Mikrotik VLANs - CRS3XX Step by Step - Mikrotik Tutorial
ฝัง
- เผยแพร่เมื่อ 14 พ.ค. 2021
- Learn to configure VLANS on Mikrotik CSR3XX step by step.
The main VLAN setting is vlan-filtering which globally controls vlan-awareness and VLAN tag processing in the bridge.
#MikrotikTutorial #MikrotikVLANs #ConfigureVLANsMikrotik - วิทยาศาสตร์และเทคโนโลยี
Have you configure VLANs on Mikrotik devices? Which switch models have you used?
Do you provide consultant services?
@@carloscardoso8796 Hi Carlos, you can contact me from here: mikrotiktraining.ca/
Yes! I use CRS317, CRS305. I also use CCR2004, CCR1009 and RB760iGS (hex S). I also use some settings like Frame Types and Ingress Filtering. For blokcing the router the way it not route User Networks to Management VLAN it is possible to filter forward traffic going out through interface vlan-99, dropping it, and also add a rule to drop traffic incomming from interface that is not vlan-99 but is trying to go out via vlan-99? I think that whay if I forgot some user network, it will also work, is it right?
I used this config you teach on a mAP,RB433,RB2011 and a RB1200 (sort home network testlab) no firewall setup yet just want to get all under the belt first. Loved the vid helps alot
can you please make a follow up video enabling for ipv6 as well? thanks
In 30 minutes, I understood more than after watching a bunch of hours of training videos. thank you
Great to hear!
I have exactly the same. Simple explanation how to do it well!
This is the clearest explanation of VLANS I have seen. Thank you for taking the time to do such a thorough job!
This is the best
The best and most useful tutorial we are going to need for years to come !!!!
Glad it was helpful!
One of the best and clearest tutorials I saw at the Internet. I am system administrator of a network with a 500+ wired devices + 2000+ wireless devices. I have almost every mikrotik model in my network, from hap lite to a CRS317 (95 routers totally).
VLANS on mikrotik devices are a really pain in the ass, to say truth. So many different ways to configure on different devices, its just blows my head.
You are the greatest Mikrotik trainer I have come across in the past 15 years of using Mikrotik keep it up.
Needed a quick refresher. You were #1 rated video. Gave me what I needed, thank you!
Glad it was helpful!
Where the heck has this been all of my life?! Seriously this has cleared up so many things about how to actually DO this on Mikrotik gear!
Just WOW! So simple explanation how to deal with Mikrotik VLANs, bridge and a specially adjusting inter-VLAN communication with firewall. EXCELLENT JOB! Thanks!
this is the best Mikrotik VLan tutorial out there so far. Wish you would make more mikrotik video tutorials. Great stuff.
Thanks, more to come!
After many hours of watching youtube videos and reading tutorials about VLAN's and bridges, this is the first video that I was able to follow and make it all work. Thank you for the clearness of the explanation and the right pace for it. Thank you!
Thank you Jose!
I’m happy to hear that
I looked for how to set up VLAN on Mikrotik devices, and this is in my opinion best guide ever. Explained step by step how to reach the goal.
Great tutorial. The implementation of VLANs on Mikrotik have always confused me. this by far the clearest explanation I have found thus far.
Thanks
I"m also a Cisco guy, and purchased the CRS328 series a few years back. This is a complete and excellent guide for configuring VLANS on the Mikrotik CRS3XX. I'm using Port aggregation as well, and if you can create another video about that, I'm sure others besides myself would be ecstatic. Thank you for the informative guide. Job well done!
You're welcome! Thank you for the suggestion, I will add a video about port aggregation!
Easily the best tutorial for configuring VLANs on Mikrotik switches. I wish I'd found this video weeks ago.
Glad you enjoyed it!
I´ve watched this tutorial everytime I setup a CRS now, each times helps to fresh up my memmory! Thanks :)
Great to hear!
Great work Wilmer! very clear explanation. Thank you very much!
Thanks for the video, I finally understood how to properly configure management vlan.
this is it! straight to the point, thank you for your explanations. It works like a charm
Thank you!!
Great explanation of VLANs I would like to see more!
Hi Eric, more content coming soon
Great and easy to follow and understand video on VLANs in the Mikrotik world.
Glad it was helpful!
Your video is the most complete and accurate guide on this topic in youtube. I hope you publish more videos on related topics.
Thank you, I will
I just started watching and I really like your approach. You clearly stating what the plan is and doing it on the actual hardware.
Subscribed and hoping you have more content
Thank you for your clear explanation about how MK works with inter-VLAN routing.
Glad it was helpful!
Thanks for the great tutorial. It would be great to talk about loopback protection and other steps that are used in practice when configuring access switches.
Thanks, Mr. Wilmer Almazan you literally saved me my job. This video really helped me get my network up and running. I remember your 5 steps really well. Thanks alot.
Glad it helped
VERY elucidative and straightforward tutorial.
Thank you Alex!
Muchas gracias por el video.
Me salvó la tanda. NO sabía que había diferencia entre tener 1 o varios bridge, y tenía un uso de CPU de 100%.
Siguiendo estas instrucciones pasé a 20% de uso CPU.
Un tico por acá. Gracias mae!
Extremely useful, thank you so much for having shared this. I was searching around how to configure my Mikrotek (CRS-305) for several VLAN switch for hours and hours until I found your explanation... crystal clear. Now everything works as intended, solving a problem running for months. I followed your explanations, step by step et voila! If you want to play safe, detach the management interface (eth1 on CRS-305) from the bridge. After that, whatever mistake you do, you are not disconnected. Leave all 10G on the bridge.
Thank you!
Thank you so much for your tutorial. The BEST!!
Thank you taking the time to explain how the Mikrotik 300 series works been scratching my head now for couple days trying to grasp concepts around how this switch handles VLANS, been watching variety of different videos which doesn't on this particular switch thanks once again.
Glad to help!
Buen trabajo Wilmer, es un orgullo tener trainers hispanos que apuesten por el mercado inglés también. 👍👍🇵🇦
Muchas gracias, saludos, un placer
Thank you for this video!
dude, this was very usefull and helps me a lot ! i switch my lab from cisco to mikrotik and your video was really awesome and exactely what i needed to know. :)
Superb stuff man thank you this is exactly what I needed
Best tutorial ever ! I shall add info on improvement with this config (since now been using separate bridges and vlan interfaces - but crs326-24s-2q+ made maximum 320 mbit/s throughput till 100% cpu) i need to achieve at least 0,9 gbit/s throughput via vian/1gbit/s sfp
Great job! Everything is very very clear now!
Thanks! That’s great 😃
congratulations for the clarity of the toturial
Thank you, glad to hear that
crystal clear! thanks.
Sir, you have ended my search for the ultimate guide on how to configure my new RB4011 and CRS328 with VLANs!!!
Subscribed and looking forward to all new material - after I watch all your other videos.
Can't thank you enough.
Greetings from Oz.
Awesome, thank you!
I have the same setup, lets see if i can do it to :)
@@firefly2472 I wish I could say I have been totally successful.
To date, still don't have Vlans running.
Still get caught up with the Management Lan settings because all network items already have an IP and are all operational.
@@Dreamwoodinternational . Got them up and running... well kinda. Got everything on my desk to test, learn and do it again :)
@@firefly2472 Safest way to do it.
Good video - I have linked to this from one of my own Mikrotik videos.
Best, amazing and only one Who taught something that really worked for what i need
Thank you, I'm glad it helped!!
13:40 is a very important detail. Add the bridge itself to the management vlan. The lack of this step was driving me crazy as the switch was acting very erratic. Thanks for this video.
Great! That’s a critical step
wow good and clear explanation, thanks sir
Thank you very much. I needed it very much! Excellent explanation!
Great to hear!
de lo mejor q vi. Gracias
Muchas gracias por los videos! Muy buenos!
Really easy to follow and good explanation of your process !1 Good work !! Love it !
Thank you very much!
Great Guide, thank you!
Thank you
the best video on youtube found so far!
Glad you enjoyed it
Great video!! tnx man! This video finaly clear up so much in my head :)
best VLAN video on mikrotik
Thank you!
Excellent and well explained
Great Video, thank you sir.
Was able to create 2 SSID's on mikrotik ap and assign vlan to both using same config as what you have shown in switch configuration. Much appreciated.
Nice work!
You are very proficient in your field.thank you for sharing.this helps a lot especially for people like me.
Glad to help
Master or the universe!!! Very good explain
Wow, thanks!
Very useful video! Many thanx for uploading! :)
Thanks for posting this; very useful for getting my head around a different vendor implementation. One gotcha I discovered - in case it's useful for others - is that at 13:24 if you add the bridge interface as untagged for the management vlan instead of tagged, the IP address you assign to the Interfaces/Vlan interface is not reachable and when you then turn on vlan-filtering on the bridge, you lose all access to the device and (unless you have a serial cable) have to factory reset it by holding down the reset button until the "user" light flashes while turning on the box.
If you assign an IP to a physical interface, it gives you a backup way to access it while you're testing this. You can remove it once you know the proper IP is accessible.
You can still MAC telnet in that scenario: wiki.mikrotik.com/wiki/MAC_access
@@nicramtimzs6245 Thanks, that's really helpful to know. Looks like WinBox can connect similarly - as long as MAC Winbox Server hasn't been disabled.
Your scenario can work but you are missing a step. The same as settings an access port, if you set a port as untagged, you must also put a PVID on it. On the bridge itself, where you turn on VLAN Filtering, you can also set a PVID on the bridge itself.
Hi Gareth, thank you for your comment.
I've just checked the video but actually, the bridge is under the tagged section: th-cam.com/video/YLtGQAQ8iS0/w-d-xo.html
Completely agree with you about having one physical interface out of the bridge to avoid the risk of being locked out.
@@TheNetworkTrip Sorry, didn't mean it to sound like I was saying that you'd done it wrong, just that *I* missed that step and locked myself out.
Amazing Tutorial love it
Thanks
Excelente explicación, Muchas Gracias
Gracias Victor
Good work, good explanation. Thanks a lot.
Glad you liked it
Superb vid, thanks man!
Glad you liked it!
thank thank you very much, it's a big advantage for us to know this technics about vlan, for future expansion of our network i will apply this method .....thank you very much and more power😊😊😊😊👍👍👍👍👍👍
Thank you!
I just loved your way of explanation.. please do a lab on BGP Routing with multiple routing
Extending my thanks for explaining VLAN configurations this makes sense tried many other tutorials from youtube this one works the best everyone all other are complete jokes.
Glad it helped!
excelente video, gracias inge
Gracias, un placer
Great video, thanks! :)
Thank you!
Very good. Many thanks.
Thank you too!
Been playing a few hours today with a 4011 and a crs326. Got this working now. Now lets do all the other things :p
(Lots of hours this take to learn :)
Just got here looking to properly understand VLANs the Mikrotik way, your channel is impressive! Do you have a video on how to configure VLANs in devices without a switch chip?
It's a very good explanation and gives an excellent way to configure VLANs. I'm in the process of testing this in the case of a trunk (uplink or downlink from another switch) when there is a bonding interface of two ethernet ports. I hope this same schema works with bonding.
Hi Guillermo, you can apply the same approach. Good luck!
@@TheNetworkTrip I did the lab yesterday and worked just fine. I simply put the bonding interface in the bridge instead of the ethernet interfaces forming the bonding.
Thank you again for your explanation.
well done, this is great info and it has help. thanks and keep it up.
Thanks, will do!
I had turned the volume up to hear your voice and then about died of a heart attack at the end with the super loud logo roll.
Hello! I’m sorry about that. I will modify the video.
Awesome !
thank you for explaining, sir
Happy to help
Very useful video
This was totally amazing. I have watched many vlan videos and this was the best. One question, I am struggling with the concept of what a bridge is and why we need it.
Thanks!
The bridge interface itself is used to manage the switch (it provides access to the CPU).
Wow awesome lessons
Thank you!!
Hey All, I loved this guide, it was truly the best, but its missing some context. The issue they wasn't obvious is that he is using native VLAN 1 in his VLAN filtering. This caused me a huge issue. The default VLAN wasn't allowed on router where I had the CRS310 ethernet 1 port plugged into. VLAN1 is the default on the MikroTik and was causing the switch to respond on the management port only, but not allow communication to any other device. I noticed some of the VLAN IDs were excluded, but I ended up tagging my bridge port that was trunking VLANs to the PVID I needed.
Thank you Wilmer for your expertise, I wouldn't have had a clue where to start.
Respect...You are good teacher ;)
Thank you! 😃
Great lesson.
Thanks! 😃
Hola Wilmer, escelente informacion muchas gracias por compartir. quisiera preguntarte, si estoy usando el PVID=1 del Bridge como vlan de administracion desde un Router, el proceso de configuracion en el CRS1XX cambia algo??
Thank you so much! Mikrotik is soooo hard and counter-intuitive compared to OpenWRT's "switch" table :)
Happy to help!
sweet presentation
Thank you
Omg.. I think I got it 😅 best explanation on TH-cam
Great!
Thanks for the tutorial! May i ask how can i include the remaining ports of the router in a specific vlan?
Just a quick point - if your device has a switch chip, you should be creating your VLANs there instead for full hardware speed. It is pretty easy to tell if you do, there is an extra menu item in the sidebar 'Switch', usually between 'PPP' and 'Mesh'.
That’s correct. Most RBs have at least one switch chip, and we can use the switch menu as you mentioned before. Thank you!
Great video! The best explanation I've seen!
I have a question. What do you use as a PC emulator?
Qué modelo de laptop utilizas para virtualizar o que modelo recomendarías? Escritorio o laptop?
Cual recomiendas utilizar SwitchOS o RouterOS cuál consideras más estable?
En mi opinión RouterOS es más estable que SwitchOS.
Buen video 👌 buena idea hacer este tipo de tutoriales ya que Mikrotik se complica mucho para configurar vlan a diferencia de otros fabricantes.
U r the best, thx.
You're welcome!
Hola. Great tutorial ! I have a question, what do I have to do to send the same 3 VLANS by another router port?
Great explanation Sir, could you add a bit more example, if CCR port ether2 connect to other CRS-3, ether3 connect to RB2011(working as switch and cap)
Brilliant video, well done. Please may you do a Video on Capsman and Vlans, and another on Router Vlan configuration
Great suggestion!
Very good explaination video
Thanks a lot
Perfect explanation.
But question, what would Ingress Filtering in the bridge interface do? Would it just improve security a bit more?
Thank you for your great tutorial. Can you ping
from the Lan in to a Vlan? I can only ping from a Vlan.
Hi, great tutorial. I have one question - how you emulate CRS in GNS3 ? I know that we could use CHR with Qemu but didn`t find any info how to add CRS firmware.
Sir, I must say that this is the best of the best tutorial of Mikrotik VLAN I have ever seen.
Using same scenario Could you please also let us know how we can assign an IP address to all the vlans on a CRS (not the management vlan) ?
Thank you. If you want to perform routing, you can follow this tutorial:
th-cam.com/video/c2sAA6jMjCY/w-d-xo.html
very good video, keep it up.
Thank you Maxim
Hola Wilmer, excelente tutorial, funciona perfectamente, solamente tuve un detalle al querer conectar dos switches (1 CRS328 y 1 CSS326) funcionan bien sobre puertos ethernet, pero no así en SFP+ (jumper, hay alguna configuración extra para poder hacer que funcionen sobre SFP+, saludos y gracias por los tutoriales que verdaderamente funcionan.