SwOS/RB250-RB260-VLAN-Example

From MikroTik Wiki
Jump to navigation Jump to search

Note: These are basic VLAN configuration examples. In case a more detailed property description is needed, then please refer to VLAN Manual.


VLAN Example #1 (Trunk and Access Ports)

Alt text
Example 1 Setup Diagram


1) In VLAN menu configure Default VLAN ID on planned access ports to assign untagged traffic to specific VLAN in the switch.

Alt text
Default VLAN ID configuration for RB260 device


Alt text
Default VLAN ID configuration for RB250 device


2) In VLANs menu add VLAN entries and specify port membership to certain VLANs.

Alt text
VLAN Membership for RB260 device. Use always strip property for untagged ports and add if missing for tagged port. All other ports that are not members for this specific VLAN should be marked with a not a member property


Alt text
VLAN Membership for RB250 device


3) At the end, enable strict VLAN filtering to ensure only allowed VLANs can pass through the ports.

Alt text
VLAN Mode for RB260 device


Alt text
VLAN Mode and Egress VLAN Header options for RB250 device. Use always strip property for untagged ports and add if missing for tagged port. In order to successfully apply all VLAN related settings, a device reboot might be carried out


VLAN Example #2 (Trunk and Hybrid Ports)

Note: This configuration example only applies to RB260 device. Hybrid port configuration is not possible on RB250 device.


Alt text
Example 2 Setup Diagram


1) In VLAN menu configure Default VLAN ID on planned hybrid ports to assign untagged traffic to specific VLAN in the switch.

Alt text
Default VLAN ID for untagged traffic


2) In VLANs menu add VLAN entries and specify port membership to certain VLANs. Just like the previous example, an add if missing property is used for a trunk port and same for hybrid ports where tagged traffic forwarding is allowed. For untagged traffic (defined by Default VLAN ID) you need to use either leave as is or always strip property (black arrows).

Alt text
VLAN Membership


3) At the end, enable strict VLAN filtering to ensure only allowed VLANs can pass through the ports. For hybrid ports to work properly, make sure VLAN Receive is selected as any, otherwise ingress tagged or untagged traffic can be dropped (depending on selected option), but for the trunk port, it is possible to allow only packets with VLAN tag.

Alt text
VLAN Filtering