166 lines
6.4 KiB
Markdown
166 lines
6.4 KiB
Markdown
|
|
# Makerspace Field Guide — Preparing the CRS310 Switch
|
|||
|
|
|
|||
|
|
**Print this and bring it.** This is the exact, on-site procedure to get the MikroTik
|
|||
|
|
**CRS310-8G+2S+IN** ready so Ansible can take over. Total time: ~30–45 min (most of it
|
|||
|
|
the firmware upgrade). Work on a **bench/isolated network** — do **not** plug the switch
|
|||
|
|
into the live makerspace network until VLANs are configured later (avoids loops and
|
|||
|
|
DHCP/IP conflicts).
|
|||
|
|
|
|||
|
|
When you're done, you'll have: the switch on a known firmware, wiped to a clean slate,
|
|||
|
|
reachable over SSH at a temporary IP, and a few facts written down for me to drop into
|
|||
|
|
`host_vars`.
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
## Bring with you
|
|||
|
|
|
|||
|
|
- [ ] The CRS310 + its PSU.
|
|||
|
|
- [ ] A laptop with **WinBox** (download from mikrotik.com/download) — or just a browser for WebFig.
|
|||
|
|
- [ ] One Ethernet cable (laptop ↔ a 2.5G port).
|
|||
|
|
- [ ] Internet for the switch during the upgrade (a cable from an existing LAN/uplink, **temporarily**, with DHCP — unplug it again before the final steps).
|
|||
|
|
- [ ] The **SFP+ module or DAC** for the 10G uplink (to fit physically; we don't cable the real uplink yet).
|
|||
|
|
- [ ] This guide + something to write the recorded facts on (or a phone note).
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
## Step 1 — Power on and get in
|
|||
|
|
|
|||
|
|
1. Power the switch. Wait ~1 min for it to boot RouterOS.
|
|||
|
|
2. Connect your laptop to **ether1** (a 2.5G port).
|
|||
|
|
3. Open **WinBox → Neighbors tab**. The switch appears (by IP `192.168.88.1` and/or by MAC).
|
|||
|
|
- **Tip:** click the **MAC address** (not the IP) to connect — this works even when the
|
|||
|
|
switch has no IP, which matters in Step 5.
|
|||
|
|
4. Log in: user `admin`, password **blank** (just press Enter). RouterOS 7 may ask you to
|
|||
|
|
set a password — you can set a temporary one or skip; Ansible will set the real one later.
|
|||
|
|
|
|||
|
|
> No WinBox? Browse to `http://192.168.88.1` (WebFig) instead. The CLI commands below are
|
|||
|
|
> typed in **WinBox/WebFig → New Terminal**.
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
## Step 2 — Confirm it's running RouterOS (not SwOS)
|
|||
|
|
|
|||
|
|
The CRS310 can dual-boot SwOS, but we need **RouterOS** for VLAN filtering + Ansible.
|
|||
|
|
|
|||
|
|
- In terminal: `/system/routerboard/print`
|
|||
|
|
- It should report RouterOS. If the device booted **SwOS** (different, simpler web UI),
|
|||
|
|
switch the boot OS: in SwOS go to the **System** page and set boot to RouterOS, or use
|
|||
|
|
the reset/boot-OS toggle, then reboot. (You want the full RouterOS interface.)
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
## Step 3 — Upgrade and pin the firmware
|
|||
|
|
|
|||
|
|
This needs internet for the switch. Plug a DHCP uplink into **ether8** temporarily.
|
|||
|
|
|
|||
|
|
1. Give the switch internet briefly: it should pull a DHCP lease on the uplink port, or in
|
|||
|
|
terminal: `/ip/dhcp-client/add interface=ether8 disabled=no`
|
|||
|
|
2. Update RouterOS:
|
|||
|
|
```
|
|||
|
|
/system/package/update/set channel=stable
|
|||
|
|
/system/package/update/check-for-updates
|
|||
|
|
/system/package/update/download
|
|||
|
|
/system/reboot
|
|||
|
|
```
|
|||
|
|
(Or WinBox: **System → Packages → Check For Updates → Download & Install**.)
|
|||
|
|
3. After reboot, upgrade the bootloader (RouterBOOT) to match:
|
|||
|
|
```
|
|||
|
|
/system/routerboard/upgrade
|
|||
|
|
/system/reboot
|
|||
|
|
```
|
|||
|
|
4. **Write down the final version:** `/system/resource/print` → the `version` line.
|
|||
|
|
➜ **Record as `RouterOS version: ______`** (this becomes `switch_firmware_target`).
|
|||
|
|
5. **Unplug the temporary internet uplink** and remove the DHCP client:
|
|||
|
|
`/ip/dhcp-client/remove [find]`
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
## Step 4 — Record the device facts
|
|||
|
|
|
|||
|
|
Run `/system/routerboard/print` and `/system/resource/print` and write down:
|
|||
|
|
|
|||
|
|
- [ ] **Model:** ____________________ (should be CRS310-8G+2S+IN)
|
|||
|
|
- [ ] **Serial:** ____________________ (also on the sticker underneath)
|
|||
|
|
- [ ] **Base MAC:** ____________________
|
|||
|
|
- [ ] **RouterOS version:** ____________________ (from Step 3.4)
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
## Step 5 — Wipe to a clean slate (no default config)
|
|||
|
|
|
|||
|
|
This makes Ansible the single owner of the whole configuration.
|
|||
|
|
|
|||
|
|
1. In terminal:
|
|||
|
|
```
|
|||
|
|
/system/reset-configuration no-defaults=yes skip-backup=yes
|
|||
|
|
```
|
|||
|
|
(Or WinBox: **System → Reset Configuration** → tick **No Default Configuration** and
|
|||
|
|
**Do Not Backup** → **Reset**.)
|
|||
|
|
2. The switch reboots. It now has **no IP and no services** — WinBox-by-IP won't find it.
|
|||
|
|
3. Reconnect using **WinBox → Neighbors → click the MAC address** (this is why we use MAC).
|
|||
|
|
Log in as `admin` with a **blank** password.
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
## Step 6 — Give it a temporary IP + enable SSH (so Ansible can reach it)
|
|||
|
|
|
|||
|
|
In the terminal (laptop still on **ether1**):
|
|||
|
|
|
|||
|
|
```
|
|||
|
|
/ip/address/add address=192.168.88.1/24 interface=ether1
|
|||
|
|
/ip/service/enable ssh
|
|||
|
|
/ip/service/print
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
Then on your laptop, set a static IP `192.168.88.2` / `255.255.255.0` and confirm SSH:
|
|||
|
|
|
|||
|
|
```
|
|||
|
|
ssh admin@192.168.88.1
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
If that logs in, **you're done** — leave the switch powered and on the bench.
|
|||
|
|
|
|||
|
|
> ⚠️ Keep a **WinBox MAC session** open as your lifeline whenever you change network
|
|||
|
|
> settings. If you ever lock yourself out, MAC-telnet/WinBox-by-MAC still works; a full
|
|||
|
|
> **Netinstall** (mikrotik.com/download) is the last-resort recovery.
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
## Step 7 — Decide the real addressing (write it down for me)
|
|||
|
|
|
|||
|
|
I need these to fill in `host_vars/crs310-maker.yml`. Decide with whatever the makerspace
|
|||
|
|
network plan is (or we can finalize together):
|
|||
|
|
|
|||
|
|
- [ ] **Management IP + mask** (real, not the temp one): ____________________
|
|||
|
|
- [ ] **Management VLAN ID:** ____________________
|
|||
|
|
- [ ] **Default gateway:** ____________________
|
|||
|
|
- [ ] **Upstream uplink port** (which SFP+ / port goes to the OPNsense/router): ____________________
|
|||
|
|
- [ ] **DNS / NTP server IP** (usually the gateway): ____________________
|
|||
|
|
|
|||
|
|
(If the makerspace VLAN plan isn't settled yet, that's fine — we ship a placeholder and
|
|||
|
|
fill these in later. The switch just needs to be reachable per Step 6.)
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
## Step 8 — Physical finish
|
|||
|
|
|
|||
|
|
- [ ] Fit the **SFP+ module/DAC** into `sfp-sfpplus1` (don't cable the live uplink yet).
|
|||
|
|
- [ ] Mount/label the switch.
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
## When you're back
|
|||
|
|
|
|||
|
|
Bring me:
|
|||
|
|
1. The recorded facts (Step 4) and addressing decisions (Step 7).
|
|||
|
|
2. Confirmation that `ssh admin@192.168.88.1` (or your temp IP) works.
|
|||
|
|
|
|||
|
|
Then I'll: create the empty `MakerFLOSS_Mikrotik` repo on `forgejo.makerfloss.eu`, drop
|
|||
|
|
your facts into `host_vars`, and run **`play_bootstrap.yml`** — which creates your named
|
|||
|
|
admin user, imports your SSH key, and hands the switch over to Ansible. After that,
|
|||
|
|
`play_switch.yml` configures identity, services, VLANs, and backups.
|
|||
|
|
|
|||
|
|
> **Do not connect the switch to the live makerspace network** until VLANs are configured
|
|||
|
|
> (Task 7 in the implementation plan) — an unconfigured switch on the live net can cause
|
|||
|
|
> loops or hand out the wrong VLAN.
|