--- # Device facts (recorded on-site 2026-06-08): # model: CRS310-8G+2S+IN # serial: HM40B8TDNDD # base MAC (ether1): D0:EA:11:24:F4:AA # RouterOS: 7.19.6 stable (bootloader already current) -> pinned target below # # Topology (decided 2026-06-09, see docs/superpowers/specs/ # 2026-06-09-crs310-flat-mgmtvlan-design.md): the switch is a FLAT L2 switch on the # makerspace 10.2.30.0/24 network with its management isolated on a dedicated VLAN. # - ether1 is the copper UPLINK (SFP+ deferred until connectors arrive). # - DATA VLAN 30: flat 10.2.30.0/24 bridged through; the switch does NO routing/DHCP # and the CPU is not a member (no switch presence on the user network). # - MGMT VLAN 99: isolated; switch mgmt IP 192.168.88.1/24 on vlan-mgmt, reachable # only from the dedicated mgmt port ether8. No gateway, no NTP/DNS (no internet). # Day-2 connection: key auth as the named admin user (overrides the bootstrap # default ansible_user=admin in group_vars/mikrotik.yml). ansible_user: sjat switch_identity_name: "crs310-maker" # ----- Management (isolated VLAN 99) ----- switch_mgmt_vlan_id: 99 switch_mgmt_address: "192.168.88.1/24" switch_mgmt_gateway: "" # isolated mgmt -> no default route switch_dns_servers: "" # no DNS on an isolated mgmt plane switch_ntp_enabled: false # no internet on mgmt -> NTP would only error switch_admin_user: "sjat" # ----- VLANs + per-port map (all untagged access; no trunks) ----- # DATA = flat 10.2.30.0/24 (uplink + device ports); MGMT = isolated admin VLAN. switch_vlans: - {id: 30, name: "data"} - {id: 99, name: "mgmt"} switch_bridge_ports: - {interface: "ether1", pvid: 30, mode: access} # copper uplink - {interface: "ether2", pvid: 30, mode: access} - {interface: "ether3", pvid: 30, mode: access} - {interface: "ether4", pvid: 30, mode: access} - {interface: "ether5", pvid: 30, mode: access} - {interface: "ether6", pvid: 30, mode: access} - {interface: "ether7", pvid: 30, mode: access} - {interface: "sfp-sfpplus1", pvid: 30, mode: access} - {interface: "sfp-sfpplus2", pvid: 30, mode: access} - {interface: "ether8", pvid: 99, mode: access} # dedicated mgmt port # Firmware: pinned at the version already installed (no upgrade planned now). switch_firmware_target: "7.19.6" # switch_firmware_enabled: true # opt-in only when you actually want to upgrade