SWOS/CSS326-VLAN-Example: Difference between revisions

From MikroTik Wiki
Jump to navigation Jump to search
No edit summary
No edit summary
 
(3 intermediate revisions by the same user not shown)
Line 1: Line 1:
==CSS326-24G-2S+ Port Based VLAN==
{{Warning|This manual is moved to [[https://help.mikrotik.com/docs/pages/viewpage.action?pageId=76415036#CRS3xxandCSS32624G2S+seriesManual-VLANConfigurationExample https://help.mikrotik.com/docs/pages/viewpage.action?pageId=76415036#CRS3xxandCSS32624G2S+seriesManual-VLANConfigurationExample]]}}
 
 
{{ Note | These are basic VLAN configuration examples, in case you need more advanced options (e.g. ingress VLAN filtering, VLAN mirroring) then please refer to [[SwOS/CRS3xx#VLAN_and_VLANs | VLAN Manual ]] for a more detailed property description.}}


===VLAN Example #1 (Trunk and Access Ports)===
===VLAN Example #1 (Trunk and Access Ports)===
Line 25: Line 28:
[[File:vlane1_css326.png|alt=Alt text|Default VLAN ID for untagged traffic|center|frame]]
[[File:vlane1_css326.png|alt=Alt text|Default VLAN ID for untagged traffic|center|frame]]
<br/>
<br/>
2) In VLANs menu add VLAN entries and specify port membership to certain VLANs. Just like the previous example, add ports with untagged traffic (defined by <code>Default VLAN ID</code>) to certain VLAN (black arrows). Also, we need to add ports, which are allowed to forward tagged traffic.
2) In VLANs menu add VLAN entries and specify port membership to certain VLANs. Just like the previous example, add ports with untagged traffic (defined by Default VLAN ID) to certain VLAN (black arrows). Also, we need to add ports, which are allowed to forward tagged traffic.
[[File:Swos_vlan_example2.png|alt=Alt text|VLAN Membership|center|frame]]
[[File:Swos_vlan_example2.png|alt=Alt text|VLAN Membership|center|frame]]
<br/>
<br/>
3) At the end, enable strict VLAN filtering to ensure only allowed VLANs can pass through the ports. For hybrid ports to work properly, make sure <b>VLAN Receive</b> parameter is selected as <code>any</code>, otherwise ingress tagged or untagged traffic can be dropped (depending on selected option), but for the trunk port, it is possible to allow only packets with VLAN tag. To filter specific ingress VLAN traffic on hybrid ports, use [[SwOS/CSS326#ACL_Tab | ACL rules]].
3) At the end, enable strict VLAN filtering to ensure only allowed VLANs can pass through the ports. For hybrid ports to work properly, make sure VLAN Receive is selected as <code>any</code>, otherwise ingress tagged or untagged traffic can be dropped (depending on selected option), but for the trunk port, it is possible to allow only packets with VLAN tag. To filter specific ingress VLAN traffic on hybrid ports, use [[SwOS/CSS326#ACL_Tab | ACL rules]].
[[File:vlane3_css326.png|alt=Alt text|VLAN Filtering|center|frame]]
[[File:vlane3_css326.png|alt=Alt text|VLAN Filtering|center|frame]]
<br/>
<br/>

Latest revision as of 15:59, 21 July 2021



Note: These are basic VLAN configuration examples, in case you need more advanced options (e.g. ingress VLAN filtering, VLAN mirroring) then please refer to VLAN Manual for a more detailed property description.


VLAN Example #1 (Trunk and Access Ports)

Alt text
Example 1 Setup Diagram


1) In VLAN menu configure Default VLAN ID on planned access ports to assign untagged traffic to specific VLAN in the switch.

Alt text
Access Ports


2) In VLANs menu add VLAN entries and specify port membership to certain VLANs.

Alt text
VLAN Membership


3) At the end, enable strict VLAN filtering to ensure only allowed VLANs can pass through the ports.

Alt text
VLAN Filtering


VLAN Example #2 (Trunk and Hybrid Ports)

Alt text
Example 2 Setup Diagram


1) In VLAN menu configure Default VLAN ID on planned hybrid ports to assign untagged traffic to specific VLAN in the switch.

Alt text
Default VLAN ID for untagged traffic


2) In VLANs menu add VLAN entries and specify port membership to certain VLANs. Just like the previous example, add ports with untagged traffic (defined by Default VLAN ID) to certain VLAN (black arrows). Also, we need to add ports, which are allowed to forward tagged traffic.

Alt text
VLAN Membership


3) At the end, enable strict VLAN filtering to ensure only allowed VLANs can pass through the ports. For hybrid ports to work properly, make sure VLAN Receive is selected as any, otherwise ingress tagged or untagged traffic can be dropped (depending on selected option), but for the trunk port, it is possible to allow only packets with VLAN tag. To filter specific ingress VLAN traffic on hybrid ports, use ACL rules.

Alt text
VLAN Filtering