Sunday, July 10, 2022

VIRTUAL LOCAL AREA NETWORK - VLAN (MikroTik)

Sunday, July 10, 2022    3 comments

 

    Picture 1


- VLAN is VPN (Without authentication and without encryption)

- VLAN almost universally adopted beetwen different vendor

 

1. VLAN Terms (Look at  Picture 1) 

Tagged VLAN = All Packet forwarded by the interface contain VLAN information/ VLAN-ID

Untagged VLAN = Packet Forwarded by the interface are untagged 

Trunk Port = Carry Multiple VLANs ID on single physical interface

Access Port = Belong to one Vlan ID, Port is untagged

**Hybird Port = Multiples VLANs can be tagged and untagged


2. VLAN in Router OS/ MikroTik.

Today is possible to manage VLAN in 3 different menus

1. Interface
2. Bridge
3. Switch


and what is different beetwen them, when we use it ?

 The Software VLAN:

When we use Interface to create and manage VLAN in the Mikrotik, Traffic will affect  and will affected by the CPU

 The Hardware VLAN:

When we use Switch to create and manage VLAN in the Mikrotik Traffic will not affect the CPU.
but the following ones is possibly when router board have a switch chip or we use Cloud Router Switch - Switch Layer 3 Mikrotik. 

The VLANs in the Bridge:

When Managed VLAN in the Bridge, Traffic will be can software or hardware VLAN, Depending of the switch chip location in interface and how is configured!


3. Let's Config

Look at picture 1 :

- (red line vlan 10 ether2 / blue line vlan20 ether3)  on switch layer3

- trunk port ether1 on switch layer3

- ether2 in router connected to switch layer3 port  ether1 (trunk) 

We Config using  the VLANs in the bridge (use RB with switch chip or CRS it's okay and working)

Config in Router

/interface vlan
add name=vlan10 interface=ether2 vlan-id=10
add name=vlan20 interface=ether2 vlan-id=20

/ip address
add address=192.168.10.254/24 interface=vlan10
add address=192.168.20.254/24 interface=vlan20


Config in Switch Layer 3

/interface bridge
add name=bridge1 vlan-filtering=no 

(don't forget to disable vlan filtering/no. in last config we make vlan filtering is on) / when in first config we enable vlan fitlering, switch layer 3 cannot access

/interface bridge port
add bridge=bridge1 interface=ether1 pvid=1 ingress filtering=yes

/interface bridge port
add bridge=bridge1 interface=ether2 pvid=10

/interface bridge port
add bridge=bridge1 interface=ether3 pvid=20

and then, we setting tagged/untagged vlan

 /interface bridge vlan
add bridge=bridge1 tagged=ether1 untagged=ether2 vlan-ids=10

/interface bridge vlan
add bridge=bridge1 tagged=ether1 untagged=ether3 vlan-ids=20 

last config we enable vlan filtering in bridge interface from no to yes 

/interface bridge set bridge1 vlan-filtering=yes 

set up ip address on end device / create dhcp server in vlan10 or vlan20 interface

finish.


 

 

 

 


 



3 comments:

  1. Anonymous11/7/22 9:17 AM

    that's good, thank you

    ReplyDelete
  2. Anonymous6/12/22 9:49 PM

    You can then copy the casino’s financial institution particulars and make a switch through your on-line checking account app. 온라인 카지노 Being underneath the Caesars Entertainment wing, the model provides a strong platform that comes with all the essentials. The huge plus is entry to Caesars Rewards loyalty program.

    ReplyDelete

Subscribe to: Post Comments (Atom)