SwOS/CSS106-VLAN-Example

From MikroTik Wiki
Revision as of 14:05, 12 June 2019 by EdgarsP (talk | contribs) (Created page with "{{ Note | These are basic VLAN configuration examples. In case a more detailed property description is needed, then please refer to VLAN Manual.}} ===V...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Note: These are basic VLAN configuration examples. In case a more detailed property description is needed, then please refer to VLAN Manual.


VLAN Example #1 (Trunk and Access Ports)

Alt text
Example 1 Setup Diagram


1) In VLAN menu configure Default VLAN ID on planned access ports to assign untagged traffic to specific VLAN in the switch.

Alt text
Default VLAN ID configuration


2) In VLANs menu add VLAN entries and specify port membership to certain VLANs.

Alt text
VLAN Membership. Use always strip property for untagged ports and add if missing for tagged port. All other ports that are not members for this specific VLAN should be marked with a not a member property


3) At the end, enable strict VLAN filtering to ensure only allowed VLANs can pass through the ports.

Alt text
VLAN Mode


VLAN Example #2 (Trunk and Hybrid Ports)

Alt text
Example 2 Setup Diagram


1) In VLAN menu configure Default VLAN ID on planned hybrid ports to assign untagged traffic to specific VLAN in the switch.

Alt text
Default VLAN ID for untagged traffic


2) In VLANs menu add VLAN entries and specify port membership to certain VLANs. Just like the previous example, an add if missing property is used for a trunk port and same for hybrid ports where tagged traffic forwarding is allowed. For untagged traffic (defined by Default VLAN ID) you need to use either leave as is or always strip property (black arrows).

Alt text
VLAN Membership


3) At the end, enable strict VLAN filtering to ensure only allowed VLANs can pass through the ports. For hybrid ports to work properly, make sure VLAN Receive is selected as any, otherwise ingress tagged or untagged traffic can be dropped (depending on selected option), but for the trunk port, it is possible to allow only packets with VLAN tag.

Alt text
VLAN Filtering