Mikrotik VLANs - CRS1xx & CRS2xx - Mikrotik Tutorial

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

do you want to learn how to configure vlans in nerotic devices specifically those from the families 100 and 200 in this video i'm gonna show you how to deploy belangs in mirotic environments welcome to the network trip [Music] migrating devices have multiple ways for configuring billings in this video i'm going to talk about devices from the family cloud router switch 100 and 200. those devices have router os on them in this topology i'm going to include a simple router that device is going to be handling the interview and routing process and including three billions but the number can be any number that you want so in this case i'm using vlan 10 for it blend 20 for marketing and blank 99 for management i will have two physical devices crs to 12 because i can't virtualize those specific models and the configuration that we are going to apply is valid only for those particular models any device from the family crs 100 and 200 the main idea is that we need to configure trunk interfaces and also we need to configure access interfaces trunk interfaces are the ones that are going to send traffic with blank headers access interfaces are interfaces that are mapped to a particular billion id but all the frames going out those interfaces are not going to include billing headers so you can see here that we have the first switch i'm going to name that as one that's one we have two trunk interfaces one interface that is connected to the router and the second interface that is connected to a second switch in this case the name for the switch will be s2 so i have two trunk interfaces on s1 and i will have multiple access interfaces for the purpose of this lab i will connect one computer to one of those access ports to test connectivity inside that specific vlan so in this case you can see that the red section here is 4 billion 10 and the blue section e4 blank 20. the green one blank 99 is for management only that means that any endpoint connected to an access port won't be able to directly get access to manage the switch in that way we can apply security policies in this router so we can include some firewall rules to allow traffic from the ips that we trust in phase one i need to configure the router in the router i need to add some vlan interfaces in the port where s1 is connected so i'm going directly to the inbox in this moment and i will add one billion interface per subnet so this is the router that i have there you can see if i go to interfaces i have one an interface and also i have a wireless interface that is actually my one connection for this example my first step here is to add three billing interfaces one for bill and ten one for billing 20 and the last one for billing 99 so i can do that easily going to interfaces and then i need to look for the bill and tab so i will add a new interface here and i will call that vlan 10 and i will change the billing id to 10 and that is going to be using as a master interface ether four the port that is connected to s1 now i have one vlan interface i need two more so i'm going to add a new one in this case vlan 20 billion id is gonna be 20 and the master interface will be ether four okay and finally vlan 99 billing id 99 and my master interface again will be ether four so i have three virtual interfaces so i can assign an ip address to every interface and direct prs can be used as gateway for any device connected to a particular vlan i'm going to assign the first usable ip to every vlan interface so i'm going to ip then address and i will click on the plus button and i will assign the ap 172 1610.1 24 2 billion 10 172 1620.1 slash 24 to billion 20. and finally i'm going to assign 172 16 99.1 slash 24 to vlan 99 if we check the current configuration on interfaces we can see that we have the master interface ether 4 and we have associated with three billion interfaces billing 10 20 in 99 now this device is working as a router on a stick this is a very common way of configuring a router when working with small and medium environments so we are ready with phase one in my next phase i need to go to s1 and here i need to follow a very specific process in this phase i'm going to configure the first crs 200 i'm going to use a crs to 12 so if this device there i'm going to set the name as one to it this device has two trunk interfaces one that is connected to the router and one interface that is connected to a second switch so i need to identify those two interfaces and also have many access ports some of them will be connected to vlan 10 and some of them will be connected to vlan 20. so i'm going to follow a seven step process that i'm going to share with you so the first step is just to create a bridge interface and then i need to add all the ports to the bridge so those are very straightforward steps that we are going to take now since i'm using a crs-212 that has a lot of sfp ports and only one gigabit ethernet instead of using ethernet ports i'm going to be using fiber ports so in this case instead of heater 2 this is going to be sfp2 instead of ether3 that will be sfp3 and so on and so forth step one is about adding a new bridge interface so there is some bridge then the first tab here bridge and then i can click on the add button so i will set the name for that one dot bridge and i will click ok so step one is done step two is about adding all the ports that we are going to need in this topology so you can see i have ether one so i will include ether one to the bridge i need some additional ports all the access ports and also the second trunk link connected to the second switch so i'm going to include all those boards and starting with sfp 2 then sfp 3 4 5 and six but at this point step one and two are done so i'm going back to the process and then we need to configure the ingress blank translation tab this step is related to the access ports remember that access ports are going to be sending out the frames without a billing tag but when those interfaces are receiving frames then the switch needs to add and information and that is exactly what we are going to do here i'm going to the switch menu here then to billan and you can see that we have many tabs so we're going to be focused on the tab number three here that is ingress bill and translation so i need one entry per billion so i'm going to the topology as well so i'm going to add one entry 4 billion 10. so remember here we are going to map the access ports only so i have either three and four so in this case it would be sfp three and four mapped to vlan 10 and also i'm going to have sfp 6 and 5 mapped to blank 20. so that's exactly what i'm going to do so here we need to identify some important fields the one that we need to play with is new customer bid so there is where we are going to add the billing id and also we need to add the customer bid since this is an access port this value is going to be zero since all the frames that we are expecting in that interface are going to be without a billing header and additionally we need to include every access port in that list starting with billing 10 so new customer bid will be bill and 10 and the customer be id 0. so basically that why this is called translation the frames are coming without being a header and then it's going to be added and you'll be in a header bill and 10. and additionally the port so in this case this is going to be sfp 3 and also sfp 4 so those are the access port for vlan 10 on s1 then i'm going to click ok and i will do the same for vlan 20. so in this case new customer bid will be 20 the customer be id 0 and the ports mapped to bill and 20 will be 6 and 5. so i'm going to select sfp 5 and sfp 6 and now i can click ok so i have two entries two groups of access ports billing 99 doesn't require those entries things we don't have access ports for billing 99 so that's step number three so coming back to the seven step process so the next step is to configure the igress billing tire so the ignite bill and target the second tab in the switch section so in this case we need an entry per billion but here now we are going to include only the trunk interfaces so you can see the pattern here so in billing translation is for access ports and egress bill and tag is for trunk ports so we are mapping the interface and the specific being an id so coming back to a crs to 12 here and i'm going to egress bean and target so in this topology i only have two trunk interfaces either one that is connected to a router an sfp2 that is connected to the second switch so i'm going to add one entry per vlan so in this case this is going to be banan 10 the tag ports are going to be ether one and then sfp two so i have that entry for b and 10 i'm going to copy that and i'm just going to change this to b and 20 and then to b line 99. i have one entry per billion and this has completed the step number four next step is to create the billing table so coming back to this device here you can see that the first step is billing i'm going to add again one entry per billion i'm going to start with bill and 10 so i will include a new entry bid on id10 so here imports this list is going to include all the active interfaces sending traffic for that particular vlan so in this case all of them access ports and also trunk ports so i'm starting with ether one this is one of the trunk ports and fsp2 and then from three to six i will include all of them now i can click apply and i will just copy this entry for vlan 20. now we can copy this and i'm going with the vlan for management so the management billing needs to be sent only over trunk interfaces so i will remove all the access interfaces like 4 3 6 and 5 and i will keep only the trunk ports in this case ether1 and sfp2 remember the management vlan only requires the trunk interfaces we have completed the step number five then we are going to the management interface so we need to create a build an interface we need to assign the bit an id 99 then we can add an ip address so in that way we can have access to that device by ip and finally we need to update the vlan table since we need to allow access to that particular vlan to the cpu in this device so going back to the crs to 12. so in this case i'm going to start creating a management interface by going to vlan and i will add a new entry here vlan 99 the billion id will be 99 in this case the master interface will be the bridge so i'm going to select bridge and i will click ok so this is the interface that is intended for management so i need to assign an ip address if i see the topology here you can see that the management network is 172.16.990 slash 24. so dot one has been using the router so i will assign dot two to this device so i'm going to ip then addresses and i will add a new entry here 172.16.99.2 slash 24 and i will select the vlan 99 then ok since we are going to need access to this device from multiple networks we can add a default route to get access to it so we need a default gateway going to ip route i can add a new entry and my gateway will be the ip on the router 16 91.1 and we can press ok so now we have one default route for this switch the next step is to provide access to a cpu from the management bill and to do that i need to go to switch and then to vlan and we need to update the entry for billing 99 simply we need to add the switch cpu to the list of ports so you can see that entry switch 1 cpu are going to select that and then i would click ok we are going to do the same and the next step the egress bill and type so we can go there and we can update the entry for blank 99 we just need to add to the list of tag ports the switch 1 cpu so at this point we have added successfully the interface that we are going to use for management purposes we can try the connectivity just by sending a pin to the ip on the router that is 172 1699.1 you can see that we have reply from that interface that means that the traffic is being tagged correctly so we can go back to the process here and you can see that the step number seven the last step is actually the one that is going to enable all the configuration that we have performed at this point and basically we need to enable the invalid bill and filtering the idea here is that if the switch receives traffic from vlans that are not listed on the table then it's going to drop that traffic to complete the step number seven i'm going to switch and then to settings so i'm going to click here on settings and you can see that the second tab is called billan so the second option here is drop if invalid billion on ports so basically we need to add all the ports all the active ports so in this case we have ether1 sfp2 3 4 5 and 6 and finally i will click ok after enabling that filter if we are connected to one of the access interfaces then we are going to lose direct access to that switch so in my case i'm connected now in the port sfp 3 i'm going to add one ip from that network to my pc and then i will be able to successfully have communication with the router in this moment we don't have any security policies in that router that means that the router by default is going to allow the communication between those three billions that we have implemented now so we can have access to that device by using the ip99.2 that is configured on s1 so i'm going to my network card here and i will set an ip from the network for vlan 10 so i'm going to ipv4 and i will change that ip to 172 16 10 50 for example and my default gateway will be 172.1610.1 i don't need the dns server at this point that means that at this point i must have connectivity with my default gateway so i'm going to the command prompt here and i will ping my default gateway 172 1610.1 and you can see that i can successfully ping the router to make this process easier i'm going to add to the acp servers on the router one for bill and 20 and one for bill and 10. so i will open the winbox and i will go directly to the router 172 16 10.1 and then i'm going to create two dhcp servers by going to ip the acp server the acp setup and i will select vlan 10 will accept all the default configuration provided by the wizard and then i'll do the same for vlan 20. so consider i have two dhcp servers that means that at this point i can go back to my network card here and i will change the configuration from static to the acp for my card so i'm going to ipv4 and i will change this to obtain an ip address automatically and this must take one ip from vlan 10. i'm going to say ip config renew this must take one ip from vlan 10. you can see i have one ip 172 1610 254 i have the default gateway and i have been to internet so that's how i can test the connectivity for vlan 10. so what happened if i move my pc from sfp3 to one of the access port for vlan 20. so i'm going to do that i'm going to my rack here and i will move the connection from sfp3 to sfp 5. i'm back i have moved the connection from sfp 3 to 5 so i'm going to release the ip address that i have now and then i will renew the right pin so if we check now you can see that i have an id from vlan 20. so i have the ip 172 16 20 254 that means that the access ports are working well i can test the connectivity by sending a pin to my default gateway in this case 172 1621 that's working or if i can do the same for vlan 10 that's working and for the management vlan 99.1 remember now i can have access directly to the switch so that means that if i try to go to the wind box and i scan here neighbor so you can see here that i can see that switch there but if i try to get access to it i can do it so that's impossible since we have a filter that is configured on the device i must use the management ip so if i use 172 16 99.2 i can successfully get access to that switch i'm going to change the identity here to s1 and now we are ready to go to the next one today we have learned the seven step process for configuring migrating switches from the families 100 and 200 remember this process applies only for those devices this is the recommended approach from megrotic in this way we can take advantage of the switching process performed at a hardware level if you have enjoyed this video please like it subscribe to the channel enable the notifications we are posting at least one video per week i see you in the next one thank you [Music]

Info

Channel: The Network Trip

Views: 5,299

Rating: undefined out of 5

Keywords: network, networking, ccna, network tutorials, vlans mikrotik, configure vlans mikrotik, mikrotik tutorial, mikrotik crs212, mikrotik crs vlans

Id: swXS4sO8smE

Channel Id: undefined

Length: 21min 53sec (1313 seconds)

Published: Sun May 23 2021