2026-06-07 08:34:13 +02:00
|
|
|
---
|
2026-06-08 19:13:53 +02:00
|
|
|
# Device facts (recorded on-site 2026-06-08):
|
|
|
|
|
# model: CRS310-8G+2S+IN
|
|
|
|
|
# serial: HM40B8TDNDD
|
|
|
|
|
# base MAC (ether1): D0:EA:11:24:F4:AA
|
|
|
|
|
# RouterOS: 7.19.6 stable (bootloader already current) -> pinned target below
|
|
|
|
|
#
|
2026-06-09 12:15:23 +02:00
|
|
|
# Topology (decided 2026-06-09, see docs/superpowers/specs/
|
|
|
|
|
# 2026-06-09-crs310-flat-mgmtvlan-design.md): the switch is a FLAT L2 switch on the
|
|
|
|
|
# makerspace 10.2.30.0/24 network with its management isolated on a dedicated VLAN.
|
|
|
|
|
# - ether1 is the copper UPLINK (SFP+ deferred until connectors arrive).
|
|
|
|
|
# - DATA VLAN 30: flat 10.2.30.0/24 bridged through; the switch does NO routing/DHCP
|
|
|
|
|
# and the CPU is not a member (no switch presence on the user network).
|
|
|
|
|
# - MGMT VLAN 99: isolated; switch mgmt IP 192.168.88.1/24 on vlan-mgmt, reachable
|
|
|
|
|
# only from the dedicated mgmt port ether8. No gateway, no NTP/DNS (no internet).
|
|
|
|
|
|
2026-06-08 19:33:48 +02:00
|
|
|
# Day-2 connection: key auth as the named admin user (overrides the bootstrap
|
|
|
|
|
# default ansible_user=admin in group_vars/mikrotik.yml).
|
|
|
|
|
ansible_user: sjat
|
|
|
|
|
|
2026-06-07 08:34:13 +02:00
|
|
|
switch_identity_name: "crs310-maker"
|
2026-06-09 12:15:23 +02:00
|
|
|
|
|
|
|
|
# ----- Management (isolated VLAN 99) -----
|
2026-06-07 08:34:13 +02:00
|
|
|
switch_mgmt_vlan_id: 99
|
2026-06-09 12:15:23 +02:00
|
|
|
switch_mgmt_address: "192.168.88.1/24"
|
|
|
|
|
switch_mgmt_gateway: "" # isolated mgmt -> no default route
|
|
|
|
|
switch_dns_servers: "" # no DNS on an isolated mgmt plane
|
|
|
|
|
switch_ntp_enabled: false # no internet on mgmt -> NTP would only error
|
2026-06-07 08:34:13 +02:00
|
|
|
|
|
|
|
|
switch_admin_user: "sjat"
|
|
|
|
|
|
2026-06-09 12:15:23 +02:00
|
|
|
# ----- VLANs + per-port map (all untagged access; no trunks) -----
|
|
|
|
|
# DATA = flat 10.2.30.0/24 (uplink + device ports); MGMT = isolated admin VLAN.
|
2026-06-07 08:34:13 +02:00
|
|
|
switch_vlans:
|
2026-06-09 12:15:23 +02:00
|
|
|
- {id: 30, name: "data"}
|
2026-06-07 08:34:13 +02:00
|
|
|
- {id: 99, name: "mgmt"}
|
|
|
|
|
switch_bridge_ports:
|
2026-06-09 12:15:23 +02:00
|
|
|
- {interface: "ether1", pvid: 30, mode: access} # copper uplink
|
|
|
|
|
- {interface: "ether2", pvid: 30, mode: access}
|
|
|
|
|
- {interface: "ether3", pvid: 30, mode: access}
|
|
|
|
|
- {interface: "ether4", pvid: 30, mode: access}
|
|
|
|
|
- {interface: "ether5", pvid: 30, mode: access}
|
|
|
|
|
- {interface: "ether6", pvid: 30, mode: access}
|
|
|
|
|
- {interface: "ether7", pvid: 30, mode: access}
|
|
|
|
|
- {interface: "sfp-sfpplus1", pvid: 30, mode: access}
|
|
|
|
|
- {interface: "sfp-sfpplus2", pvid: 30, mode: access}
|
|
|
|
|
- {interface: "ether8", pvid: 99, mode: access} # dedicated mgmt port
|
2026-06-07 08:34:13 +02:00
|
|
|
|
2026-06-08 19:13:53 +02:00
|
|
|
# Firmware: pinned at the version already installed (no upgrade planned now).
|
|
|
|
|
switch_firmware_target: "7.19.6"
|
|
|
|
|
# switch_firmware_enabled: true # opt-in only when you actually want to upgrade
|