Mastering VLAN Configuration on MikroTik, Step-by-Step Guide
ฝัง
- เผยแพร่เมื่อ 2 มิ.ย. 2024
- Unlock the full potential of your network with our comprehensive guide on configuring VLANs on MikroTik routers and switches. Whether you're a networking professional, a small business owner, or a tech enthusiast looking to enhance your network's efficiency and security, this tutorial is tailored just for you.
In this video, we delve into the essentials of Virtual Local Area Networks (VLANs) and how they can segregate network traffic to improve performance and security. We'll walk you through the process, step by step, demonstrating how to configure VLANs on MikroTik routers and switches effectively. By the end of this tutorial, you'll be equipped with the knowledge to:
Understand the basics of VLANs and their importance in network management.
Set up inter-VLAN routing to facilitate communication between VLANs.
Implement best practices for network security and performance optimization.
What You'll Learn:
VLAN fundamentals and benefits
Configuring VLAN settings on MikroTik RouterOS
Essential tips for troubleshooting common VLAN configuration issues
Who This Video Is For:
Network administrators, IT professionals, and tech enthusiasts looking to enhance their networking skills, especially in VLAN configuration and optimization using MikroTik devices.
Don't forget to like, share, and subscribe for more in-depth tutorials and tips on network management and optimization. Have questions or want to share your experiences? Leave a comment below!
Chapters:
00:00 - Introduction
01:09 - MikroTik Documentation
03:50 - MikroTIk Block Diagrams
10:09 - Topology Overview
16:10 - VLAN Lab
Support the Channel:
⭐Become a Patreon: / thenetworkberg
⭐Become a TH-cam Member: / @thenetworkberg
Social Media:
🌏 / thenetworkberg
🌏 / bergnetwork
🌏 / the-network-berg-39451...
MTCRE Playlist:
• Free MTCRE RoSv6
MTCNA Playlist:
• Free MTCNA RoSv6
Thanks again for watching
Pinned for reference, please use :D!
MikroTik Documentation for VLANS:
help.mikrotik.com/docs/display/ROS/Basic+VLAN+switching
Switch Chip Features:
help.mikrotik.com/docs/display/ROS/Switch+Chip+Features#SwitchChipFeatures-Introduction
I spent two nights, essentially breaking my network, going in circles, trying to achieve something so simple in hindsight! I had such weird anomolies when doing this, for example ping absolutely fine to hosts, but no TCP sessions would stay established, later on 20 packets reply, 20 drop, etc etc. All because of the way I created the vlans on the bridges, which I tried two different ways according to docs I read. Painful, but I got there now thanks to this!
MikroTik definitely allows for the possibility of misconfiguration. Not totally sure why they allow you to configure things in certain ways which can break your setup. Glad to hear you got everything working!
Glad to see more videos from you on 'tik.
I watched the video with morning breakfast ☕
Doing it right now in front of my coffee while giving assistance to a customer 😂
This it the best video I've seen on demystifying the vlan setup on mikrotiks (and I'd watch a lot previously to get my head around it), as other have said the little tip on not applying pvid filtering until you're done the rest - seems obvious, but so easy to click and watch winbox / putty disappear :D - I've gotten into the habit of 'safe moding' first. Have shared with a colleague who's dipping their toe in with Mikrotik (so he's spared the pain of watching about a dozen conflicting videos and then still locking himself out - to be fair, he's got form for it, mainly with prod linux servers :D ). Also the block diagram bit was a great bit of advice. Thanks as always.
Indeed, finally, after watching dozens of videos that teach only the theory, but not really any actual practical aspects, I had my vlans set up across my MT Router and few other non MT switches and a unifi AP, in a matter of hours - which is my first time actually practically setting up vlans. Great stuff!!
Great explanation as always!
Just what I needed, thanks!
and as always,great explanation.thanks for giving this much of efforts.
Great content, nice and detailed.
It's great to have content like this where you talk about best practices, dos and don'ts.
Keep it coming
brilliant video understood exactly what you were doing. looking at getting a mikrotik network up and running I'm still using an edgerouter with an old hp switch and some ap's.
Great video, thank you!
Man, thank you so much. First Mikrotik device, RB951 and was struggling with the nuance of the Mikrotik way of doing things over 2 very late nights and got my basic config working thanks to this video in 30minutes!!. Subscribed.
Amazing video, practical example of how to set up really helps with understanding the whole concept!
Your small hint putting the bridge into bridge/vlan and don‘t add the software vlan into it in case of routing made my day. Never read this somewhere else. Thanks a lot
Yeah that can definitely catch some people out, myself included :P
I can't thank you enough for this video! I've been struggling with my configuration for almost a year, and you explained everything perfectly in this video.
Great to hear!
Very usefull thank !
That was a very nice, informative video. Thanks a lot for your efforts.
🙏 thanks, more and more pls...
awesome new looking 😊
VLAN neverending story :)
thank you
Hey, it'sThe Network Barry :)
Thank you for this.
I had set up my RB several years ago and had per-port VLANS. This method made trunking to a couple AP's and switches much 'cleaner'.
Yeah this definitely feels cleaner for setups like that, glad I could help :D!
thank you sir...
Very nice review........ glad to you see join the 2020's in terms of single bridge vlan filtering, for most routers and CRS3xxx series. The main difference between vlans between device acting as a switch or router (besides the obvious) is that the managment vlan is the only that needs to be identified AND the only one tagged with the bridge in /interface bridge vlan settings.
On a serious note, good to focus on AX3, a very common home device. However you have indirectly discovered your next video. Explaining why switches and the AX3, which dont have a classic marvel switch chip but something called PHYs.
These need to be discussed so we folks understand what they are doing under the hood ( clearly they must help the CPU in some capacity ). A comparison would be fantastic!!!
I believe if you create a bond interface with physical interfaces that belong to the same switch chip you will have a hardware offloaded bond and can be added to the bridge if needed. It is possible to create a bond interface with interfaces that belong to different switch chips then the that bond will be limited by the switch chip to CPU speed, the Mikrotik will let you do this without a warning so check the block diagrams for you use case.
thank you! one thing i was doing wrong, tagging the vlan as well as the bridge - it didnt show up as tagged with vlan filtering enabled; one more thing i learned is that i dont need software vlans (l3) if i dont plan to use dhcp or any other l3 service.
wow 1 of the best pretty forward hap3 ax6 mkstly bought equipment for home lab thank u, i hope i will be able to somewhat replicate & set this up
Awesome video! This helped me a lot, I was able to configure all the VLANs I wanted to on my RB3011 and CRS125-24G. I'm now running into the issue you mentioned @7:13. My CPU is hitting 100% downloading anything. Do you have any advice on how to implement this VLAN structure with a router that has multiple switch chips?
Missed your content
Shared to my connections on LinkedIn, not sure if that will help much - but hoping my techie connections will give it a bit of a boost. Just not a huge player in the UK enterprise space.
Very nice video. Can you do a bandwidth test to see if wirespeed is achieved? To see when is used switchchip and cpu. A wrong layout can decrease speed and bottlenecking.
Gothic 2, such a great game!
Definitely one of my favorite games ever, I still replay it every couple of years
thank you video tutorial, now it solve my confusion about mikrotik vlan. I have a question, how can i restrict access between vlans?
one question, do the ports need to be part of the bridge you are configuring the vlans on to work properly? Lets say you have 2 bridges, one has all the ports, one has none, can the second bridge affect vlan tagging of ports even though the ports its tagging do not reside within itself?
Great Video as always, one request we are not able to see your mouse cursor during recording, please enable it. so that we can see actually where you are clicking.
Thank you.. 😊👌
Nice, i will be doing this later when my expansion switch arrives. CRS326 of course.
Can you please help me confoguring VLAN's for my RB5009 to get it working with IP-TV?
I need to use a media splitter right now from my provider. Its a managed switch litteraly and has specific ports for TV and such..
There is VLAN config on that. My IP-TV box gets an ip of 10.x.x.x..
Did you test mlag on mikrotik switches? Is it working fine?
Hey you do a really great job, but why you don't show to work in the CLI ? The cli is you last hope when all other is broken and most of the ppl are really lost if they dont know to handle it.
Using a Hex POE. While this configuration "works", it is not clear that takes advantage of hardware offloading. Is this method running in software/cpu only on the HEX POE? The QCA8337 "Switch" configuration as suggested in the Mikrotik documents is not working for IP connectivity to the HEX POE (tried the vlan-header=leave-as-is per the footnote) Any advice?
Hi could you please do a wifi setup video especially with the new wifi packages.
Hello, will there be a future video about the hybrid port/hybrid vlan on Mikrotik with an example?
I can definitely do something like a Hybrid port video as well :)
Question:
Suppose I have RB5009 Series where port 1 = ISP1, port 2 = ISP2, port 3-5 = for Hotspot(10.0.0.1/24), port 6 = OLT pon1 (172.16.0.1/24), port 7 = OLT pon2, (172.16.0.1/24) then lastly port 8 = LAN (192.168.100.1/24).
Knowing that I assigned each port/interface with each assigned IPs for that setup. Then,
Do I still need to configure it in a VLAN setup or is it the same already with VLAN setup?
Please help. Thanks in advance.
It would've been good if you explained why the single bridge per ASIC method exists. I.e. rooted in the original Linux DSA and switchdev implementation. People who haven't worked with cumulus or whiteboxes with a Linux based OS, often think this is exclusive to MikroTik.
May i ask your sir , shoud i change the PVID on bridge to vlan100 in case that i want the change native vlan to 100 ?
Great video. Just what i needed. I just got that l009, and i am in full learning mode. would it be possible to make a video on creating firewall rules in this setup.. I'd like to separate the vlans by default but have them all have an internet connection (so devices can go to the internet but not to devices on other vlans). And maybe poke a hole for some servers.. (edit words vs. Dutch autocorrect..)
Funny you should mention it was busy recording just that today 😉
@@TheNetworkBerg haha, excellent, looking forward to it.
Posted it last night, feel free to pop to the the latest video on my channel and let me know if this helps you or if you are still having issues.
Why weren't VLAN settings used for the 3** series switch in this section?
/interface ethernet switch vlan
You say that Software defined VLANs are bind to the bridge, but what if you use VLANs on a bond? You bind those VLANs on the bond interface and not on the bridge. The bond interfaces go to the bridge. So what do you do if you are going to tag the ports in Bridge VLANs?
Oh man.. I just got my RB5009UG+S+ and my head is spinning with trying to figure out the VLAN setup. I will get it... but damn my head hurts right now.
What would happen if we changed the PVID on the bridge from 1 to 99, i.e. the PVID of the management vlan
my plan is 1G I replace Huawei HG8240T5 Gpon with LXT-010S-H from LEOX and I'm install it in to Mikrotik RB5009
from Mikrotik I setup Vlan10 and PPPoE for Internet and It's work and I got internet connection but I couldn't figure out how to configure Vlan30 for VoIP
are you experienced in taming scary monster living under /switch menu on crs1xx devices? (i'm not only talking about vlans)
Great video, I wonder if you could fork off this and offer a VLAN tutorial for dealing with double tagging. For example were ISP's have SVID and CVID's to deal with. Can you use this way of doing VLANS to add the CVID to the bridge VLAN rather than adding new CVID's as sub interfaces to a parent SVID interface?
Interesting concept, will have to test it out because honestly the way I've always been doing it is as a sub interface.
@@TheNetworkBergYes that's how I'm doing it, but I thought after watching your vid maybe there's a better way? I don't have a lab to test so will have to build one. Might be a fun experiment.
Sir how about multiple crs with failover using layer 3
❤
I have a problem with vlans...my queues are not working well ..mk cpu is freaking high
Why this is better solution?
I have created separate bridges for Server, Management, LAN etc. and on interfaces I have created vlan to each ports separately
Basically it boils down to throughput and hardware offloading. Multiple bridges may not support hardware offloading and traffic between the bridges will probably have to go through to the CPU to get processed. Depending on the model of your hardware this link to the CPU might be very small (Like 1Gb) and can easily impact performance like speed or cause packet loss. The other problem is that the CPU will have to deal with the forwarding and this can cause a spike in the CPU usage. If the CPU starts maxing out it can potentially cause the router to hang and will also provide a general negative experience. Perhaps your network isn't that big or you are using bigger routers and you just never really notice the impact on the CPU, it is strongly advised to use hardware offloading with a switch chip wherever possible for the best performance. Though there are also instances where traffic needs to pass to the CPU regardless and even having a switch chip will not improve your performance. This is why looking at the documentation is crucial in planning out your network.
@@TheNetworkBerg right now I'm using RB4011 without any disadvantages, but probably not full speed via the 2,5Gb/s connections to CPU, but You made my mind go crazy and probably I will change it after copy of configuration of course :)
VLAN on Mikrotiks makes me sad. What takes hours of planning, mapping and configuration on Mikrotik takes minutes on Cisco. Don’t get me wrong, I like Mikrotik and have more of them than Cisco in my environments for others reasons.
I do agree that MT has many potentional pitfalls when it comes to adding a VLAN and makes it feel unnecessarily harder.
Although there is one thing I remember well about Cisco and that is forgetting to use the "add" command when wanting to tag additional VLANs on a trunk, I think this has brought down more networks than it should have.
Don’t think you can expect much from them. The cost says it all. They are just not comparable at all. Everyone knows but mtik is actually fairly weak in their software, the “same OS for every of our product” starts to seem like a weakness. It seems glued and janky.
Suppose there is a router after the switch instead of a computer to receive the service via vlan interface, what will the configuration be like?
@@ImadShamsy
You need to configure the router accordingly to whatever your needs are, for example if the service now is internet already in a vlan that is there in a network I want to tap into it and do double natting then that can be done. It all depends on your total objective really, depending on what it is you can efficiently plan and know what devices to use or what to not.
Now just to remember when and when NOT L3 HW offload happens. I wish I didn't have to remember....so more expensive L3 switches it is for me even for homelab.
everything works, but with larger traffic of 1GB (10GB sfp links) my cpu is loaded at 100%
Strange, has yours ports been added to a VLAN filtered bridge? Have ran this same setup on 25Gb, 40Gb & 100Gb interfaces and I get full throughput without CPU bottle-necking.
@@TheNetworkBerg I checked it on 10 and 100 Gb cards but the result was the same on both. So I thought that I do some configuration mistake and I set everything up again and the result was the same - CPU 100%
Good idea for video if possible, filter rules on switch chip itself. What I noticed a lot, people are buying CRS devices and use them as routers... Mikrotik is confusing their customers with that naming scheme. As you said, CPU is limited and thus routing performance is bad...
Spend more time outlining the goal, preferably by drawing data paths, before making changes... you're going at a speed where only a network admin can follow you and those don't need this video.
When they integrate Ai there will be no network engineers.
Then we can all finally retire and take a break. Though in all seriousness this is the case for almost all industries.
i wish you'd redo this. make a plan first and stop bouncing all over the place. its so confusing to watch.
Messy video. Your previous videos on the topic are better.