MikroTik CRS304-4XG-IN VCF 9.0 Configuration - UniFi Gateway Lite Compatible
Overview
This script configures a MikroTik CRS304-4XG-IN as a high-performance VLAN-aware 10GbE switch that integrates seamlessly with your existing UniFi Gateway Lite router configuration. Based on William Lam’s VCF 9.0 methodology, adapted for UniFi integration.
Network Architecture
Internet → UniFi Gateway Lite → MikroTik CRS304 → Lab Equipment
(Router/DHCP/FW) (10GbE VLAN Switch) (MS-A2s, NAS, etc)
Responsibilities
- UniFi Gateway Lite: Routing, DHCP, Firewall, Internet gateway
- MikroTik CRS304: High-performance VLAN-aware 10GbE switching
- ESXi Hosts: VLAN tagging on virtual switches
Current UniFi VLAN Configuration (Preserved)
| VLAN ID | Name | Subnet | DHCP Server | DHCP Range | Purpose |
|---|---|---|---|---|---|
| 1 | Default | 192.168.2.0/24 | Gateway Lite | 192.168.2.6-254 | Default network |
| 10 | Management | 192.168.10.0/24 | Gateway Lite | 192.168.10.100-254 | ESXi management |
| 20 | vMotion | 192.168.20.0/24 | None | - | VMware vMotion |
| 30 | vSAN | 192.168.30.0/24 | None | - | VMware vSAN storage |
| 40 | NSX-TEP | 192.168.40.0/24 | Gateway Lite | 192.168.40.10-100 | NSX tunnel endpoints |
| 50 | NSX-Edge-Uplink | 192.168.50.0/24 | Gateway Lite | 192.168.50.10-50 | NSX edge uplinks |
| 100 | TKG-Management | 192.168.100.0/24 | Gateway Lite | 192.168.100.50-200 | Tanzu management |
| 110 | TKG-Workload | 192.168.110.0/24 | Gateway Lite | 192.168.110.50-200 | Tanzu workloads |
| 200 | NUC-Management | 192.168.200.0/24 | Gateway Lite | 192.168.200.10-50 | NUC cluster mgmt |
Device Port Mapping
| Port | Device | Connection | Speed | VLAN Mode |
|---|---|---|---|---|
| ether1 | MS-A2 #1 | SFP+ + transceiver | 10GbE | Tagged (All VLANs) |
| ether2 | MS-A2 #2 | SFP+ + transceiver | 10GbE | Tagged (All VLANs) |
| ether3 | Mac Pro 2013 | Direct 10GbE | 10GbE | Tagged (All VLANs) |
| ether4 | Synology DS918+ | Direct 10GbE | 10GbE | Tagged (All VLANs) |
| ether5 | UniFi Switch 8-Port 60W | Trunk connection | 1GbE | Tagged (All VLANs) |
Prerequisites
Hardware Requirements
- MikroTik CRS304-4XG-IN
- RouterOS 7.19.6 (stable) or newer
- SFP+ to RJ45 transceivers (3x for MS-A2 machines)
- UniFi Switch 8-Port 60W (already configured)
- 10GbE capable devices
Network Requirements
- UniFi Gateway Lite configured with existing VLANs
- Available port on UniFi Switch 8-Port 60W for MikroTik uplink
- 10GbE devices ready for connection
Installation Guide
Step 1: Backup Current Configuration
# In RouterOS terminal (if accessible):
/export file=backup-before-unifi
# In UniFi Controller:
# Download site backup before making changes
# Download backup
scp admin@192.168.10.250:/backup-before-unifi.rsc ./
Step 2: Physical Connections
Connect MikroTik to UniFi Switch 8-Port 60W
UniFi Switch 8-Port 60W [Port 7] ←→ [ether5] MikroTik CRS304
Connect Lab Equipment to MikroTik
MS-A2 #1 [SFP+ with transceiver] ←→ [ether1] MikroTik CRS304
MS-A2 #2 [SFP+ with transceiver] ←→ [ether2] MikroTik CRS304
Mac Pro 2013 [10GbE port] ←→ [ether3] MikroTik CRS304
Synology DS918+ [E10G18-T1] ←→ [ether4] MikroTik CRS304
Step 3: Configure UniFi Gateway (If Needed)
Ensure the UniFi port connected to MikroTik is configured as:
- Profile: All (to carry all VLANs)
- VLAN: All networks enabled
- Port speed: 1Gbps
Step 4: Run MikroTik Configuration Script
# Connect to MikroTik (default: 192.168.10.250)
ssh admin@192.168.10.250
# Upload and run the script
/import file-name=mikrotik_vcf90_unifi_compatible.rsc
Step 5: Post-Installation Configuration
Set Admin Password
/user set admin password="YourStrongPasswordHere"
Find Management IP (Assigned by UniFi DHCP)
# Check DHCP client status
/ip dhcp-client print
# Look for interface "vlan10-unifi-mgmt"
# Note the assigned IP address
Access MikroTik via New Management IP
# Connect using IP assigned by UniFi DHCP
ssh admin@192.168.10.250
# or
# Winbox: 192.168.10.250:8291
Verification Commands
Check VLAN Configuration
# Verify bridge VLAN table
/interface bridge vlan print
# Check bridge ports
/interface bridge port print
# Monitor interface traffic
/interface monitor-traffic ether1,ether2,ether3,ether4,ether5
Test 10GbE Performance
# From ESXi host or 10GbE device
iperf3 -c [target-device-ip] -t 30
# Should achieve 8+ Gbps on 10GbE connections
Verify VLAN Connectivity
# From ESXi management network (VLAN 10)
ping 192.168.10.1 # UniFi Gateway
ping 192.168.10.250 # MikroTik management IP
# Test other VLANs as configured in ESXi
ESXi Configuration
Configure vSphere Standard Switch
- Create/Update vSwitch
- Add physical adapters connected to MikroTik
- Enable VLAN tagging
-
Configure Port Groups
Management Network → VLAN 10 vMotion Network → VLAN 20 vSAN Network → VLAN 30 NSX-TEP Network → VLAN 40 VM Network (Default) → VLAN 1 TKG Management → VLAN 100 - Create VMkernel Adapters
- Management: VLAN 10, Management traffic
- vMotion: VLAN 20, vMotion traffic
- vSAN: VLAN 30, vSAN traffic
##
/ip/firewall/filter/add chain=forward src-address=192.168.2.0/24 dst-address=172.30.0.0/24 action=accept
Troubleshooting
Common Issues
1. No 10GbE Link
# Check interface status
/interface ethernet print status
# Verify SFP+ transceivers
# Check cable connections
# Restart interface if needed
/interface ethernet set ether1 disabled=yes
/interface ethernet set ether1 disabled=no
2. VLAN Traffic Not Passing
# Verify bridge VLAN configuration
/interface bridge vlan print
# Check if all VLANs are properly tagged
# Ensure ESXi VLAN configuration matches
3. Can’t Access MikroTik Management
# Check DHCP client status
/ip dhcp-client print
# Verify UniFi DHCP is working on VLAN 10
# Check UniFi Gateway Lite configuration
4. Performance Issues
# Check for interface errors
/interface ethernet print stats
# Verify hardware offloading
/interface ethernet switch print
# Monitor CPU usage
/system resource print
Performance Optimization
Enable Hardware Offloading
# Should be enabled by script, verify:
/interface ethernet switch print
# l3-hw-offloading should be "yes"
Monitor Interface Statistics
# Real-time traffic monitoring
/interface monitor-traffic ether1,ether2 duration=30
# Check for errors or drops
/interface ethernet print stats-detail
Network Flow Examples
ESXi Management Access
ESXi Host → VLAN 10 tagged → MikroTik ether1 → MikroTik ether5 → UniFi Gateway → Internet
vSAN Traffic (High Performance)
MS-A2 #1 → VLAN 30 tagged → MikroTik 10GbE switching → VLAN 30 tagged → MS-A2 #2
Internet Access from VMs
VM → VLAN 1 → ESXi vSwitch → MikroTik → UniFi Gateway → Internet
Advanced Configuration
Adding New VLANs
- Add VLAN in UniFi Controller
- Create new network/VLAN
- Configure DHCP if needed
-
Add VLAN to MikroTik Bridge
# Example: Add VLAN 120 /interface bridge vlan add bridge=bridge-vcf vlan-ids=120 tagged=ether1,ether2,ether3,ether4,ether5,bridge-vcf - Configure ESXi Port Groups
- Add new port group with VLAN ID
- Assign to VMs as needed
Performance Monitoring
Continuous Monitoring
# Monitor all interfaces
/tool graphing interface add interface=ether1 store-on-disk=yes
/tool graphing interface add interface=ether2 store-on-disk=yes
/tool graphing interface add interface=ether3 store-on-disk=yes
/tool graphing interface add interface=ether4 store-on-disk=yes
SNMP Monitoring (Optional)
# Enable SNMP for monitoring tools
/snmp set enabled=yes
/snmp community add name=public
Benefits of This Setup
✅ Seamless Integration
- Works with existing UniFi configuration
- No duplicate DHCP or routing conflicts
- Maintains current network policies
✅ 10GbE Performance
- Full 10GbE speed between lab equipment
- Hardware-accelerated VLAN switching
- Jumbo frame support (9200 MTU)
✅ Simplified Management
- UniFi handles routing and internet access
- MikroTik focuses on high-performance switching
- Single point of DHCP/DNS configuration
✅ Future Scalability
- Easy to add more 10GbE devices
- VLAN configuration maintained in one place
- Clean upgrade path for network expansion
Support Resources
Documentation
- William Lam’s VCF Guide: VMware Cloud Foundation Lab Setup
- MikroTik RouterOS Manual: Bridge VLAN Filtering
- UniFi Documentation: VLAN Configuration
Community
- r/Ubiquiti: UniFi-specific discussions
- r/mikrotik: MikroTik configuration help
- r/homelab: General lab networking
Quick Reference
Management Access
# Find assigned management IP
/ip dhcp-client print
# Access methods (replace XXX with assigned IP)
Web: http://192.168.10.XXX
SSH: ssh admin@192.168.10.XXX
Winbox: 192.168.10.XXX:8291
Essential Commands
# Monitor 10GbE performance
/interface monitor-traffic ether1,ether2
# Check VLAN configuration
/interface bridge vlan print
# View system status
/system resource print
Network Summary
- Router: UniFi Gateway Lite (all routing/DHCP)
- Switch: MikroTik CRS304 (10GbE VLAN switching)
- Management: Via UniFi DHCP on VLAN 10
- Internet: Through UniFi Gateway NAT
Quick Start Summary
- Connect MikroTik ether5 to UniFi Gateway
- Run configuration script
- Set admin password
- Connect lab equipment to ether1-4
- Configure ESXi with existing VLAN IDs
- Test 10GbE performance
🎉 Your UniFi-integrated 10GbE VCF lab is ready!