Mikrotik VLANs - CRS3XX Step by Step - Mikrotik Tutorial

Have you configure VLANs on Mikrotik devices? Which switch models have you used?

In 30 minutes, I understood more than after watching a bunch of hours of training videos. thank you

Where the heck has this been all of my life?! Seriously this has cleared up so many things about how to actually DO this on Mikrotik gear!

This is the clearest explanation of VLANS I have seen. Thank you for taking the time to do such a thorough job!

One of the best and clearest tutorials I saw at the Internet. I am system administrator of a network with a 500+ wired devices + 2000+ wireless devices. I have almost every mikrotik model in my network, from hap lite to a CRS317 (95 routers totally).
VLANS on mikrotik devices are a really pain in the ass, to say truth. So many different ways to configure on different devices, its just blows my head.

The best and most useful tutorial we are going to need for years to come !!!!

Just WOW! So simple explanation how to deal with Mikrotik VLANs, bridge and a specially adjusting inter-VLAN communication with firewall. EXCELLENT JOB! Thanks!

You are the greatest Mikrotik trainer I have come across in the past 15 years of using Mikrotik keep it up.

Needed a quick refresher. You were #1 rated video. Gave me what I needed, thank you!

After many hours of watching youtube videos and reading tutorials about VLAN's and bridges, this is the first video that I was able to follow and make it all work. Thank you for the clearness of the explanation and the right pace for it. Thank you!

this is the best Mikrotik VLan tutorial out there so far. Wish you would make more mikrotik video tutorials. Great stuff.

Excellent tutorial for Vlan setups using MikroTik equiptment. I have searched and watch many hours of tutorials on the subject from the web. I just couldn't get it but now because of your amazing video, I got it all working exactacly the way I want. I learned so much , thank you!!!

Great tutorial. The implementation of VLANs on Mikrotik have always confused me. this by far the clearest explanation I have found thus far.

I"m also a Cisco guy, and purchased the CRS328 series a few years back. This is a complete and excellent guide for configuring VLANS on the Mikrotik CRS3XX. I'm using Port aggregation as well, and if you can create another video about that, I'm sure others besides myself would be ecstatic. Thank you for the informative guide. Job well done!

I´ve watched this tutorial everytime I setup a CRS now, each times helps to fresh up my memmory! Thanks :)

Easily the best tutorial for configuring VLANs on Mikrotik switches. I wish I'd found this video weeks ago.

I looked for how to set up VLAN on Mikrotik devices, and this is in my opinion best guide ever. Explained step by step how to reach the goal.

Extremely useful, thank you so much for having shared this. I was searching around how to configure my Mikrotek (CRS-305) for several VLAN switch for hours and hours until I found your explanation... crystal clear. Now everything works as intended, solving a problem running for months. I followed your explanations, step by step et voila! If you want to play safe, detach the management interface (eth1 on CRS-305) from the bridge. After that, whatever mistake you do, you are not disconnected. Leave all 10G on the bridge.

Thank you taking the time to explain how the Mikrotik 300 series works been scratching my head now for couple days trying to grasp concepts around how this switch handles VLANS, been watching variety of different videos which doesn't on this particular switch thanks once again.

13:40 is a very important detail. Add the bridge itself to the management vlan. The lack of this step was driving me crazy as the switch was acting very erratic. Thanks for this video.

Sir, you have ended my search for the ultimate guide on how to configure my new RB4011 and CRS328 with VLANs!!!
Subscribed and looking forward to all new material - after I watch all your other videos.
Can't thank you enough.
Greetings from Oz.

Thanks, Mr. Wilmer Almazan you literally saved me my job. This video really helped me get my network up and running. I remember your 5 steps really well. Thanks alot.

Thanks for posting this; very useful for getting my head around a different vendor implementation. One gotcha I discovered - in case it's useful for others - is that at 13:24 if you add the bridge interface as untagged for the management vlan instead of tagged, the IP address you assign to the Interfaces/Vlan interface is not reachable and when you then turn on vlan-filtering on the bridge, you lose all access to the device and (unless you have a serial cable) have to factory reset it by holding down the reset button until the "user" light flashes while turning on the box.
If you assign an IP to a physical interface, it gives you a backup way to access it while you're testing this. You can remove it once you know the proper IP is accessible.

This is most useful knowledge that I was looking for, I wish I can like it 1000 times. Thank you so much for this content.❤

Your video is the most complete and accurate guide on this topic in youtube. I hope you publish more videos on related topics.

Thank you for your clear explanation about how MK works with inter-VLAN routing.

I just started watching and I really like your approach. You clearly stating what the plan is and doing it on the actual hardware.
Subscribed and hoping you have more content

Great explanation of VLANs I would like to see more!

Great and easy to follow and understand video on VLANs in the Mikrotik world.

Thank you for a fantastic guide! I would have given you 10 bucks for this video if I could.

Buen trabajo Wilmer, es un orgullo tener trainers hispanos que apuesten por el mercado inglés también. 👍👍🇵🇦

Best, amazing and only one Who taught something that really worked for what i need

Muchas gracias por el video.
Me salvó la tanda. NO sabía que había diferencia entre tener 1 o varios bridge, y tenía un uso de CPU de 100%.
Siguiendo estas instrucciones pasé a 20% de uso CPU.
Un tico por acá. Gracias mae!

Thanks for the great tutorial. It would be great to talk about loopback protection and other steps that are used in practice when configuring access switches.

Great work Wilmer! very clear explanation. Thank you very much!

This was totally amazing. I have watched many vlan videos and this was the best. One question, I am struggling with the concept of what a bridge is and why we need it.

thank thank you very much, it's a big advantage for us to know this technics about vlan, for future expansion of our network i will apply this method .....thank you very much and more power😊😊😊😊👍👍👍👍👍👍

Extending my thanks for explaining VLAN configurations this makes sense tried many other tutorials from youtube this one works the best everyone all other are complete jokes.

congratulations for the clarity of the toturial

this is it! straight to the point, thank you for your explanations. It works like a charm

Great job! Everything is very very clear now!

Just got here looking to properly understand VLANs the Mikrotik way, your channel is impressive! Do you have a video on how to configure VLANs in devices without a switch chip?

You are very proficient in your field.thank you for sharing.this helps a lot especially for people like me.

VERY elucidative and straightforward tutorial.

Just a quick point - if your device has a switch chip, you should be creating your VLANs there instead for full hardware speed. It is pretty easy to tell if you do, there is an extra menu item in the sidebar 'Switch', usually between 'PPP' and 'Mesh'.

best VLAN video on mikrotik

Sir, I must say that this is the best of the best tutorial of Mikrotik VLAN I have ever seen.
Using same scenario Could you please also let us know how we can assign an IP address to all the vlans on a CRS (not the management vlan) ?

the best video on youtube found so far!

What about the native vlan (untagged) on the trunk port? how do you pass it to the other untagged ports?

Thanks for the video, I finally understood how to properly configure management vlan.

Danke!

Best tutorial ever ! I shall add info on improvement with this config (since now been using separate bridges and vlan interfaces - but crs326-24s-2q+ made maximum 320 mbit/s throughput till 100% cpu) i need to achieve at least 0,9 gbit/s throughput via vian/1gbit/s sfp

Thank you so much for your tutorial. The BEST!!

Omg.. I think I got it 😅 best explanation on TH-cam

Hey All, I loved this guide, it was truly the best, but its missing some context. The issue they wasn't obvious is that he is using native VLAN 1 in his VLAN filtering. This caused me a huge issue. The default VLAN wasn't allowed on router where I had the CRS310 ethernet 1 port plugged into. VLAN1 is the default on the MikroTik and was causing the switch to respond on the management port only, but not allow communication to any other device. I noticed some of the VLAN IDs were excluded, but I ended up tagging my bridge port that was trunking VLANs to the PVID I needed.
Thank you Wilmer for your expertise, I wouldn't have had a clue where to start.

Thank you a lot! This video helped me to understand how make trunk ports from webfig/winbox on my crs310s.

Master or the universe!!! Very good explain

Nice presentation. What I cant get though is the 4 step at 14:53. Why to add management vlans and copnfigure Ips and Gateway, etc... since that has already be done on the router. Probably there lies my problem too. I have pfsense for router and Microtik for switch. After all the procedure done I can get the device to take an ip from the vlan's segment but it doesn t have access to the internet and can t ping it's gateway. Basically it does nothing else except from assigning an ip address to it.
PS Does anything (meaning services / protocls .. etc) needs to be disabled when someone is using a Microtik device as a switch only with RouterOS ?

Mr. Almazan, I know you turned on filtering for the two switches after configuring and testing. But what about the router, should it have it's filtering turned on or leave it off? Thank you, again for such a great step-by-step vlan tutorial using the MikroTiks GUI.

Thank you so much! Mikrotik is soooo hard and counter-intuitive compared to OpenWRT's "switch" table :)

Really easy to follow and good explanation of your process !1 Good work !! Love it !

Been playing a few hours today with a 4011 and a crs326. Got this working now. Now lets do all the other things :p
(Lots of hours this take to learn :)

Good work, good explanation. Thanks a lot.

So I have a NetGate 6100, that connect to the CRS 328 which is just acting as a Switch. Would I folllow the same step for the 326 Switch part for this to work ?
Thanks,

buenos días maestro , muchas gracias por la información avanzada y explicaciones respecto del uso de vlans en mikrotik, hace un tiempo se me presenta un problema con los crs 317 , que se enlazan entre si con trunk de fibra a 10Gb, en el mismo switch tengo modulos sfp de cobre de 10Gb y de 1 Gb , al funcionar enambos extremos con swos , presentan link paused interrumpiendo las conexiones, a que puede deberse este problema? existe alguna limitacion conocida respecto al buffer cuando se utilizan modulos de diferente tipo 10G y 1G? gracias

can we creat vlan in crs without router?

Perfect explanation.
But question, what would Ingress Filtering in the bridge interface do? Would it just improve security a bit more?

wow good and clear explanation, thanks sir

23:08 and isn't just a bridge enough?

It's a very good explanation and gives an excellent way to configure VLANs. I'm in the process of testing this in the case of a trunk (uplink or downlink from another switch) when there is a bonding interface of two ethernet ports. I hope this same schema works with bonding.

Great Video, thank you sir.
Was able to create 2 SSID's on mikrotik ap and assign vlan to both using same config as what you have shown in switch configuration. Much appreciated.

Gracias siempre tan preciso y profesional.

Superb stuff man thank you this is exactly what I needed

Hello, is it possible to have all the configuration on a single CRS device? without using a router?

Great video that explains the complete setup process. Do you have a video about configuring a RB2011 with the 2 switch chips, and connecting router to vlans and connecting the vlans between the 2 switch chips? I cannot find a good video on how properly configure with the switch chips, CPU for ip access and cross chip vlan communication.

I have a CCR connected to CRS. CRS is using ROS with bridge vlan enabled. I have src-nat and masqurade nat. But anything connected to the CRS can't route out to the internet. I have been struggle to figure out. I have a default route at the CRS to route GW of the CCR.
CCR /ip/firewall/nat
0 chain=srcnat action=src-nat to-addresses=64.186.130.4 src-address=10.158.100.0/28 out-interface=sfp-sfpplus4 log=yes log-prefix=""
1 chain=srcnat action=masquerade out-interface=sfp-sfpplus4 log=yes log-prefix=""
CCR /interface/vlan
0 R vlan10 1500 enabled 10 sfp-sfpplus1
CRS /interface/bridge/vlan
0 bridge1 10 bridge1 sfp-sfpplus12
sfp-sfpplus1 sfp-sfpplus13
sfp-sfpplus3
sfp-sfpplus7
sfp-sfpplus5
sfp-sfpplus9

I have a somewhat simple task, setup 3 ports on the same VLAN and be able to establish communication. I tried following your steps where I would need them but I cannot for the life of me get a ping to any device between the 3 ports. So if I have 3 PCs plugged in, they can't see each other. hmm..Basically setting up a failover for WAN connection, 2 firewalls and one modem(ISP).

Thank you very much. I needed it very much! Excellent explanation!

Hello, any chance you could do a tutorial on implementing CGNAT (or the closest way one can implement this) on Tin?

doing this live, it works, but when I try to do it in GNS3, it doesn't work. is it because the CHR deoesn't have a switch chip capability?

Good video - I have linked to this from one of my own Mikrotik videos.

Respect...You are good teacher ;)

Potentially dumb question. I have a CRS310 that I'm at least at first primarily using as a layer2 device with vlan functionality. It connects back to a Pfsense router that already has the vlans and IP address ranges defined and acts as the DHCP server. Question:
1. Do I still need to define IP address ranges and give the vlans IP addresses on the CRS switch?
2. In this type of setup would it still be most efficient to add all the switchports to one bridge then assign tagged and untagged interfaces for each vlan from there?

Great video! The best explanation I've seen!
I have a question. What do you use as a PC emulator?

So how can i use this on a wireless wire cube from mikrotik? Which interfaces should be included if i use it as a trunk?

Hola Wilmer, escelente informacion muchas gracias por compartir. quisiera preguntarte, si estoy usando el PVID=1 del Bridge como vlan de administracion desde un Router, el proceso de configuracion en el CRS1XX cambia algo??

So what I've been trying to set up is my RB5009 in ROS to work with VLANS in my CRS326 in SWOS. So is this not possible or just more complex than using ROS on my switch? I keep being told that its possible to do, but not finding anything that addresses things clear enough that I can get it going. Thank you in advance

Is it possible to run a router and a switch at the same time?

Excellent and well explained

no idea if you are going to see this, but breaking my head with vlans, i got the crs326-24-2s and i, usingthe typical bridge all ports and 1 dhcp, but itry to organized them in vlnas divided in servers, wifi and lan pcs, and i cant simply get them to work , non of them are getting ip form the servers... :(

This is no different from how I setup the hex router as solely a switch, except I use ingress filtering and frame type delineations on the bridge ports.

Great video, I followed your instructions with 2x CRS317 and set up MLAG, several VLANs and bonded interfaces. I ran into a problem, MTU greater than 1500 does not work, although I set MTU 9000 and L2MTU 10218 on all interfaces. Do you have any advice, since I have no more ideas?

Sorry but I am new to this can i configure 2 or more vlan to 1 port as we are running a voip system and pc from same port

Very well explained sir! I would like to request OSPF+Vlan.. hope to include this in your videos

Very useful video! Many thanx for uploading! :)

Great Guide, thank you!

Hola Wilmer, excelente tutorial, funciona perfectamente, solamente tuve un detalle al querer conectar dos switches (1 CRS328 y 1 CSS326) funcionan bien sobre puertos ethernet, pero no así en SFP+ (jumper, hay alguna configuración extra para poder hacer que funcionen sobre SFP+, saludos y gracias por los tutoriales que verdaderamente funcionan.

Amazing Tutorial love it

Great video, very helpful as new to Mikrotik ~ with if your tagging above MGT, but i also need a vlan tagged and untagged, does that additional vlan tag need to point to Bridge as well, obvious to the interface?

Great video!! tnx man! This video finaly clear up so much in my head :)