Getting to Know the Mikrotik Cloud Router Switch (CRS)

Cloud Router Switch (CRS) is a high-performance Smart Switch Series device from Mikrotik that has many ethernet ports (up to 24 ports). This CRS device is a Multilayer Switch, which in addition to work on layer 2, can also work on layer 3 switches and unique OS that is used also RouterOS so that all features on RouterOS can also be applied in this device.

Getting to Know the Mikrotik Cloud Router Switch (CRS)
Getting to Know the Mikrotik Cloud Router Switch (CRS)

 

Key Features of Cloud Router Switch

1. Forwarding

Ports on CRS can be configured for switching and routing that support Full non-blocking wire-speed switching. All forwarding databases support IVL and SVL. Port-based MAC learning limits that can be configured up to 1024 MAC per port. In addition, CRS also supports frames with jumbo size (CRS1xx: 4064 Bytes; CRS2xx: 9204 Bytes).

 

2. Mirroring

CRS supports various types of mirroring ports, such as Port-Based Mirroring, VLAN Based Mirroring, and MAC-Based Mirroring. In addition, CRS also has 2 independent mirroring analyzer ports.

3. Virtual LAN (VLAN)

Mikrotik CRS is compatible with IEEE802.1Q and IEEE802.1ad VLAN standards. CRS is able to create active VLANs up to 4000 VLANs. Supports Port-Based VLANs, Protocol-Based VLANs, MAC Based VLANs, and VLAN filtering.

4. Port Isolation & Leakage

CRS can be applied to implement private VLANs with 3 port profiles: Promiscuous, Isolated and Community. Supports up to 28 Comunity Profile.

5. Trunking

CRS supports trunking with static link aggregation groups. Can create up to 8 Trunk group ports and 8 ports per trunk group. Supports Hardware automatic failover and load balancing.

6. Quality of Service (QoS)

Mikrotik CRS also supports bandwidth management with QoS implementation based on port, MAC, VLAN, Protocol, PCP / DEI, DSCP, ACL.

7. Shaping & Scheduling \

Supports 8 queues on each physical port, Shaping per port, per queue, and per queue group.

8. Access Control List (ACL)

CRS supports Ingress and Egress ACL tables, and up to 512 ACL rules. Classification by port, L2, L3, L4 protocol header. ACL actions include filtering, forwarding, and modifications to the protocol header fields.

Model Cloud Router Switch (CRS)

Here are some differences in the model of Mikrotik Cloud Router Switch (CRS):

ModelCPUWirelessSFP + portAccess Control ListJumbo Frame (Bytes)
CRS112-8G-4S400MHz+9204
CRS210-8G-2S +400MHz++9204
CRS212-1G-10S-1S +400MHz++9204
CRS226-24G-2S +400MHz++9204
CRS125-24G-1S600MHz4064
CRS125-24G-1S-2HnD600MHz+4064
CRS109-8G-1S-2HnD600MHz+4064

Tagged Untagged

In CRS, tagged and untagged features can be created based on ports, protocols or Mac-based addresses, to make it easy to custom in our network.
For example, the topology that we will form as follows:

Getting to Know the Mikrotik Cloud Router Switch (CRS)
Getting to Know the Mikrotik Cloud Router Switch (CRS)
RB450G, in interface ether5 there are 2 VLAN, that is VLAN-id = 1 and VLAN-id = 2
The ethernet cable from ether5 450G is connected to the CRS ether10 switch
PC client that we will enter into the VLAN, connected to ether12 and ether14 from CRS

Configuration on the RB450G side

Getting to Know the Mikrotik Cloud Router Switch (CRS)
Getting to Know the Mikrotik Cloud Router Switch (CRS)
Here we define VLAN-id = 1 and VLAN-id = 2 in interface ether5 . And of course, we also attach the IP in each of these VLAN interfaces.

Configuration in CRS

In order to enable the switching features of our CRS, the first step is to set the ” master-port ” parameter in the ethernet interface we want to enable as a switch. The function of these master-ports is the interface between ethernet-ethernet using switch mode ( SLAVE-PORT ) with another non-switch mode ethernet interface.
Getting to Know the Mikrotik Cloud Router Switch (CRS)
Getting to Know the Mikrotik Cloud Router Switch (CRS)
From the visible image, ether12, and ether14 we set it as the slave with master-port in ether10. That is, ether10, ether12, and ether14 have become a switch and communication between these ports can be full wire speed without burdening the router CPU again.
If we want to enable routing, firewalls, bandwidth management, QoS and so forth, we simply put the rule-virulence in ether10. Why? because ether10 serves as its master-port, automatic, every rule in ether10, will apply in all its slave ports (ether12 and ether14)

VLANs based on Port

Following this example, we will enable our switch as a managed switch l2 based on INTERFACE PORT.
Since ether10 is connected to the RB450G interface that has VLAN-id, it means that we want all traffic out of ether10 to have VLAN-id ( tagged / trunk port ), and vice versa, since the devices connected in ether12 and ether14 are ordinary PC devices, means we must set all traffic out of both ports must be removed first VLAN-id ( untagged / access port ).
Getting to Know the Mikrotik Cloud Router Switch (CRS)
Getting to Know the Mikrotik Cloud Router Switch (CRS)

 

Ingress VLAN Translation

In this menu, we can modify the incoming frames/ incoming/ingress from our switch port.
From the visible image, all traffic coming from ether12 and ether14 is set up new-customer-vid in accordance with the VLAN-ID on RB450G, meaning that the original frame has customer-vid = 0 (without VLAN-id), as it enters from ether12 and goes to any ethernet will be set to have new-customer-vid = 1 (VLAN-id = 1 / tagged)

Egress VLAN Translation

In this menu, we can modify the outgoing/egress frames from our switch port.

From the visible image, all traffic coming out of ether12 and ether14 is set to new 0 customers (VLAN-id), so the traffic coming out of ether12 and ether14 is acceptable to ordinary PCs. This is equivalent to making ether12 and ether14 being access port / untagged.

Final Results By enabling the above configuration, client PCs in vlan1 and vlan2 communications are no longer via layer 2 even though they are in 1 physical switch, but must be inter-VLAN communication via RB450G.