Vlans on Mikrotik environment

From MikroTik Wiki
Revision as of 03:55, 3 November 2011 by Jorgeamaral (talk | contribs)
Jump to: navigation, search

I will try to explain how to deal with vlans and qos on Mikrotik devices.

In switching technology, we have three modes of ports: Access, Trunk and Hybrid.

An access port should be used only with untagged packets. This kind of port is where you connect your PC to the switch.

An trunk port is capable of receiving and forwarding packets from multiple vlans. This one is to interconnect switchs.

An Hybrid port is a special mode that allow untagged and tagged packets on the same port. Imagine that you have a Voip desktop phone, you will connect your PC to the phone and the phone to the switch. We will have a vlan for voip and untagged data for the PC.

Vlan interfaces on Mikrotik devices should always be seen as "add tag on egress / remove tag from ingress".

Lets look at this network diagram:

Vlan-1.png

To be able to achieve this setup we need eth1 and eth2 as access-ports and eth5 as trunk port.

To config the vlans on the trunk port: 

/interface vlan add name=vlan-10 vlan-id=10 interface=ether5 disabled=no
/interface vlan add name=vlan-20 vlan-id=20 interface=ether5 disabled=no

To be able to forward the packets from access-ports to vlans we need bridges: 

/interface bridge add name=br-vlan10 disabled=no
/interface bridge add name=br-vlan20 disabled=no

Now just add the ports to the bridges: 

/interface bridge port add interface="vlan-10" bridge="br-vlan10" disabled=no
/interface bridge port add interface="ether1" bridge="br-vlan10" disabled=no
/interface bridge port add interface="vlan-20" bridge="br-vlan20" disabled=no
/interface bridge port add interface="ether2" bridge="br-vlan20" disabled=no

It's done, only hosts on the same network will be able to communicate.



And if we have another switch in the middle of the trunk?

Vlan-2.png

Configuration on SW1 and SW2 remains the same, on SW3 we need to: 

/interface bridge add name=br-trunk disabled=no
/interface bridge port add interface="ether3" bridge="br-trunk" disabled=no
/interface bridge port add interface="ether4" bridge="br-trunk" disabled=no

Interfaces eth3,eth4 are trunk ports and and only need to forward tagged packets. We do not need to do any tag add/remove, so there is no need to add vlans.

Retrieved from "https://wiki.mikrotik.com/index.php?title=Vlans_on_Mikrotik_environment&oldid=22374"