Full MikroTik MTCRE - Introduction to VLANs on MikroTik. (Episode 1)

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hey guys the network work here hope you're doing well i've thought about it long and hard and i finally decided that i will be creating a free mtcre course on youtube it will be on router s version 6 which is this video that we will start things off with because we will begin talking about vlans specifically it's a major topic and it is something that you need to understand for the mtcre even though i feel like it's something you need to know for the and a even but we'll cover it in depth here we'll go over the different types of way you can configure vlans on marketing devices and i'll show you how to implement all of the configurations so let's jump into the video alright so let's actually talk about vlans and i first want to lay it out straight that a lot of people get confused when it comes to v-landing on marketing for one very simple reason there are multiple different ways to configure vlans on microtic on router os it's crazy but it is there there's been like some legacy ways that you can configure it there's some good ways that we do it now currently but all of them is perfectly fine to configure vlans but this is why a lot of people get issues because they might go talk to their friend that shows them how to set up vlans one specific way and then they go to a technical trainer helping them do their mtcre and then he shows them a different way and then it's like what why are we doing the vlans this way and i've been doing it this way but don't be stressed or confused i'm going to go over most of the common ways that you will be setting up vlans on microtick but we want to first just cover a few basics when it comes to vlans now what is a vlan well a vlan stands for virtual lan or virtual local area network or it's more commonly known as 802.1q which is a standard it's a protocol it's a type of way on the industry that we configure vlans on equipment so most vendors have 802.1q as a baseline for vlans and what 80102.q allows you to do is add a vlan under an interface or on top of an interface so that when that interface sends out packets or frames with that vlan tagged on top of it it will be identifiable on the ethernet header with a four byte packet that gets added on top of additionally to tell the remote side what the vlan id is so that is in the basics of what's happening in the background but i want you to understand there's a difference between a trunk port and an access port so these are common terminologies you'll hear a lot and a trunk port you can essentially think of as an uplink port to a different switch or a different router or somewhere where you're going to be sending all of the vlans across so in my topology and eve i've got microtech 1 connecting to marketing 2 and 3 and that's on ether two and three and ether two and three are essentially trunk ports now what this means is i will be tagging vlans underneath ether two and three which will then be destined towards marketing two and three and the marketing 2 and 3 will be receiving those frames or packets or whatnot with that vlan header attached to it so that they can then forward it on uh on their own ports to their different hosts depending on what vlans they have configured now trunk port is just towards our up links now then we also have our access ports which i've configured basically on market take two and three and what an access port allows you to do is define um which vlan an access host will belong to so the host connects on to marketing 2 but the host doesn't configure the vlan anywhere they're not even aware of there's a vlan configured what happens is this ethernet 2 on marquette 2 we untag for vlan 10 as an example and then what happens is any packets that gets sent out to microtic four will then be stripped of the vlan header so that marketing 4 isn't even aware of that there was a vlan but the same thing would happen is microtic 4 would send its frames or packets to market tick 2 marketing 2 would receive it on that untagged port and then it would then send it across its tagged interfaces or any other untagged access interfaces in the same vlan so this allows devices on the same layer 2 broadcast domain to communicate because that is what makes vlans so awesome and interesting it allows you a way to segment your network into different broadcast domains so that you can say vlan 10 is for this type of service maybe it's for your lan network and then you could set up something like a vlan 20 this is for your phone network and a vlan 100 this is for your servers and your printers and your access points and maybe you get a vlan 200 for your management network so that you have management ips to connect all of your devices now that is what makes vlan so awesome because you can assign an ip address to that vlan and then all of the devices in that vlan can directly communicate with each other on a layer 2 or switching level now you can also have devices communicate with each other by introducing something that we call a layer 3 device like a router or you get a layer 3 switch we can which is also capable of doing routing or even a firewall so if you want the devices in different vlans to talk to each other you just need to introduce that type of device so that you can route traffic between the networks or between the vlans and that also allows you a way of setting up certain type of access control because then you can configure access lists or firewall rules between your vlans to allow or disallow certain types of traffic so that is something that makes vlans quite interesting or useful so my screen was going blank or darker because i was just talking so much all right so i think that is a good basis for vlans and i'll actually get into how we set up vlans right now i just want to add let me just go into my actual computer screen i'm going to link reference material onto marketing's website as well because you need to understand certain router boards or crss their cloud something switches these devices come with switch chips now a switch chip is essentially what we refer to in the i2 world as asic and this is a chip that's physically put on the marketing device that will handle the v landing if there is no switch chip then the v-landing will be handled by the cpu which will just mean that it's a little bit slower and that the cpu will just also have a lot of more functions to perform in that network now switch up takes that away so that the switch chip can focus on that now i want to make that point because you need to understand with the switch chip it ideally introduces what we call hardware offloading so if you configure something like a bridge which i covered in the mtcna then you can do stuff like hardware offloading where the switch chip will handle the switching for you now is pretty smart at doing this automatically because the moment you add a bridge and you put the ports on top of the bridge uh let me log on to a real migrate quickly just to show you uh admin tmb123 so on this real micro tick which is running version 7 if i go to my bridges and i look at my ports then you'll see there's a hardware offload button so this is enabled by default but what this is actually telling this port that's in this bridge to do is that it will work basically at wire speed almost it will then be handled by the switch chip so that we don't need to worry about the cpu handling any of these details all right so that's just something i wanted to mention regarding layer 3 or hardware offloading as well as the switch chip on marketing because if your micro tech has a switch chip you can actually find it under the switch menu and then you'll see what the switch chip is and now this is actually one of the more old ways that people used to configure vlans as well which i'm not going to go into because this is not typically how people do it um modernly but here you can see there's some stuff about vlans and vlan mode and what the default vlan id is all right so just something i wanted to mention now let's actually look at setting up some vlans and getting things to work on that eve topology i had on my screen okay cool so let's quickly just talk about this topology quickly what we want to achieve ideally we want to set up two different trunk ports we want to set up access ports to these clients at the bottom and then we want these devices to be able to communicate with each other and maybe across the vlans as well if we want to do that now first thing that i want to do is i'm going to show you how to just set up a very basic trunk between a switch and a router but these are just two marker ticks but in essence if you set up a basic marketing router you might just be running let's say let's call them software defined vlan interfaces and i'm just going to log on to this router one that you see on the screen here and you'll see how simple this is once i set this up because i'm just going to close all my windows quickly and i'm going to navigate to my interfaces and then from interfaces there's two things you can do you can add vlans from here you can just go to the vlan tab and add vlans from here so i'm just going to add the vlans from the vlan tab and now we can actually add a vlan now i can give it a name i can call this lan and i can give it a vlan id so i might make this vlan 10 which is what we had on the eve topology and then i will bind it to an interface now this is important because you need to understand where you're going to uplink to now in my topology it is ether2 and i'm just going to show you now from but on the perspective between two different hosts so two routers in this case so we're adding the software defined vlans i'm adding it on top of ether two and then i'll click apply then i'll hit ok and then i'll just add another vlan i'm going to call this voice i'm going to put this vlan ids vlan 20 and i'm going to bind that also to ether2 now these vlans have been bound to an interface and i'm going to navigate back to the interface tab so you can see what has happened as well because my vlans now exist and they've been tagged onto ether2 so this has ideally set ether 2 up as a trunk port so it will now send the vlans across towards its linked address and then these devices that are tagged in the same vlan will be able to communicate now let me give you a quick demonstration what i'm going to do is i'm going to also just log on to the second microtic microtic and let me just open up a winbox station to that sorry if it looks confusing i'm using uh linux here for this course so this i need to use wine to open up winbox now i'll connect onto ramon and then i'll connect on to that marketing 2 and then i'm also just going to maximize marketing 2 zoom in navigate to my interfaces and i don't need to go to vlan you can come here and then you can just click on vlan interface um there's vlan and then i can type here lan give it vlan id10 but in this case this router has ether one as its uplink to marketing one so i'm going to apply this to ether1 click apply and then i'll add another vlan call this voice and then give that the vlan id of 20 and also just bind that to ether one now we can see the vlans have been tagged on both ports so will this work what's happening now so let's quickly have a look i'm going to maximize router one i'm going to go into its ip neighbors just to show you something interesting it's picked up on layer 2 the mac address of that vlan so it knows there is a neighbor on that vlan so if we actually want to make this work for ip as well let's just add some ip addresses to the vlans let's bind it so let me call this something like 172 16 0.1 24 and this i'll assign to my lan vlan now i'll hit ok and then i'll add another address of 10.0.0.1.24 and i'll bind that to my voice vlan now i've got these two addresses but in its own i'm not going to be able to do anything yet because i've just configured it on the one side let me quickly add it on router 2 or microtic 2. so i'll add ip addresses then i'll add ip17216 0.2 24 bind that to my lan vlan and then 10.0.0.2 24. i'll bind that to my voice vlan i'll hit apply and now on router 2 i'll go to ip neighbors and we should actually see the ip addresses of those devices i'm not seeing it yet let's just quickly ping and see if we can actually ping across i'll do a ping 172 16 0.1 so i can ping one seven two sixteen zero dot one which is marketing ones ip let's see if i can ping 10.0.0.1 i can ping that as well so let's just look at our neighbors now i should have actually checked there we go so we can see the ip addresses have also updated now this in essence means that there is a trunk between marketing 1 and marketing 2 and this trunk is carrying vlan 10 and 20 across now v microtech 2 can also then distribute those vlans or access ports to its clients but we could also just extend it with bridging or stuff like this but this is pretty standard v landing on the marketing world where you'll just add your vlans to an interface that you're going to uplink to a switch and then from your switch you typically do your axis mode tagging and stuff like that all right so this covers the basic vlan introduction on marketing for the software defined vlans let's go one step further and we will actually now look at adding bridged vlans so this is going to be the concept of us we're going to have a bridge and what we're going to be doing with this bridge is we will be bridging the vlan interface with the physical interface where we'll now be introducing an axis mode type of situation so this setup i'll be doing just on microtic 2 for now so let me navigate to my critique 2 and here i'm on marketing 2. now in this case what i'm going to do is i just want to remove actually i don't need to remove them we'll keep the vlan interfaces there but in this case what we're going to do is we're going to introduce a bridge to the network now for each vlan that we're going to create we're going to also create a bridge that will be linked to that vlan so i'll create one new bridge i'll call this bridge lan br for bridge and then vl10 for vlan 10 and then i will hit apply so this is just a normal bridge now and now i need to assign ports to the bridge so the first thing i'm going to do is i'm just going to assign the lan vlan to that bridge so it's still tagged on ether 1 but it's now been bridged onto land bridge vlan 10 and what i can do to set up a port in axis mode very easily is just bridge the port that i want to be in axis mode which is ether2 with that same bridge so let's quickly do that so i'll go into my bridge go to my ports and then i'll go into ether2 is the interface and i'll also just add that to the lan bridge now in essence ether2 will be untagged for vlan 10 and then the lan interface is tagged for vlan 10 going to my up link now let's test and see if this works and i'm actually going to test this a very specific way i'm quickly just going to set up dhcp on router 1. so let's go into our ip the http server let me just remove that at some old dhcp config let's just run the wizard quickly i want to set this up on the lan vlan i'm doing it for that land scope and we've set that up now i quickly want to go into my leases and ta-da i've already got a lease so what's happened now is this microtic 4 that's connected to microtech 2 which is an access mode it's automatically assigned an i or received an ip address from the dhcp server which is marketing 1. i don't have any configuration on this microtech 4. if i do an export here this is the basic configuration it just has dhcp configured on ether one and with that it's obtained an ip address from the dhcp server which is sitting in vlan 10 on microtic one so that that has actually gone across the network from microsoft to marketing 2 to marketing one which is awesome now let's just look at micro tick two's config again just to verify what we've done we've set up a bridge for that specific vlan we've added the vlan interface which is tagged to our uplink on ether one and we've added the actual untagged interface which will is the client to the same bridge so that that client can obtain an ip address now let's do the same thing for vlan 20 so i'm just going to call this voice br vl20 apply that and then i will add my ports as voice added to voice br vlan 20 and i'm going to add my ether 3 to the voice vlan as well now what's happening is the voice vlan is tagged across ether 1 and ether 3 is untagged for vlan 20. so what i'm going to do is quickly just also set up dhcp for the voice network so let's run a dhcp wizard set it up for voice set the dhcp scope and presto let's go to our leases and there we can see i've actually also assigned an ip address on the voice network and we can just verify that this is working by logging on to microtech5 which is in that voice vlan and what i'm going to do is i just need to close that window again sorry this is like a finicky thing on eve and then i'll just see can i ping my gateway 10 0 0 1 which is marketing one's ip i can ping that and that's pretty cool because micro tick 2 doesn't have an ip address currently it's just boarding the frames it's acting as a switch between that router and between this client which is an access mode so i've got internet breakout in that fashion in that way so that's actually quite cool let me see can i actually break out i can even get out to the internet so that is basically the second way how you configure vlans using a bridge where you'll just basically be creating your vlan interface on top of the interface that you want to tag and then you'll assign your untagged interface to that same bridge so that that bridge can or that that client can receive an ip address all right so let's quickly look at the third way of setting up vlans which is the traditional sense of tagging and untagging interfaces and kind of operates at layer two but on microtic one i'm still going to do the vlan interfaces tagged against very specific interfaces so that we can have that as a router on a stick so to speak so we can actually do inter vlan routing and do breakout and get stuff like dhcp and whatnot so what i'm going to do is i'm just going to add interfaces i've got lan underscore e2 and voice underscore e2 which is just voice ethernet 2 but it's still vlan 20 and 10 and what i'm going to do is i'm going to go into my bridge i'll add a new bridge but we'll create a bridge for each vlan again so i'll call this land br vl10 apply that and let's add another bridge let's call it voice brvl20 and then what i'm going to do is just assign lan e2 to that bridge and i'll assign voice e2 to the voice bridge so that's basic bridging and then what i'd like to do is just also assign my ip addresses to my bridges and it will make sense in a second so we're adding this voice range to the voice bridge we're adding this ip range to our lan bridge and i just want to set up the http as well so that we've actually got the http when the clients connect so lanbridge one and let's set up for the voice so now we've got some basic dhcp when we've got the clients up and running so this is still the same kind of as we were doing before the only thing i want to introduce in this topology is a secondary trunk running to a different switch or a different router which is going to belong to the same bridge now what i'm going to do is just add these vlans onto e3 so this is lan e3 on ether three i'll apply that i'll copy this call this voice e3 make it vlan 20 and then i'm just going to apply those ports to this the respective bridges so voice e3 goes to the voice bridge and lan e3 will be going to the land bridge all right so that is our router's bridge configuration just so that it can actually do ip addressing and communicate at layer three now let's do the layer two config on micro tick two and three so i'm going to navigate to marketing two and i'm just going to go into my bridge if i look at my interfaces i don't have anything configured here and we're not going to set interfaces here when we're doing this as a switch mode so i'm going to go into my bridge add a new bridge let's call this the switch bridge and we go to the vlan tag we can enable vlan filtering but i'd suggest doing that last because you might run into some issues like kicking yourself out of the equipment next step add our ports so what we want to add is we want to add we're going to add ether2 as an access port to the switch bridge and here we can set a private vlan id so the pvid i'll make vlan 10 or ether2 and i'll also just add ether3 to the switch bridge and i'll set its vlan to 20. i'll hit apply and now i'm going to go back to the bridge i'm going to turn on vlan filtering because what this does is if i go to this vlan tab sorry let me just delete this old config we can see it's created these dynamic interfaces to show you which bridge it belongs to what the vlan ids are and what they're doing with the vlan id so here we can see what the interface is that the vlan id is untagged for meaning the access port it's on now we also want to tag these vlans so all i'm going to do is just copy this and then i'll just set the tag so here i'm going to tag it on ether one and i'm going to do the same for my other dynamic vlan for vlan 20 copy that set its tag interface to vlan 1. now if i look at the interfaces essentially what's going to happen is vlan 1 or ether 1 is going to be the trunk port which will carry the vlan traffic between it and marketing 1 but the access ports is ether 2 and 3 going to their respective vlans which is vlan 10 and 20. now i don't have any vlan set here again i haven't added vlan 1 to the bridget so it's not going to work yet so let me just bring in vlan or ether one into the bridge just so that it's there for the trunking now if we look here we can see ether one is tagged and we can see ether two or e3 is untagged for its respective vlans so let's quickly see if it's working because this is the setup the third way how we can configure vlans using the almost like the switch chip with the the bridge so i'll go on to my critique four and what i'd like to do is let's do a print here and i can see i did obtain an ip address let's see can i ping my gateway which is 172 16 0.1 and let's just run this command globally and i can ping the gateway so that is how we've set vlans now between or on marketing as a layer 2 device now let's do the same config on market 3 quickly and this i might just do from the command line very quickly let me just make sure this works so all we're going to do is we want to introduce a bridge to the equation so interface bridge add name let's call this the switch dash bridge then we want to add our ports to the bridge so interface port interface bridge port will add and the interface we're going to add firstly is ether1 which is going to be our trunk and the bridge we want to add this to is our switch bridge then we are going to add ether2 and what i'd like to do is just navigate to the topology here so that we can see exactly we can see e32 is for vlan 20 because we're going to set our vlan id here or our pvid equals 2 0 and then for ether 3 our pv id is 10. so that is where we've now set the pv id we also need to enable vlan filtering but like i said we'll do that last and now the last bit is interface bridge vlan and then we can print this actually we haven't set the filtering yet so let's just say that quickly interface bridge set vlan filtering equals yes on bridge the first bridge now let's do a vlan print so we can see it's created the dynamic interfaces like we saw on winbox before so what we'd like to do is we'd like to set this details for number one and two but we're not going to copy anything here so all we're going to do is interface bridge vlan we'll add one and what we'll do is we'll say vlan ids equals let's say 10 and then what we're going to say is it will be tagged for ether 1 and it will be untagged for ether 3 ether 3 and the bridge obviously we need to set as well and we're going to do a similar set up now for vlan 20 so vlan 20 tagged ether one untagged ether 2 and the bridge is the switch bridge so if i print those vlans now we can see it has been statically set by us so now ether 2 is the axis port for vlan 20 and ether 3 is the axis port for vlan 1 or vlan 10 and our trunk is the ether one which will be carrying the different vlans i actually didn't yes well it sit there so what i'm going to do now is just navigate to our other clients so let me go back into eve and let's see microtic six let's log into this and i'd just like to see do we have an ip address i did receive an ip address from microtic 1 and now the cool thing is if i do an ip neighbor print we can actually see our neighbors that we've learned across so 100.254 is actually this microtic 5 at the bottom so it's it's knowing about its neighbor and can i ping 100.254 i can ping that so that is pretty darn cool and i can ping 1001 which is marketing 1 which is its default gateway so this is kind of the third way how we can set up different vlans on marketing and this is mainly what i'm going to cover with the different ways you can set up vlans now i just want to actually end off the video because we'll continue more cool things like q and q in a different video i feel like this video has enough substance right now so anyways i'd like to thank you guys the viewers for watching i'd like to thank my patreons and youtube members for helping support the channel and i'm going to continue this series and produce more free content on the mtcre i hope it's been informative i hope you enjoyed it and i'll catch you in the next video see ya [Music]

Info

Channel: The Network Berg

Views: 163,051

Rating: undefined out of 5

Keywords: #802.1Q, #MTCRE, #VLAN, mikrotik, mikrotik bridge, mikrotik bridge vlan, mikrotik router, mikrotik router configuration step by step, mikrotik tutorial, mikrotik vlan, mikrotik vlan bridge, mikrotik vlan configuration, mikrotik vlan configuration step by step, mikrotik vlans, network berg, the network berg, vlan configuration step by step, vlan mikrotik, vlans mikrotik

Id: 4BOYqtV4MCY

Channel Id: undefined

Length: 29min 23sec (1763 seconds)

Published: Fri Feb 11 2022