Manual:Interface/VLAN

From MikroTik Wiki
Jump to: navigation, search
Version.png

Applies to RouterOS: 3, v4

Summary

Sub-menu: /interface vlan

Standards: IEEE 802.1Q


VLANs allow you to have multiple Virtual LANs on a single ethernet or wireless interface, giving the ability to segregate LANs efficiently. It supports up to 4095 VLAN interfaces, each with a unique VLAN ID, per ethernet device. VLAN priorites may also be used and manipulated. Many routers, including Cisco and Linux based, and many Layer 2 switches use VLAN to enable multiple independent, isolated networks to exist on the same physical network.

VLANs are simply a way of grouping a set of switch ports together so that they form a logical network, separate from any other such group. It may also be understood as breaking one physical switch into several independent parts. Within a single switch this is straightforward local configuration. When the VLAN extends over more than one switch, the inter-switch links have to become trunks, on which packets are tagged to indicate which VLAN they belong to.

You can use MikroTik RouterOS (as well as Cisco IOS, Linux and other router systems) to mark these packets as well as to accept and route marked ones.

As VLAN works on OSI Layer 2, it can be used just as any other network interface without any restrictions. VLAN successfully passes through regular Ethernet bridges.

You can also transport VLANs over wireless links and put multiple VLAN interfaces on a single wireless interface. Note that as VLAN is not a full tunnel protocol (i.e., it does not have additional fields to transport MAC addresses of sender and recipient), the same limitation applies to bridging over VLAN as to bridging plain wireless interfaces. In other words, while wireless clients may participate in VLANs put on wireless interfaces, it is not possible to have VLAN put on a wireless interface in station mode bridged with any other interface.

Properties

Property Description
arp (disabled | enabled | proxy-arp | reply-only; Default: enabled) Address Resolution Protocol mode
interface (name; Default: ) Name of physical interface on top of which VLAN will work
mtu (integer; Default: 1500) Layer3 Maximum transmission unit
name (string; Default: ) Interface name
vlan-id (integer: 4095; Default: 1) Virtual LAN identifier or tag that is used to distinguish VLANs. Must be equal for all computers that belong to the same VLAN.

Notes

MTU should be set to 1500 bytes as on Ethernet interfaces. But this may not work with some Ethernet cards that do not support receiving/transmitting of full size Ethernet packets with VLAN header added (1500 bytes data + 4 bytes VLAN header + 14 bytes Ethernet header). In this situation MTU 1496 can be used, but note that this will cause packet fragmentation if larger packets have to be sent over interface. At the same time remember that MTU 1496 may cause problems if path MTU discovery is not working properly between source and destination.

Setup examples