--- # Device facts (recorded on-site 2026-06-08): # model: CRS310-8G+2S+IN # serial: HM40B8TDNDD # base MAC (ether1): D0:EA:11:24:F4:AA # RouterOS: 7.19.6 stable (bootloader already current) -> pinned target below # # Bootstrap status (2026-06-08): identity set; user `sjat` (full) created with the # operator ed25519 key imported + a vaulted password (vault_switch_admin_password in # group_vars/mikrotik.vault.yml). Key login verified. Default `admin` still enabled # (not yet hardened). Switch currently on the bench at 192.168.88.1 (defconf, not yet # reset/VLAN-configured). Real mgmt addressing below is the FUTURE production plan. # Day-2 connection: key auth as the named admin user (overrides the bootstrap # default ansible_user=admin in group_vars/mikrotik.yml). ansible_user: sjat switch_identity_name: "crs310-maker" switch_mgmt_vlan_id: 99 switch_mgmt_address: "10.0.99.2/24" # EDIT: real mgmt IP switch_mgmt_gateway: "10.0.99.1" # EDIT: real gateway switch_dns_servers: "10.0.99.1" switch_ntp_servers: "10.0.99.1" switch_admin_user: "sjat" # PLACEHOLDER VLAN/port topology — vlans.yml is correct mechanism, but these IDs # and the per-port map are NOT the real makerspace plan. Replace with the real # VLAN ids + full ether1-8/sfp map before any on-site VLAN run. Notes: # - mode: access -> untagged member of `pvid`; mode: trunk -> tagged member of # each id in `tagged_vlans`, with `pvid` as the native (untagged) VLAN. # - trunk pvid: 1 means untagged frames on the uplink land in VLAN 1 (unused in a # hardened design). Decide deliberately whether the uplink should carry any # untagged traffic; set pvid to an intended native VLAN or leave 1 as a dead end. # - the bridge (CPU) is tagged ONLY on switch_mgmt_vlan_id (see vlans.yml). switch_vlans: - {id: 99, name: "mgmt"} - {id: 10, name: "members"} switch_bridge_ports: - {interface: "ether1", pvid: 10, mode: access} - {interface: "ether2", pvid: 10, mode: access} - {interface: "sfp-sfpplus1", pvid: 1, mode: trunk, tagged_vlans: [99, 10]} # Firmware: pinned at the version already installed (no upgrade planned now). switch_firmware_target: "7.19.6" # switch_firmware_enabled: true # opt-in only when you actually want to upgrade