for service tag of 802.1AD frames. |
egress-service-tpid-override (yes | no; Default:
!egress-service-tpid-override) |
Egress service TPID override allows custom identification for egress frames with a service tag. Default value is for service tag of 802.1AD frames. |
Property | Description |
---|---|
custom-drop-counter-includes (counters; Default: none) | Custom include to count dropped packets for switch port custom-drop-packet counter.
|
queue-custom-drop-counter0-includes (counters; Default: none) | Custom include to count dropped packets for switch port tx-queue-custom0-drop-packet
and bytes for tx-queue-custom0-drop-byte counters.
|
queue-custom-drop-counter1-includes (counters; Default: none) | Custom include to count dropped packets for switch port tx-queue-custom1-drop-packet
and bytes for tx-queue-custom1-drop-byte counters.
|
policy-drop-counter-includes (counters; Default: none) | Custom include to count dropped packets for switch port policy-drop-packet counter.
|
Switch Rules (ACL)
TODO
See also
[ Top | Back to Content ]