Very well done. I've been networking for over 25 years and teaching CompTIA Network+ courses for almost 20 years, and this is an excellent explanation of vLANs.
Glad to see these guides. When I first got my RB5009 I struggled a lot with creating a trunk port to my Hap ax^2. It seemed quite a bit different from previous gear I worked on, however, it's not actually that different once you get your head wrapped around the way of adding bridged VLANs.
I'm sorry this video is still not clear enough, The Network Berg's video on this as part of MTCRE is much clearer and in-depth... explaining three approaches and giving examples on how to achieve both via command line interface and winbox GUI
Because this is just part 1. If you watch part 2 as well, you will have invested only about 33 min. total and will have covered the topic in greater detail. But I might be biased here ;)
At last. Hope you will en these series with detailed description of such complicated setup like router, switch, capsman + several AP and VLANS with local, guest and managemant networks on one bridge with VLAN filtering.
Great stuff! Excited to see what the vlan videos with the CRS3X is like. I’ve had issues with BPDUs flooding along with maybe CDP that forward these packets and cause connected Cisco switches to shut down ports.
This is something I’ve avoided as the last time I tried bridge vlan filtering I broke everything, thank goodness for safe mode. I can’t wait for the next episode in this series.
When you do cover the bridge method, please take some time to explain the different parts of the config, and go over what @sindy discusses in his forum post "RouterOS bridge mysteries explained". Important concepts: Base interface with untagged traffic. Vlan interface and what it does. What the bridge represents. And what the /interface bridge, /interface bridge vlan, and /interface bridge port commands do. What would be helpful would be to configure a router (e.g. a 5009) with an ether port configured as trunk port to a CRS326 switch, and then show how the Router can route traffic between two access ports in different vlans. Then once that is explained, reconfigure the 5009 with the vlan-filtering bridge, and configure a trunk on the bridge to the CRS326 (i.e. convert the trunk from a ether port based trunk to a trunk port on the 5009 bridge. Leave the CRS326 config the same. Show that the behavior is still similar. Then expand and also configure access ports on the 5009, and show that traffic from an access port on the 5009 to an access port on the CRS326 in the same vlan does not involve the CPU. And that the 5009 can act as a router with an integrated vlan-aware switch. (the L009 could be substituted for the 5009).
am i missing a bit? he adds the 2 vlans to port 24, and configures the pc for vlans, but i never see any vlan config for the hap ac2 or port the hap ac2 connects to? and suddenly it routes over vlan?
Isn't there missing information on the first example ? He configured ether24 with 2 vlan, but didn't configure port 8 and port 16. It been a while I configured vlan like this, but what I remember, is I had to do a bridge for each vlan, and add inside that bridge the different interface I wanted as untag and add my vlan interface I created for the device I wanted with tag. (I just got along farther in the video... I think this video should have been formatted differently. Someone who try the first setup is not going to get anything to work..
@@RB01-lite This what I mean by configuring ether8 and 16, they need to be added to a bridge that link to the vlan interface. The way it was presented, after he configured the ether24, he sounded like everything should be working. Show a graph of traffic from ether24 going to ether8 and 16, even before ether 8 and 16 was configured. This is when I wrote my comment.
Druvis, everything should be made as simple as possible, but not simpler. The config you did on the CRS326 was insufficient to explain the behavior at 5:09 as being traffic on vlan10 and vlan20. If it worked, my guess it that it was all using the default untagged vlan1 for all three devices, and there was nothing really using vlan10 or vlan20 tagged traffic for the "connections" to the hAP or the L009. If I am wrong, please explain how it would work as the animation shows, given only the config that was shown. Looking forward to the "rest" of the series, where you use the vlan-filtering bridge in a more typical configuration. And a suggestion, when you do the future videos, provide some evidence that what you configure is doing what you claim. I.e. sniffer or wireshark captures showing the vlan tag with eithertyp 0x8100.
The visualisation is a little off unfortunately, there is no configuration to in place for frames to go from the hAP and L009 into the vlans, the point was that if you did somehow send the frames into the vlan interfaces they would travel to the laptop correctly, but if anything is sent back, it has nowhere to go.
Вітаю всіх. Зовсім не зрозуміле пояснення. Тощо пакети маркуються так - все ок, але яким чином з'являється маркування і яким чином знімається і в яких випадках залишається - взагалі не зрозуміло. На ноутбуці встановили vlan в ручному режимі, добре це зрозуміло. У більшості випадків ноутбук це кінцевий клієнт мережі і він повинен бути підключений до не тегованого порту (access). Зробіть простіший приклад.
Tried to configure VLANs on mikrotik few times but I have different devices from RB951G to CRS125 and CRS317.... and configuration on a switch chip is different on different devices, this completely stops me from using it.
A MT-Trainer told me once only to buy CRS3xx devices, CRS1/2xx devices are a total nightmare because they offer different option-sets with obscure nameings, different features and different behaviour. Total nonsense for a production device. In my job I once had to buy around 2000 new switches for multiple sites. MT was instantly(!) out of the game with their over-complicated CRSs and "this supports only that with this Switch chip but from ROS xyz on this, but not HW-accelerated, but if you enable an obscure option a undocumented feature will not work because something else but will maybe fixed in a further ROS version or not". And then their nonsense-config switch/bridge crap, have choosen another more expensive vendor. The 2 million Euro budget was going to Taiwan not to Latvia...
This is exactly why this video dissapoints me. I was really looking forward to seeing how MikroTik themselves do it, so many bad guides and explanations out there. I've got hardware accelerated VLANs working but I'm not entirely sure I've done it....correctly? At this point I'm almost just going to use SwOS on my CRS305 and 328.
Very well done. I've been networking for over 25 years and teaching CompTIA Network+ courses for almost 20 years, and this is an excellent explanation of vLANs.
Glad to see these guides. When I first got my RB5009 I struggled a lot with creating a trunk port to my Hap ax^2. It seemed quite a bit different from previous gear I worked on, however, it's not actually that different once you get your head wrapped around the way of adding bridged VLANs.
please show the WinBox interface for configuration, not just the CLI, in the next video if you're doing Bridge VLAN filtering . Thank you
I'm sorry this video is still not clear enough, The Network Berg's video on this as part of MTCRE is much clearer and in-depth... explaining three approaches and giving examples on how to achieve both via command line interface and winbox GUI
Because this is just part 1. If you watch part 2 as well, you will have invested only about 33 min. total and will have covered the topic in greater detail. But I might be biased here ;)
I wait for that video long time ! Good introduction in vlan, I wait for more !
This was a good video. I will rewatch it again a few times.
Great guides. Thank you MikroTik Nerd.
At last. Hope you will en these series with detailed description of such complicated setup like router, switch, capsman + several AP and VLANS with local, guest and managemant networks on one bridge with VLAN filtering.
exciting series! am hoping this series will be comprehensive and cover some use cases like management networks, wireless and perhaps even containers
Great stuff! Excited to see what the vlan videos with the CRS3X is like. I’ve had issues with BPDUs flooding along with maybe CDP that forward these packets and cause connected Cisco switches to shut down ports.
This is something I’ve avoided as the last time I tried bridge vlan filtering I broke everything, thank goodness for safe mode. I can’t wait for the next episode in this series.
Normally when I see his video. I do pause to watch it . Very informative
Perfecto, muchas gracias!
When you do cover the bridge method, please take some time to explain the different parts of the config, and go over what @sindy discusses in his forum post "RouterOS bridge mysteries explained". Important concepts: Base interface with untagged traffic. Vlan interface and what it does. What the bridge represents. And what the /interface bridge, /interface bridge vlan, and /interface bridge port commands do.
What would be helpful would be to configure a router (e.g. a 5009) with an ether port configured as trunk port to a CRS326 switch, and then show how the Router can route traffic between two access ports in different vlans. Then once that is explained, reconfigure the 5009 with the vlan-filtering bridge, and configure a trunk on the bridge to the CRS326 (i.e. convert the trunk from a ether port based trunk to a trunk port on the 5009 bridge. Leave the CRS326 config the same. Show that the behavior is still similar. Then expand and also configure access ports on the 5009, and show that traffic from an access port on the 5009 to an access port on the CRS326 in the same vlan does not involve the CPU. And that the 5009 can act as a router with an integrated vlan-aware switch. (the L009 could be substituted for the 5009).
Wonderfull, expecting new onces. Thanks
Nicely done
Waiting for ep 2! :)
great content
Shortest vlan explanation I have found is: Vlans allow you to segment physical local network in to multiple logical ones.
AWESOMOE stuff 100%.
Thank you for the video ... also Vi-Lan 😉
VLAN on RouterOS is a counterintuitive
This is why we made this video :)
Which way is counter intuitive? There are at least 5 different ways. 😂
It's a good explanation of the VLAN theory but a very uncommon example. 😅
Sure, it's just to cover the basics, and it will come in handy later for setting up a management interface and inter-vlan routing.
I'm new in Mikrotik, look like even the beginner will catch up easily.
Any news about new hardware? Waiting for some high performance and outdoor APs...
Promissing start, I only hope tahta I will include complex scenario like multiple (home/guest) wifis with CAPs MAN using same CAPS divided by VLANs.
Please make a video on Hotspot with mikrotik radius server
am i missing a bit? he adds the 2 vlans to port 24, and configures the pc for vlans, but i never see any vlan config for the hap ac2 or port the hap ac2 connects to? and suddenly it routes over vlan?
That is the magic of VLAN access ports - the connected devices don't have information about any VLANs used.
Isn't there missing information on the first example ? He configured ether24 with 2 vlan, but didn't configure port 8 and port 16. It been a while I configured vlan like this, but what I remember, is I had to do a bridge for each vlan, and add inside that bridge the different interface I wanted as untag and add my vlan interface I created for the device I wanted with tag. (I just got along farther in the video... I think this video should have been formatted differently. Someone who try the first setup is not going to get anything to work..
You don't have to do any VLAN configuration on 8 and 16 in this example, the bridged and routed setups are all that is necessary.
@@RB01-lite This what I mean by configuring ether8 and 16, they need to be added to a bridge that link to the vlan interface. The way it was presented, after he configured the ether24, he sounded like everything should be working. Show a graph of traffic from ether24 going to ether8 and 16, even before ether 8 and 16 was configured. This is when I wrote my comment.
Druvis, everything should be made as simple as possible, but not simpler.
The config you did on the CRS326 was insufficient to explain the behavior at 5:09 as being traffic on vlan10 and vlan20. If it worked, my guess it that it was all using the default untagged vlan1 for all three devices, and there was nothing really using vlan10 or vlan20 tagged traffic for the "connections" to the hAP or the L009.
If I am wrong, please explain how it would work as the animation shows, given only the config that was shown.
Looking forward to the "rest" of the series, where you use the vlan-filtering bridge in a more typical configuration.
And a suggestion, when you do the future videos, provide some evidence that what you configure is doing what you claim. I.e. sniffer or wireshark captures showing the vlan tag with eithertyp 0x8100.
The visualisation is a little off unfortunately, there is no configuration to in place for frames to go from the hAP and L009 into the vlans, the point was that if you did somehow send the frames into the vlan interfaces they would travel to the laptop correctly, but if anything is sent back, it has nowhere to go.
when is MikroTik making CyberSec devices pls, NGFW, IPS etc i mean
8:12 it isn't true that when you create a vlan on an Ethernet port that then all packets that come in there are tagged with the vlan
Why doesn't mactelnet work? I get prompted form the username and password but, it echoes that the username or password is incorrect.
Describe what you are connecting to from where...
мало понял из видео, хотя умею настраивать влан-ы на Микротиках...
Вітаю всіх. Зовсім не зрозуміле пояснення. Тощо пакети маркуються так - все ок, але яким чином з'являється маркування і яким чином знімається і в яких випадках залишається - взагалі не зрозуміло. На ноутбуці встановили vlan в ручному режимі, добре це зрозуміло. У більшості випадків ноутбук це кінцевий клієнт мережі і він повинен бути підключений до не тегованого порту (access). Зробіть простіший приклад.
mikrotik should go cisco/hp approach when you configure vlans only one way! its will be more friendly for new users!
it is difficult to understand your illustrations in English. Where can I find the same indications in Italian Languages? Thank you
Id rather get 32 root canals at once than setup a vlan on a unifi.
😡
Tried to configure VLANs on mikrotik few times but I have different devices from RB951G to CRS125 and CRS317.... and configuration on a switch chip is different on different devices, this completely stops me from using it.
A MT-Trainer told me once only to buy CRS3xx devices, CRS1/2xx devices are a total nightmare because they offer different option-sets with obscure nameings, different features and different behaviour. Total nonsense for a production device. In my job I once had to buy around 2000 new switches for multiple sites. MT was instantly(!) out of the game with their over-complicated CRSs and "this supports only that with this Switch chip but from ROS xyz on this, but not HW-accelerated, but if you enable an obscure option a undocumented feature will not work because something else but will maybe fixed in a further ROS version or not". And then their nonsense-config switch/bridge crap, have choosen another more expensive vendor. The 2 million Euro budget was going to Taiwan not to Latvia...
@@Problembaer4 Unfortunately, I already have to many devices to tрrow out them to the garbage and buy CRS3XX instead.
This is exactly why this video dissapoints me. I was really looking forward to seeing how MikroTik themselves do it, so many bad guides and explanations out there. I've got hardware accelerated VLANs working but I'm not entirely sure I've done it....correctly? At this point I'm almost just going to use SwOS on my CRS305 and 328.