Virtual Architects Support Wiki

User Tools

Site Tools

You are here: start » networking » router » mikrotik_vlan
Trace: mikrotik_guest mikrotik_pppoe mikrotik_ap mikrotik_fw mikrotik_vlan
networking:router:mikrotik_vlan

This is an old revision of the document!

Table of Contents

MikroTik VLAN

Metro Ethernet Notes: http://www.experts-exchange.com/Hardware/Networking_Hardware/Routers/Q_23688899.html

Example with Wireless: http://mum.mikrotik.com/presentations/CZ09/VLAN-Workshop-Prague-final.pdf

Great examples with CoS: http://wiki.mikrotik.com/wiki/Vlans_on_Mikrotik_environment

  • VLAN = Broadcast Domain
  • VLAN interfaces on MikroTik devices are “add tag on egress / remove tag from ingress”
  • To be able to forward packets from access-ports to VLANs, we need bridges
  • Ethernet MTU will increase up to 1522 bytes because of the added tag
    • The normal Ethernet MTU is up to 1518 bytes

Switch Ports

  • Access
    • An access port should be used only with untagged packets.
    • This kind of port is used to connect PCs to the switch.
  • Trunk
    • A trunk port is capable of receiving and forwarding packets from multiple vlans.
    • This type of port is used to interconnect switches.
  • Hybrid
    • A hybrid port is a special mode that allow untagged and tagged packets on the same port.
    • For example, you have a VoIP desk phone and you connect your PC to the phone and the phone to the switch.
    • We will have a VLAN for VoIP and untagged data for the PC.

Create VLANs

  • Create VLAN sub-interfaces on physical interfaces
  • Bridge the sub-interfaces
    • To forward packets from access-ports to VLANs we need bridges
  • IP addresses are then configured on the respective bridges
  • Treat EoIP tunnel interfaces like physical interfaces
  • If you are not stripping tags, you don't need to configure the VLAN interfaces, at least on physicsal trunk ports
  1. Configure VLANs on trunk interface ports
    • /interface vlan add name=vlan-10 vlan-id=10 interface=ether5 disabled=no
  2. Create bridges for the VLANs
    • /interface bridge add name=br-vlan10 disabled=no
  3. Add access-ports to the bridges
    • /interface bridge port add interface="vlan-10" bridge="br-vlan10" disabled=no
/interface bridge port add interface="ether1" bridge="br-vlan10" disabled=no

VLAN Tagging

http://blog.butchevans.com/2010/02/to-tag-or-not-to-tag-that-is-the-question/

With Cisco Switch Trunk Ports

http://forum.mikrotik.com/viewtopic.php?t=24352

Simple Wireless Guest Network

http://networkingforintegrators.com/2012/12/mikrotik-basic-vlan-example/

VLANs Over OpenVPN Tunnel

http://berbagitulisan.com/?p=9

Per VLAN with PPTP

https://vanachterberg.org/2011/09/per-vlan-pptp-with-routeros-and-mikrotik/

networking/router/mikrotik_vlan.1392499636.txt.gz · Last modified: 2014/02/15 14:27 by gcooper

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki