Full MikroTik MTCRE - Introduction to VLANs on MikroTik. (Episode 1)
Vložit
- čas přidán 14. 06. 2024
- In this video, I'm going to introduce you to MikroTik's VLAN feature. VLANs are a great way to segment your network and keep your traffic segmented. I'll also show you how to create and manage VLANs on a MikroTik router.
This video is a quick introduction to VLANs on a MikroTik router, designed for those new to the topic. I'll go over the basics, including what VLANs are and how they can be valuable for network security. After watching this video, you'll have a good understanding of how to use VLANs on a MikroTik router, and be able to keep your network running smoothly!
Timestamps:
📕00:00 - Introduction
📕00:52 - VLAN overview
📕08:21 - Software VLAN
📕14:08 - Bridged VLAN
📕19:28 - Tag/Untag using Bridge
Support the Channel:
⭐Become a Patreon: / thenetworkberg
⭐Become a CZcams Member: / @thenetworkberg
Social Media:
🌏 thenetworkberg.com
🌏 / thenetworkberg
🌏 / bergnetwork
🌏 / the-network-berg-39451...
MTCRE Playlist:
• Free MTCRE RoSv6
MTCNA Playlist:
• Free MTCNA RoSv6
Credits:
Intro Gameplay Footage:
Cyberpunk 2077
Thumbnail: Created on Canva
Intro: Created on Canva
Intro & Outro Music by Alumo
Songs used:
Dioitic
Outland 85
Thanks again for watching
VLAN Documentation / References:
VLAN Interfaces:
wiki.mikrotik.com/wiki/Manual:Interface/VLAN
Bridge VLAN Table:
wiki.mikrotik.com/wiki/Manual:Bridge_VLAN_Table
Switch Chip:
wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features
Hardware Offloading:
wiki.mikrotik.com/wiki/Manual:Interface/Bridge#Bridge_Hardware_Offloading
help.mikrotik.com/docs/display/ROS/L3+Hardware+Offloading
This is by far the cleanest and most comprehensive explanation I've found. By a lot. I've lost track of how many times I've read through pcunite's guide and all MT's documentation. None of it has managed to hit on the methodology in an effective way. This, sir, is glorious. Thank you.
Thank you so much for nice comment, and thanks for watching the video!
I was just want write same comment. At last I fully understand vlans on mikrotik. Thank you
Indeed
Thank you for this. New to the mikrotik ecosystem. Your videos have been incredibly helpful
awesome video, very few guys understand how this works, very well explained here!
Man, gotta say. Thank you for your content. it rocks.
Thank you for the explaination, I'm new to Mikrotik and this video has been really helpful
This was awesome, I needed a simple way to do the vlans based on Cisco's concept. The last method was easy and clean. Thanks.
Excellent video, your teaching skills are superb, can't wait for another video.
Thank you very much!
Your explanations are much better than most written online resources and easier to understand than Mikrotik's own documentation. Thanks for these videos!
Glad it was helpful!
Thank you again. Your vids are one of a kind. Appreciate the help. Looking forward to the next
Glad you like them!
This is absolutely incredible explanation and training material! Thank you for taking the time to go and create this material.
The best explanation I have seen. Thank you
Wow, thanks!
Thank you very much!
Mikrotik docs are very hard to understand especially when using winbox. I have been trying to set up VLANs on my Mikrotik Router for hours. But everything works out great now :).
That is a great resource ! This will help with my homelab setup.
2:12 - "... and what 80102.q allows you to do ..." :D Yeah, sometimes standards are a mouthful. :) Cheers, brother, I adore your channel!!!
Hahaha they definitely can be, especially if you are a bit dyslexic.
Great video, thanks! Wait for a video with vlan on one bridge with all of mikrotik interfaces. Thanks a lot, it's very helpfull
Very complete explanation! Thanks.
My friend, you're the best!
Great Video, thanks man, you are a genius on Mikrotik.
Hi brother, salute off Kazakhstan
Thanks so much for your Video. I have trouble to install VLANs on my Network with the Microtik Router OS. Put now everything works fine.😅
As always, the way you explain about topic is awesome, i like that you break whole video into different sets and third set was most difficult to understand cause i am at learning stage, better if you can provide an identity to router which can be visible in winbox window while you are doing configuration on it. so that we can understand on which router we are currently working.
i would like to thank you for making such a informative and wonderful videos which makes learning a fun. Thank you.
You picked up words of my mouth.
I'm subbing on Patreon. This in incredible and I can't wait for the rest of the videos
Thank you very much David, it is definitely not expected but I do appreciate it very much!
just found your channel and went over your VLAN and bridging videos on mikrotik as a refresher, very awesome material!! good pace and easily digestible, thank you for creating this content! If I can request a video suggestion for the future on how to create a span port, have searched high and low for this topic and to no avail. Am basically attempting to practice auditing my own home network traffic via a pcap capture but having trouble trying to learn how start with configuring simple span port/interface etc. Cheers!
Thank you for the kind words, I do not currently have a video covering port spanning/mirroring but I will definitely consider it. I have thought about creating a video series covering more layer 2 concepts and reached out to my community on CZcams regarding it. I am just waiting to see if someone is willing to provide me with a couple of switches to better demonstrate things, but if not I may just use some small routeboards for the demonstrations as well :)
Respect to your good work, thanks a lot
Much appreciated!
YOU ARE THE MAN!!! THE WHOLE DAY TODAY IVE BEEN TRYING TO FIGURE OUT HOW TO DO INTERVLAN IN MIKROTIK!!! SINCE IM USED TO CISCO. BUT BOY YOU MAKE ME REALIZED AND LEARN SOMETHING TODAY@!!! THANKS MAN1
thanks for this. and I'd recognize Night City anywhere, lol.
It's great video. Thank you.
Great video. Had to slow it down for the 'third' way you covered. Still seems like the MT way way of doing things on layer two is overly complicated. But you do a great job of explaining it.
Thanks you for the kind words, yeah I agree MikroTik is definitely something different when it comes to L2 networking. I've seen many people on Reddit or Facebook groups generally asking about VLANs because it seems to be the most confusing subject regarding MikroTik.
My videos covering VLANs are also the most viewed on my channel so it's definitely something a lot of people look into that they feel they need help with.
This is very smart publicity work by Mikrotik. These are exceptionally powerful pieces of equipment. But their native manuals and documentation fail catastrophically to convey this in terms of making them accessible to people like myself with only a very basic level of understanding, but who want to dive deeper with out spending thousands on training courses.
What that translates to for Mikrotik is more sales - much more. Because content like this opens the door for so many people into just how powerful this equipment is. I'm using a Routerboard 1100 in my house and am only now just dipping my toes into the water of what it is capable of (I bought it over 3 years ago). But even with the small amount I already know, I wouldn't use anything else.
This is not done by MikroTik, they are not endorsing me in any manner and have never reached out to me for any sort of publicity. This is my own personal project where I wanted to make information like this more accessible to everyone in the community. I will take this as a compliment though ^^ And feel free to leave any suggestions or comment on the work that I have done.
@@TheNetworkBerg Well in that case good on you. Shame Mikrotik still haven't woken up to this. Even when I wrote that I was thinking it was a bit of a shock to see them finally doing this - something they should have been doing for some time.
Huge thanks for the shared knowledge. I enjoy watching the channel. Can you tell, please which environment is used for the simulation?
Thank You, for explanations can you please create same scenario for Native VLANs on MikroTik.
Thanks dude
This video is really helpful, thank you. How would one use the untag feature for a CAP assigned to a particular datapath?
Great job! Thanks.
What network drawing tool do you use?
Love IT!
Thank you for this video. Can you also make video about multiple VLANs over EoIP, please?
Thanks man
New to Mikrotik and your videos have been so very helpful. Either I am not catching it or I simply can't find a video to explain how to handle the following. zt1, Ether1 - WAN, Ether3-hybrid 'trunk' to switch (VLANS untagged(1), tagged 10, tagged 20, tagged 30). Do you need to bridge this and use pvid to change the default untagged to a VLAN for any reason to allow LAN traffic to the zertotier? maybe a diagram might make this easier than text :)
waiting for your next content 😤
Busy working on it :D!
good job😎
Thanks!
You're welcome! Thank you for supporting the channel ^^!
Thank You, for explaining this in different ways. I have a question - is there a way to setup multiple vlans on single port(in Mikrotik2) and then statically assign IP adresses for next host(Mikrotik4 or Mikrotik5) from whichever vlan IP pool? For example: Mikrotik1(eth1 trunk, both vlan=10,20) Mikrotik2 (eth2 trunk, both vlan=10,20) --> Mikrotik2 (eth3 access, PVID=10) --> default vlan for device from eth3 will be vlan10, but with possibility to join vlan20 subnet(statically assign IP?). Essentially multiple vlans on single port from next device(managable switch) after initial router.
Great guide thank you! 6:35 if I implement capsman local forwarding in a network with vlans, the vlan configuration on the AP must be on the cpu (bridge) instead of the switch chip. Is this correct?
awesome..
19:30 For R1, usually I just create a bridge, add ether2 and ether3 to that bridge, then add the VLAN interface to the bridge. Much more simple than adding multiple VLAN interface to specific port then bridging vlan interface. You have 2 interfaces, let say you have 8...
That's basically what I did with mine since all the ports are attached to the bridge.
Plus having 2 bridges you end up not being able to use hardware offloading on one bridge, at least on my device.
Thank you !!! Really well done. Unfortunately, the third method, which seems the best, I can't follow it.
The second method works perfectly but I would like, of course :D, to try the third one.
Great video and excellent explanation!! Could you also cover setting up VLAN's with only one bridge and not having them separately for each VLAN? Tx
Thank you for the kind words, I believe my third scenario illustrates how to setup a single bridge with multiple VLANs over it. Although I take it you are talking about creating multiple VLAN interface and just adding the interfaces to the same bridge like on the second scenario. That's definitely another viable option, similar to how you can create a VLAN interface and instead of binding it to a physical interface you bind it to the bridge and then any ports within the bridge will be tagged for all the VLANs inside of it.
It's just kind of more ways how to accomplish the same thing on with different steps. I am still amazed at how many different and new ways that I wasn't even aware of before this video that you can also use to configure VLANs. Maybe MikroTik needs to revise how VLANs can be configured on their devices and standardize it to a single format for people to more easily understand and absorb. Although that might also take away some of the awesome custom solutions people come up with by using these different and unique ways of configuration.
@@TheNetworkBerg You definitely should've pointed out that the 3rd way is the optimal way of doing VLANs because it's the only way of preserving hardware offloading across all VLANs on devices with switch chip. It works for both switching CRS series and routing RB/CCR series of devices, obviously if said device has a switch chip, but even if it doesn't.
@@Soda88 I think what I want to make clear in the next video is that the scope of how VLANs are being covered in the MTCRE is not quite in the same light as what many people's expectations are. Which is to implement VLANs on their LAN/DC networks on a switching layer. The MTCRE focuses more on using VLANs as a way of extending the network and routing traffic between devices.
To optimally understand VLANs and many L2 concepts like port mirroring, STP, etc I would suggest looking at the MTCSWE certification which focuses more on the aspect of using MikroTik for switching purposes.
My ultimate goal after the next video is for a user to be able to add a VLAN on a Routerboard/CCR/CHR/x86 device to span a L2 service from an edge to a CPE to deliver IP services and route traffic.
@@Soda88 aha ! so 3rd way to preserve the hardware offloading, that was my question after watching this incredibly well explained material!
Hi Thank you so much for the information you share. Great job. Very interesting, but do you also have videos on how to create a VLAN with a router/switch that has 2 switch chips. And the app eve that u use, is this an app specific for mikrotik virtual environment. for a test environment.
Hello.
Very interesting video.
Do you plan to elaborate a lab in EVENG, where you integrate Fortinet with Mikrotik in an Inter VLAN Routing environment, using both brands?
Regards.
Thank you for sharing your knowledge.
I am new to VLAN; I have just on router, and one switch, I wish to configure 5VLANS on 5ports on the router, and then connect the same ports to my switch where APs can pick the IPs and broadcast to it's devices.
Please help me
hi thanks for the info but do you also have examples that are configured on one router.I want to create a separate network for my smart home products
if i have a mikrotik router board, the trunks you talk about going to device 2,4,5 or can these all these be virtualized by the main router board or are these other physical devices?
Next time you do lab please change default names of routers to avoid confusion, and thank you for sharing your knowlage
I totally agree and this was a whoopsie from my side ^^
i am happy that i found this chanell, am still learning mtcna but am sure this mtcre videos will be my guide after classroom. whenever i want to further my studies. hi sir, do you think it a good idea to dive into mtcre right after mtcna?
Yes it is perfectly fine to go for the RE directly afterwards
Thanks for the explenation and video.
Why dont you use vlan filtering on the bridge?
You can only have one bridge with hw-offload.
Kind regards
Thank you for the kind words. I think my third example currently illustrates this where I have configured a single bridge with VLAN10/VLAN20 being done at a Layer 2 level on MikroTik 2 and MikroTik 3.
If I have a MikroTik CRS 328 and it connect to a Netgate 6100. Do I use a Bridge on the Switch or just setup vlan? Any help would be great. I am using the 1GE Wan for ISP and than the 10GE SFP for the Uplink port.
The way I've created vlans (vlans for the router side, not Switch side) across multiple downlink/trunk interfaces is make a single bridge, add all the ports I want as trunks and create the VLANs on the bridge interface. First time I've seen it done that way (example 3).
I'm assuming the way I do it is fine as well? Something I've learned in my time with mikrotik, you can make just about anything work that you want. The skill with mikrotik is making it work efficiently. Problem is, sometimes it's hard to tell if the way you did something is actually efficient or not. LOL the things I Set up and work fine in my lab may not necessarily work in an enterprise setting with 1000's of devices requesting dhcp and dns, etc.
your awesome
Hi could you do a video about wifi setup especially with new wifi packages.
I am having issue with which method to use, i tried the bridge method without vlan filtering i can only communicate with some vlan and not other. I trying to add trunking to my exsi server
Sir when are going to integrate cisco switches with mikrotik for inter vlans with redius server?
man i have a question: 16:21 , how did you manage set dhcp-server on slave interface ? Because LAN is included LAN-BR-VL10 bridge. When i tried to do that, mikrotik gave error " Interface is slave"
First of all thanks for the video!
Maybe a stupid question but isn't it a Best Practice to have only one bridge on Switches with a Switch Chip (eg.CRS3XX) in order to use hardware offloading?
Most probably, which is sort of what the third scenario in the video covers. I am also covering the MTCRE which treats VLANs a bit in a different light as we use it as a means for extending networks and spanning L2/L3 services while working on RouterBoards/CCRs/CHRs/x86's etc
If you want to get more into best practices for how to configure a MikroTik as a switch on platforms like the CRS and implementing this in a LAN or DC then there is a completely different track covering that which is called the MTCSWE (MikroTik Certified Switching Engineer)
Do you have test romon or speedtest over vlans?
Nice content, We are just starting with VLANs in our school, as our flat network is not working with 4000 thousand IP addresses. If I may ask, what is the best way to use our Mikrotik CCR2004-16G-2S+ hardware or software vlans?
I'm still trying to wrap my head around the whole VLAN network setup.
For a school network or general campus/dc setups I would highly suggest using the single bridge method. This is considered "The correct way" this documentation on MT's site really helped me get a better understanding of the setup:
help.mikrotik.com/docs/display/ROS/CRS3xx%2C+CRS5xx%2C+CCR2116%2C+CCR2216+switch+chip+features
Bra, het iemand al gese jy lyk soos die dude van Linus Tech Tips haha, nice.
Hahahaaha dankie! Nee dit is 'n eerste :P!
btw, very clear explanation.. thankss... btw, what app are you using for the presentation? (the clickable diagram)
cheers..
Thank you! I am using a network emulator, which is called EVE-NG. It allows you to add virtual equipment like CHRs to add into topologies and configure equipment. Which is awesome because this is REAL equipment on a virtual level so you get hands on experience without having to buy a physical MikroTik or even other devices.
@@TheNetworkBerg Just About to ask the same thing abt ths. thanx
watched edgerunners and wanted to watch vlan stuff to get it off my mind lmao. saw the intro and everything flashed back
Sorry fabi, this is a netrunner channel 😁
This Mikrotik Cloud Router Switch is really confusing when it comes to VLAN's when you are use to real switches like Cisco and Alcatel-Lucent. Do you have a video where you actually configure a Mikrotik switch where you configure an access VLAN and then tagging for example on the Voice VLAN or even LLDP for Voice. I do not know what is the best way on doing this on the Mikrotik for all ports
Hey ,sir can you help I have the question regarding accessing mikrotik to mikrotik through Mac address on a different broadcast domain How can I do that
Great video!!! One QQ- At around 8:15 you said that most people wouldn’t need to know how to configure VLANs directly on the switch chip. I think you are implying that much of the new hardware is doing this on the bridge. But I have found that you still need to understand this legacy VLAN configuration for wireless (CAPsMAN) because of switch chip in the hAPs and cAPs… please confirm if time permits.
Correct, most of the new hardware with the "Bridge" method with HW Offload and specifying /interface bridge ports is essentially telling the router to use the switch chip for which VLANs and which ports.
This video is aimed at the MTCRE certification, and how to use VLANs on MikroTik routers. I really cannot comment on CAPsMAN or MikroTik APs as I do not use it or these devices. Perhaps in the future I will get a few APs and configure CAPsMAN to see if there is some reliance on setting tags up directly on the switch chip.
Thank you for clearing these up!
I set up the similar setting like this (with Mikrotik1 and Mikrotik2)
Question: why my laptop (under Mikrotik2) on VLAN10, still can ping other device on VLAN20? Should the VLAN can not ping each other?
Any hints? Thank you
(I'm using the 'Bridged VLAN' method)
i have a same question about this
If you have a L3 device configured with both vlans in the same routing table they will be able to communicate. You need to add Firewall Forward rules to restrict traffic between the VLANs
@@TheNetworkBerg Ah okay. So by default the 'Mikrotik1' (who assign IP address using DHCP, to both VLAN) allow it to be communicating each other.
So I have to add the Firewall Forward rules in the the 'Mikrotik1'.
Am I right?
Thank you
Hello
We have configured our Mikrotik router as a hotspot, connected through Cisco switches, and then connected from the switch to Cisco APs, the problem is just that when connected to the PC through the wireless after 10 minutes or less not work wireless but working Android no problem just the problem is PCs maybe the issue is NAT or filter rules
Thank you for the video, one thing though, If I do separate bridges for each VLAN on the main router, won't that mean that it wont have harware offloading turned off?
Yes, adding multiple bridges will have that type of impact and performance will be degraded. Adding a single bridge and doing your tagging/untagged on that bridge would be the best solution for hardware offloading and the best performance.
@@TheNetworkBerg I appreciate your reply, I tried doing it with a single bridge, but because these are slave interfaces I keep getting dhcp server cannot be set on slave interface message.
I love that mikrotik has several ways of doing the same thing, but it is sometimes very confusing as well :)
Hello. Which version of MikroTik OS and file type did you use to get 10 interfaces? Each CHR I download only gives me 4 interfaces. Thank you for your uploads. That have been helping me extensively!
Hi there, depending on what emulator you use, you can add additional interfaces on the emulator itself. With EVE-NG when you import the nodes the default is set to 4 interfaces. You can change this to something different. I tend to either do 10, 12 or 24 interfaces.
@@TheNetworkBerg, Thank you so much! I am glad it was something simple to change in the import.
Hi Network Berg, how come I am seeing packets tagged with simply adding the vlans on a interface? Is there any actual need for bridging? Thanks for these awesome videos.
When you use the bridge method and you add /interface bridge ports the configuration is actually injected into the Switch chip to handle hardware offloading and achieving higher speeds as this could potentially work at wire speeds. It's definitely not a requirement though. Especially if you want to do stuff like firewalling with your VLANs as that traffic will then need to be handled by the CPU regardless. So it sort of depends on your requirements and what you want to do with the VLANs
@@TheNetworkBerg thanks for the clear explanation!
If you use hardware, in most cases, it is better to use only one bridge interface. All actions like tagging, untagging interface creating are happening in that one bridge, tagging/untagging can be different, based on model and its switch chip features, but idea stays the same.
PS: Great video, learned a lot from you and I hope to see ZT video on ROS.
Thank you for the comment and I agree with you if you are just going to be doing basic switching behind the MikroTik to a LAN/DMZ network.
I actually covered ZeroTier back in December, it was one of my most viewed videos at the time. You can catch that video here:
czcams.com/video/eFI59jJ2MM8/video.html
Although the video was made during v7 Beta the principles are still exactly the same, only bad thing is that ZT on MikroTik is a bit outdated :C
@@TheNetworkBerg Tnx, ill have a look.
Hello
I am interested in configuring a voice vlan and a data vlan for a voip phone
can you help me?
may i know what is the application name that u use to draw the network diagram? very clearly and beautiful, thank u.
It is called EVE-NG a network emulator
Great content, is there a way to do the exam remotely?
As far as I know you still need to go to a trainer for your initial certification, however, I have read and heard about people who recertify are able to arrange to do that remotely with their trainer. I would check up on the MikroTik forums regarding this.
Hi friend-i have ccr1036-8G-2S+ and on my router add 1 vlan with dhcp + 2 bounding which added to this bridge and on this network i have 1400 host.Uplink vlan i add to bridge and in this bridge add my uplink SFP+1.Then have 2 vlan which interface is SFP+2 and on this port i have 1000 host.In the evenings after 21:00 when all hosts is online,my router CPU up to 100%.What i do mistake? can i send screenshot to you mail ?i dont add tagged untagged on vlans and dont use vlan filtering..Thank you
how you think,if after router i put Cisco 3750x or cisco 4948 and trunk all vlans to swich and delete bridges,then cpu use can down to 40-60 ?i now bridge use from cpu but i think cpu can up to 100% when i will ad 5-6 bridge((
What would be the easiest way to block inter-vlan routing but allow for example my IT vlan to communicate with all of the VLAN's?
Firewall rules, you could in essence just drop all forward traffic between VLANs and only set Src=IT Dst=All other VLANs to be allowed. The firewall is stateful so return traffic will be allowed automatically.
Does this kind of procedure work also on CRS112?
Thanks
Here is the most optimal way to configure VLANs on a CRS112 from MikroTIk:
help.mikrotik.com/docs/pages/viewpage.action?pageId=103841836
Which is the best method to use for VLANs and VLAN trunks that would give the best performance.
I assume the software VLANs, are going to go via the CPU, so the overall bandwidth would thus be throttled down to the CPU bandwidth.
Best performance would be creating a bridge and having the switch chip manage all the VLANs, but when it comes to the routing world and routing packets you will typically see and use software defined VLANs between networks. It's more about what you want to use VLANs for, if it's just on a LAN network or a Data Center then a single software bridge with all VLANs is the most ideal setup for max performance.
@@TheNetworkBerg Thank you.
I don't have plans on routing, I just need it to switch at L2
Ok. got it right till the end. Everything works now. Would it be possible to upgrade your tutorial by adding firewall rules between VLANs? Say, I'd like VLAN10 and VLAN20 to get access to internet, VLAN10 get access to VLAN20 but not the other way round, expect for VLAN20 get access only to an IP in VLAN10, the printer's Ip for example. Thank you.
In the new video czcams.com/video/TAGW_XCqCfs/video.html I cover how to setup ACLs for Inter-Vlan routing, give it a watch. There should be a timestamp for it too :)
@@TheNetworkBerg oh yes, I see. Very useful as a start. Anyway, I hope you're going to delve a bit deeper into that with a dedicated tutorial. Thank you very much indeed.
I will definitely consider a dedicated tutorial about the subject :)!
@@TheNetworkBerg Thanks
I'm not sure but it looks like there is a misconfig on your video at 21:28 according mikrotik documentation.
My issue is the dhcp is not passing through the tonthe bridge. MT says I cannot apply client to a slave interface
mine too, how did you manage that?
hi
i will to know more about vlan on two to three route
Hey man been watching your content for a while and keep up the good work...is there a way to get a hold of you for consultation work???
Thanks for watching the channel, at the moment I do not offer consultation services. I just do not have the time with my full time job and running this CZcams channel. Although I have gotten a lot of people asking me about consultations services and I am starting to consider it. If I do start some form of consultations then I will definitely make everyone aware :D!
@@TheNetworkBerg Could be a good add on but i do understand....
I think Im overthinking VLANs. As in your lab on Mikrotik 1 with eth2 trunk, how do I make eth3 access port for VL10 and eth4 access port for VL20. Would you explain tagged and untagged a bit more please.
The third option is what you want to make use of where you will configure a bridge and do the VLAN tagging through the bridge. So your configuration should look something like this:
/interface bridge add name "Switch-Bridge" vlan-filtering=yes
/interface bridge port add interface=ether2 bridge=Switch-Bridge
/interface bridge port add interface=ether3 bridge=Switch-Bridge pvid=10
/interface bridge port add interface=ether4 bridge=Switch-Bridge pvid=20
/interface bridge vlan add interface=ether2 tagged=10,20
/interface bridge vlan add interface=ether3 untagged=10
interface bridge vlan add interface=ether4 untagged=20
You can also do this through the GUI obviously by just adding a bridge there, enabling VLAN filtering and then adding your bridge ports and bridge VLANs.
This should in theory make ether2 a trunk port that will send VLAN10 & VLAN20 to the remote device as tagged frames while untagging ether3 for VLAN10 and ether4 for VLAN20.
@@TheNetworkBerg I got it now! I missed the obvious which you said so clearly "We are not going to set interfaces here when doing it as switch mode.." Waardeer jou antwoord baie.
Can we configure different ports of a single HexS router with different POE Connections and VLAN..
PppoE
Well yes, if you remove the default configuration each port will be treated as a separate broadcast domain and can run its own set of VLANs or PPPoE connections.
What OS do you use? Ubuntu Desktop? Or other? Just a curiosity
My main OS is Win11, although I tend to use Ubuntu Desktop for my labs since I enjoy the OS when it comes to Networking/Programming so I have that running on a VM on my actual machine. This is the host you usually see me configuring networks on :)
L2 - frame
L3 - packet
L4 - datagram/segment
Correct.
hi Im just vlanning on my mikrotik router only PC downstream!! will i be able to create a DHCP server on the Mikrotik_1 on the actual "VLAN" interface? seems that its telling me that can't have DHCP on a slave interface? basically I set the IP addresses on the VLAN, then bridged the ethernet port and the VLAN interface interface but had to set the actual Bridge as the DHCP server otherwise it didn't work am I doing something wrong? second question : on Mikrotik_2 you added the VLAN IPs for each VLAN , is this still necessary when Vlanning using the bridging method?
If you are using a single bridge to manage the vlans you must create a VLAN interface and bind it to the bridge then use that as the DHCP Server.
@@TheNetworkBerg hi thanks i think the best way is as you explain to bind each VLAN to it's own bridge and set up DHCP on the bridge , it's cleaner and more logical right? the bridge that i created contains the VLAN interface and the eth port itself which i guess was not necessary to include correct?
@@antoniocerasuolo757 not exactly, multiple bridges cannot hardware offload. I'll see if I Can make a video on VLAN management and adding DHCP to those VLANs in an upcoming video so keep a lookout.
@@TheNetworkBerg hi but that's exactly what you did in your VLAN introduction episode 1 at the end of the video you said that it was the standard way to create VLANS and you created 1 bridge for each VLAN interface on the Router? and then assigned the DHCP to the bridge? can you please clarify this last point?
@@antoniocerasuolo757 This video is aimed at the MTCRE and uses VLANs in a routing concept to move traffic between networks and is more for seeing the different ways you can use VLANs and to gain knowledge to pass the MTCRE exam, the most optimal way for home or even data center use would be a single bridge where you configure all VLANs and bind all interfaces to. You can find more information in the documentation with this case study:
help.mikrotik.com/docs/display/ROS/Basic+VLAN+switching
This is why I want to create another video aimed more at pure switching.
When i add the dhcp server like this it shows as red in winbox?
Make sure your interface you are binding it to is not a slave interface you cannot add dhcp to a port in a bridge you either add it to the bridge or remove a port from a bridge and add it as a master port
Only one brdige at the same time can be HW offloaded, so why you have more bridge interfaces?
Because this is for the MTCRE and not the MTCSWE, it's just another method of using VLANs to route with and that traffic will most likely be used in the CPU.
Does he mistakenly say "set its tagged interface to vlan 1", and not "ether1", at 23:45?
Probably
Can you create a full course from scratch ? in order like: lesson 1 lesson 2 and so on, New subscriber
Hello there, I am creating a playlist which will have all of the videos in a structure order to watch :)
I thought this is easy like this, and didn't work. I watched the video, and he does the same I thought it should be done to make it work, but they cannot see each other as neighbours, nor can ping each other, but they are directly connecteed. Does anyone have any idea? I try to make it work between a RBD52G-5HacD2HnD and a LHGGM with no luck :(