For example, I will configure MikroTik CRS212-1G-10S-1S + IN as a switch.
And so, connect to it with a console cable at a speed of 115200.
Initially login admin without password.
Erase the default configuration:
system reset-configuration
During boot, when the device asks, press the “r” button to confirm that we want to erase the default config.
Let’s add a new user and disable the admin user:
use add name=ixnfo password=XXXXX group=full
user disable admin
Let’s see what interfaces there are, my first port will be an uplink since there was no 10 gigabit link at hand:
interface print
Let’s create a switch from all ports:
interface ethernet set [ find default-name=sfp2 ] master-port=sfp1
interface ethernet set [ find default-name=sfp3 ] master-port=sfp1
interface ethernet set [ find default-name=sfp4 ] master-port=sfp1
interface ethernet set [ find default-name=sfp5 ] master-port=sfp1
interface ethernet set [ find default-name=sfp6 ] master-port=sfp1
interface ethernet set [ find default-name=sfp7 ] master-port=sfp1
interface ethernet set [ find default-name=sfp8 ] master-port=sfp1
interface ethernet set [ find default-name=sfp9 ] master-port=sfp1
interface ethernet set [ find default-name=sfp10 ] master-port=sfp1
interface ethernet set [ find default-name=sfpplus1 ] master-port=sfp1
interface ethernet set [ find default-name=ether1 ] master-port=sfp1
I will create two VLANs that will go to managed switches (the first for equipment management, the second for clients):
interface vlan add interface=sfp1 l2mtu=1584 name=vlan207-sfp1 vlan-id=207
interface vlan add interface=sfp1 l2mtu=1584 name=vlan226-sfp1 vlan-id=226
I will assign the VLAN to the interface on the first port with an IP address:
ip address add address=10.0.0.2/24 interface=vlan207-sfp1 network=10.0.0.0
I will disable neighbor discovery, since I do not need it:
ip neighbor discovery set sfp1 discover=no
ip neighbor discovery set sfp2 discover=no
ip neighbor discovery set sfp3 discover=no
ip neighbor discovery set sfp4 discover=no
ip neighbor discovery set sfp5 discover=no
ip neighbor discovery set sfp6 discover=no
ip neighbor discovery set sfp7 discover=no
ip neighbor discovery set sfp8 discover=no
ip neighbor discovery set sfp9 discover=no
ip neighbor discovery set sfp10 discover=no
ip neighbor discovery set sfpplus1 discover=no
ip neighbor discovery set ether1 discover=no
ip neighbor discovery set vlan207-sfp1 discover=no
ip neighbor discovery set vlan226-sfp1 discover=no
I will configure SNMP to monitor the device and access it from only one address:
snmp set enabled=yes trap-community=public
snmp community set [ find default=yes ] addresses=10.0.0.1/32
Filtering incoming broadcast flood, using the example of a limit of 200 packets per second for the sfp2 port (for other ports it is similar, only we change the port name):
interface ethernet switch ingress-port-policer add port=sfp2 rate=200 meter-unit=packet packet-types=broadcast
Done, MikroTik CRS212-1G-10S-1S+ IN works as a switch, on all ports traffic with VLAN tags passes through it via two VLANs.
See my other articles about MikroTik