Separate WLAN and LAN users using VLANs on MikroTik RouterOS v7

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hi everyone marhabad here again so in this new video I would like to show you a Microtech lab and this lab is going to be with the the VLAN so I have a customer who has a Microtech router in his office and he told me that I want to separate my wireless to My Lan user so he wants to use vlans by separating them on layer 2 and of course on layer 3 so that means that the wireless will be on a separated VLAN then the people who are connected to the wired Network so this is something we can do with also when we want to make for example a wireless forecast so anyway guests coming to our office or to our home then we can put them in a separated VLAN and that means we are having a separation on layer 2 and we are going to have separation on layer 3 and of course we can also apply quality of service if you want we can do some firewall rules on that VLAN so we do have a lot of of possibility to do when we work with Villas but for now to make it simple I have a microc router which doesn't have any configuration on it I want to configure it to have the internet so those steps I'm gonna go fast with them because I have already explained in another video about how to connect the MasterCard to the Internet so that's one thing the second thing I'm going to make first step is to put the wireless anyone connected to the wireless to be on a separated VLAN and anyone connected to the ports of the microc router to be also on a separated VLAN so I'm going to show you that step by step using the latest step microtec router as version 7.6 so let's go directly and start with the lab so this is my lab Channel actually it's a straightforward I have one computer connected to the micro router of course the IP is not correct so it shouldn't be 191 C8 I'm gonna put another IP but yeah that's it Computer microclutter Micro tracker to the internet and the micropter needs to be connected to the internet and we need to do revealance 140 Wireless and 140 wired Network so let's go directly to the micro character so this is my router over here again I do not have any congression on the shutter I only put a password and I'm connected to the port ethernet too so let's do the configuration so we have uh this router connected to the Internet so I will go to IP the HTTP client and I will enable the DHCP connect on ethernet 1 interface so this router is now able to go to the Internet so if we pick to 8.8.8.8 we can see it is connected to the internet all right very good now the second steps that we need to do is to think of first the wireless so we need to put the wireless on a VLAN so on this router if you look on the wireless I do have two uh wireless LAN so two wireless LAN interfaces one for the 2.4 and 145 gigahertz let's enable both of them because I want to use both of them then I'm gonna make a password so anyone connected to the wireless you should put a password so let's create a password we make it very simple for this lab I'm gonna use the password we used a WPA2 psk of course one two three four five six seven eight nine so just to make it simple very good now I will go to the wireless on WLAN one I will enable AP Bridge let's use the N so which is the latest technology on the 2.4 gigahertz of course here you can do many things more so you can see what frequency we should use using the frequency usage but I'm gonna make it very simple for this lab I'm not going to make any difficult things about the wireless configuring the wireless but because my point is to show you about how to do dividends so I will leave everything the same same exercise these same frequency same channel band but here we have just to put a the password that we have configured which is profile one and then I'll say okay I will do the same on wlan2 which is for 5 gigahertz I would say AP Bridge I'm gonna use in this case uh only AC so same SSID and I'm going to make it profile one and that's it so now uh we go back to the router because we got disconnected just let's check if everything is correct that we have done on wln 2 so IP Bridge the profile one this is all fine also WLAN one all fine so now the wireless is enabled but of course anyone connected now it doesn't have IPS at all so now we have to think of making the villain let's say that this Wireless so anyone connected to what the wireless WLAN one or wlan2 will go to VLAN let's say VLAN then okay very good so now what I need to do I have to bridge them together so because I want that the two uh anyone connected to the wireless to go to the Internet so let's put a bridge I will call it Bridge WLAN so this is a bridge WLAN and I'll put inside this bridge I will put the wm1 and I will put the w92 very good now we go one step back to the wireless let's add the interfaces we said that those are going to be on VLAN times so if we scroll down over here you can see you have VLAN mode we have no tag and VLAN ID is one so I'm gonna say I'm gonna use Stag and anyone connected to this Wireless will be on VLAN 10. so this is 42.4 gigahertz I will do the same 45 gigahertz so I'll go down over here anyone connected to the uh Wireless on the 5 gigahertz I will use the tag and I will say it is on VLAN time excellent so now we have to do the configuration of the eyepiece all right so remember anyone connected now to the wireless will be on VLAN time but do we have a villain 10 giving IP addresses we do not have right because we need to have a v910 to give IP address so I'm going to go to the interface and I'm gonna create a VLAN interface which is our name in vilantan we're not done and I will put it under the bridge WLAN where we have the two uh wireless cell and all right so I'll put it over there so what's gonna happen now is that anyone from for example his phone connected to the Y should we go to v910 but then there is an interface called VLAN time that I'm creating now which will have an IP address and we will also configure there should be so this will provide for the users the IP address uh the subnet Master Gateway and the DNS all right very good so I will say here okay so the VLAN 10 has been created let's put on it an IP address IP address I'm gonna use the range of 10.10.10.1 as being v910 so we make it like this and now we put it on the VLAN 10. yeah so this has an IP we create now at the HTTP server so anyone connected to the wireless will get an IP address from the DHCP server on the vlantern next so this is the rash correct this is the Gateway correct these are the range of ips DNS and that's it now the last point to do is to make the uh of course the not because if we don't have Nat then the local IPS will not be able to go to the Internet so I have to say IP firewall not anyone from Source natural I would say here out interface ethernet one which is my one the action is to masquerade then okay very good so for now anyone who is connected to the wireless he should be able to be on VLAN 10 and have an IP and be able to go to the internet let's check I will take my phone now and uh I will go from my phone I will show you my phone in a moment on the screen all right so this is my phone let's bring it here yeah so this is my phone now if I connect this is the microt if you see it if I connect to microtic then normally it should ask for the password but I think because I made it before it didn't ask for the password now if you want we can just yeah let's remove it only that's fine we can we can look about the information now so look he got an IP if you see here then the 10.10.254 that means from vinanta excellent if I go back now to the router and I go to the IP P server we can look at the lease so here we go he got an IP of 10.10.10.254 he connected to w92 and then he got this IP now if I want to do torch to see if it's really on villain 10 so I can go to tools I go to torch and we shot is connected to w92 and then I make torch actually it is connected yeah to w92 correct so look the vlans 10 are showing up so I just need to make some traffic from my phone let me just issue a pink or whatever so just to show you what's gonna happen so this is the Ping has started so you can see I'm ping into a.a.8.8 you can see it over here and it is putting on freelancer so my phone is now on VLAN tan so that is the best way to make the separation on the VLAN for the wireless now because it's connected to wlan2 I want to check um if we disable WLAN through so the wireless I will disable WLAN to show it connect to wlan1 and also to check if it's gonna work so I disabled wlan2 and now I can see it is on my phone let's check if yeah it is connected to Mike tick so I can show you here it is my phone Duke it's connected now to micro Tech so that means it's connected to WLAN one very good now uh if we do again Porsche let's have a look if we can have torch now open again so if we look for torch and now we go to wlm1 now and start and I will issue some traffic from my phone so like Ping we'll have to put W1 actually start so here we go the pink and it is on Valentine so now I made both Wireless interfaces to be on uh VLAN then so now the next step is that I want that also the wired users to be on another VLAN which is the VLAN 20. so I will stop this now uh let me also stop the Ping on my phone so it doesn't stay pinging all the time now it stopped and let's now do the configuration and to show you how I can put also the wired users that means anyone connected to the interfaces which are the physical interfaces of course ethernet one now because that's the one so two three four and five so actually I'm gonna use two four and five I will leave three without I make on the congregation so in case I did I need a random configuration then I can still go to ethernet 3 and connect to the micro character because I'm gonna show you that once we enable the villain filtering on the bridge then if you didn't do the configuration correctly you may not get access to the router anymore so I will leave the detail phase ethernet 3 out so I'm gonna do two three two four and five we put them on VLAN uh 20. all right very good so how to do that first we have to create a bridge again so here we have bridge for WLAN we create a bridge now and I will call it Bridge 40 lamp Richland all right and uh on the bridge land what I'm going to do I'm gonna put the ports which are ethernet 2 on the bridge land so we may get disconnected because I'm connected to the router on ethernet 2 because we moved the port and we put it in the bridge anyway let's continue in case we got disconnected we will connect again output 4 inside Richland and I will put five inside the bridge line excellent so now those are there now what I need to do is also under this bridge so if we look here on the interface under this bridge land as we have done on the bridge GW land we put villain 10 under it output VLAN 20 under so I would create an interface which is VLAN 20 and that's needed also for the dhtp like we have done on the wireless line so VLAN 20 I would call it been an id20 and it is under the bridge land excellent so we can see this is under the bridge now very good now we go one step back again to the bridge because on the wireless we could make directly on the wireless interfaces which I did is going to be on VLAN 10. we made it on the wireless while on the the ethernet ports we cannot do that so what I'm going to use I'm going to use the bridge settings to be able to do the vlans so I'm gonna go to the bridge actually the Bridgeland and from here before you enable VLAN filtering that's the last step you have to do because once you enable rely on filtering you will not gain access to the data anymore if you did a rank configuration so before we do that we have to go to the ports and then we have to say on the ethernet 2 I'm going to make it on VLAN 20. yeah that's what I have to do on VLAN on interface ethernet 4 I'm gonna put it on b920 on interface so three that that was three now four I'm gonna put it on uh VLAN 20. so I just put it inside v920 the interface 2 4 and 5. excellent now I will go to the vlans over here and over here I have to say um on the bridge land we have VLAN 20 the tag that means the one which has the tagging HD Bridge VLAN and the untagged are ethernet 2. four three and four so the interface was going to be tagged as the interface bridge line and then the untagged are ethernet two three and four because at the end the devices does not understand vlans so those should be untied and then I will say here okay now the last step to do here is to go to the bridge and from the ridge to enable the VLAN filtering but before I do this step because we might not get contact if we made any mistake on the conclusion I don't think we did the mistake but just in case so before we do that let's enable the DHCP server on the VLAN 20. so I will go to the IP the HTTP server and then we go over here as we have done for the VLAN 10 we do for VLAN 20. so I would create the HTTP server on the VLAN 20 so actually v920 we have to put an IP address on it first IP address is going to be 10.20 to 20.1 24 remember we have to put IPS B4 we make the the HTTP server so on that interface which is the Gateway should have an IP very good and now I'll go back to the HTTP server on v920 this is the range correct and then DNS and that's it so now any computer connected to the post too three now three we didn't put it two four and five there one it send the traffic to the router then the router will see oh this is coming from that Port so I have to put it on VLAN 20 and then to put it on v920 then it will of course Let It Go from the VLAN a 20 interface that we've created under the bridge now also one it asks for an IP from Dash over it's going to give it an IP address from the VLAN 20 the HTTP server that we have made it on v920 so here we have still less step to do is to go to the bridge and dynamic bin and filtering enabled and then I'll say apply and okay very good so that's all what we have to do now and now let's check if my computer will be connected so I think I have already the interface open somewhere here so here it's my interface at this moment if we go to the status I'll make details so it doesn't have an IP 169 so that's an IP pi to others so what I'm going to do I'm going to disable it and then I'm going enable it again to see what's going to happen so it's identifying now let's wait if it can get an IP we go to status here we go it got something and I will check now on detach again 10 to 20 to 20.254 excellent so now my computer is connected to the internet and it's on VLAN uh 20. so if you want I can just do a thing from my computer so let's open the pink and make things to 8.8.8.8 minus t just to keep it open so it is working now I will go to my router and I will make torch so the Ping is still uh working and then I'll make torch and let's make torch on the bridge so I can see if the VLAN 20 will show up here we go look this is the pink and it is on VLAN 20. so you can see this straightforward how you can do it and it's working perfectly so now the last thing that I want to show you let's stop the pink and the torch the last thing that I want to show you is that I want to move my cable from ethernet 2 I put it on ethernet 4 to see if we are still be able to be connected so let's do again the pink I will make the pink make it open and then I will move my cable from ethernet to I put it on ethernet 4 so that is now on ethernet 4 port which should be also on the v920 let's see first here we go connected and now if we go to the router and then we make torch again on the bridge land and we can see that here we go that is the PIN coming from my computer and it is on VLAN 20. excellent of course if we do the same on the interface ethernet 5 it's gonna be the same so this is all what I wanted to show you in this video again this is something that it happened that one of my customers asked me to do this congregation so I said it's a good idea that also to show you how this can happen and make a video on it and put it on my YouTube channel so if you like my way of teaching please do not forget to make a like subscribe and click on the Bell because uh add more I have people watching my video the more I have traffic the more it's profitable for me and the more I can do videos like this video thank you very much for your time until next time foreign

Info

Channel: MAICT

Views: 23,498

Rating: undefined out of 5

Keywords: vlan mikrotik, vlan on mikrotik, vlan in mikrotik, mikrotik vlans, mikrotik vlan setup, how many vlans can you have, mikrotik vlan filtering, mikrotik vlan configuration step by step pdf, who owns mikrotik, vlan mikrotik tutorial, mikrotik vlan example, mikrotik vlan bridge vs switch, how to configure vlan on mikrotik switch, mikrotik vlan trunk port, vlan mikrotik bridge, Maher Haddad, mynetworktraining.com

Id: 4UKRsrN91UE

Channel Id: undefined

Length: 20min 55sec (1255 seconds)

Published: Fri Dec 16 2022