VLAN in MikroTik. By Mohammed Khomeini Bin ABU MUM Indonesia, 2013



Similar documents
VLAN Workshop. Presenter: Paul Eriksson. VLAN Workshop 2009 RoamingNet Sweden ( 1

MikroTik Training Module Understanding VLAN Translation/Rewrites using Switches and Routers

VLANs. Application Note

The Use of Mikrotik Router Boards With Radius Server for ISPs.

Understanding VLAN Translation/Rewrites using Switches and Routers

GregSowell.com. Mikrotik Basics

Cisco - Configure the 1721 Router for VLANs Using a Switch Module (WIC-4ESW)

What is VLAN Routing?

VLAN 802.1Q. 1. VLAN Overview. 1. VLAN Overview. 2. VLAN Trunk. 3. Why use VLANs? 4. LAN to LAN communication. 5. Management port

Enabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches

Quality of Service in wireless Point-to-Point Links

Implementation IPV6 in Mikrotik RouterOS. by Teddy Yuliswar

MPLS for ISPs PPPoE over VPLS. MPLS, VPLS, PPPoE

FSM73xx GSM73xx GMS72xxR Shared access to the Internet across Multiple routing VLANs using a Prosafe Firewall

High Availability on MikroTik RouterOS

Digi Connect WAN Application Guide Using the Digi Connect WAN and Digi Connect VPN with a Wireless Router/Access Point

Pre-lab and In-class Laboratory Exercise 10 (L10)

CCT vs. CCENT Skill Set Comparison

CCNA. Course Fee: 8500 INR (Lab Access, Software s, Books, Tool Kits & Tax Included) Course Duration: 5 Days

IT 3202 Internet Working (New)

GS700TS FS700TS Access to the Internet on multiple VLANS using Multi- Homing

Wireless Local Area Networks (WLANs)

Switching in an Enterprise Network

Configuring Switch Ports and VLAN Interfaces for the Cisco ASA 5505 Adaptive Security Appliance

Create Virtual AP for Network Campus with Mikrotik

Interconnecting Cisco Networking Devices, Part 1 (ICND1) v3.0

: Interconnecting Cisco Networking Devices Part 1 v2.0 (ICND1)

Configuring Network Address Translation (NAT)

Management Software. Web Browser User s Guide AT-S106. For the AT-GS950/48 Gigabit Ethernet Smart Switch. Version Rev.

Exhibit n.2: The layers of a hierarchical network

CAPsMAN Case Study. Uldis Cernevskis MikroTik, Latvia. MUM Pittsburgh September 2014

SSVP SIP School VoIP Professional Certification

MIKROTIK NETWORK SIMULATOR

ASUS WL-5XX Series Wireless Router Internet Configuration. User s Guide

Cisco Certified Network Associate Exam. Operation of IP Data Networks. LAN Switching Technologies. IP addressing (IPv4 / IPv6)

CHAPTER 6 DESIGNING A NETWORK TOPOLOGY

Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials.

Cisco Certified Network Associate (CCNA) 120 Hours / 12 Months / Self-Paced WIA Fee: $

Optimum Business SIP Trunk Set-up Guide

Cisco Networking Professional-6Months Project Based Training

Expert Reference Series of White Papers. Basics of IP Address Subnetting

Interconnecting Cisco Network Devices 1 Course, Class Outline

Overview of Routing between Virtual LANs

Objectives. The Role of Redundancy in a Switched Network. Layer 2 Loops. Broadcast Storms. More problems with Layer 2 loops

Vocia MS-1 Network Considerations for VoIP. Vocia MS-1 and Network Port Configuration. VoIP Network Switch. Control Network Switch

MikroTik RouterOS Workshop Load Balancing Best Practice. Warsaw MUM Europe 2012

Chapter 1 Configuring Basic Connectivity

How To Configure Voice Vlan On An Ip Phone

Installation of the On Site Server (OSS)

MikroTik Certified Network Associate (MTCNA) Training outline

2. What is the maximum value of each octet in an IP address? A. 28 B. 255 C. 256 D. None of the above

Device Interface IP Address Subnet Mask Default Gateway

Formación MTCUME. MikroTik Certified User Manager Engineer. Pre-requisitos: - Certificación MTCNA

Configuring H.323 over Port Network Address Translation (PNAT) for Avaya IP Endpoints using the Avaya SG200 Security Gateway - Issue 1.

Schedule. MikroTik RouterOS Training User Management. Instructor. Housekeeping. Topics Overview. Course Objective 8/1/2014

Note! The problem set consists of two parts: Part I: The problem specifications pages Part II: The answer pages

TECHNICAL NOTE. GoFree WIFI-1 web interface settings. Revision Comment Author Date 0.0a First release James Zhang 10/09/2012

Zarząd (7 osób) F inanse (13 osób) M arketing (7 osób) S przedaż (16 osób) K adry (15 osób)

Internet Access Setup

Internet Access Setup

estadium Project Lab 8: Wireless Mesh Network Setup with DD WRT

Networking 4 Voice and Video over IP (VVoIP)

OSBRiDGE 5XLi. Configuration Manual. Firmware 3.10R

Internetworking II: VPNs, MPLS, and Traffic Engineering

WISP 101. The DO s and DON T s of becoming a Wireless ISP

RedRapid X WIRELESS MODEM ROUTER. Quick Installation Guide (DN-7060)

Creating a VPN Using Windows 2003 Server and XP Professional

Apple Airport Extreme Base Station V4.0.8 Firmware: Version 5.4

CCNA Discovery Networking for Homes and Small Businesses Student Packet Tracer Lab Manual

UPPER LAYER SWITCHING

SSVVP SIP School VVoIP Professional Certification

WLAN Outdoor CPE For 2.4G. Quick Installation Guide

LAN Switching and VLANs

Lab Organizing CCENT Objectives by OSI Layer

Computer Networks I Laboratory Exercise 1

Implementation of Virtual Local Area Network using network simulator

Welcome to Todd Lammle s CCNA Bootcamp

PPTP Tunnel. Table of Contents. General Information. Summary

Layer 2 / Layer 3 switches and multi-ssid multi-vlan network with traffic separation

PPTP Server Access Through The

MikroTik Invisible Tools. By : Haydar Fadel 2014

How To Learn Cisco Cisco Ios And Cisco Vlan

IP Security. IPSec, PPTP, OpenVPN. Pawel Cieplinski, AkademiaWIFI.pl. MUM Wroclaw

VLAN and QinQ Technology White Paper

"Charting the Course...

UTM10 in multi-ssid, multi-vlan network with WMS5316. Network diagram

Course Contents CCNP (CISco certified network professional)

Knowledgebase Solution

For instance ->: Addition "RFC1483 routed" : a.) Go to configuration\wan connections\ Create a new service b.) ATM \ select "RFC1483 routed".

Mobile Router MR600 User Guide

Slide 1 Introduction cnds@napier 1 Lecture 6 (Network Layer)

Top-Down Network Design

A Addendum to LCOS-Version 7.20

Network Detector Setup and Configuration

ProSAFE 8-Port and 16-Port Gigabit Click Switch

Advanced Higher Computing. Computer Networks. Homework Sheets

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

BASIC ANALYSIS OF TCP/IP NETWORKS

Chapter 1 Configuring Internet Connectivity

Transcription:

VLAN in MikroTik By Mohammed Khomeini Bin ABU MUM Indonesia, 2013

About Presentation To help you understand fundamental of Virtual Local Area Network (VLAN) and implementation in MikroTik router To explain a few example of implementation in site To show example running VLAN in several MikroTik routers 2

About Me.. Mohammed Khomeini Bin Abu MikroTik Certified Engineer (MTCINE, MTCRE, MTCWE, MTCTCE, MTCUME) MikroTik Certified Trainer (TR0204) MikroTik Certified Academy Trainer (ACTR0062) Network Consultant 3

Introduction Content VLAN Implementation Conclusion 4

INTRODUCTION TO VLAN 5

Virtual LANs WHAT? (1) Most commonly used protocol for VLAN on an ethernet network is 802.1Q It insert 4 byte tag into a standard ethernet frame Working at Data Link Layer (OSI Layer 2) Maximum number of VLAN in one interface is 4095 6

Virtual LANs WHAT? (2) Each VLANs is treated as separate subnet / broadcast domain. Devices on a VLAN are restricted to only communicating with devices that are on their own VLAN MikroTik also support Vlan over Vlan / 802.1QinQ / 802.1ad 7

Virtual LANs WHY? (1) Provide segmentation 8

Virtual LANs WHY? (2) Multiple LAN in a single physical interface Make the local network more simple Multiple broadcast domain in a single physical interface VLANs can increase security and management of different network in one single interface Priority 9

Virtual LANs - Parameter Edge ports: (Untagged, in Cisco: called Access Port) Switch port that configure as a part of the vlan This port not send 4 byte vlan tag. Used for device that not pass the VLAN, like computer, printer, server, etc. Core port: (Tagged, in Cisco: Trunk Port) Switch port configured to send 4 byte or more VLAN tag. Used for device that support VLAN technologies like switches, manageable switch, routers, etc. 10

11

Virtual LANs in MikroTik (1) In RouterOS, VLAN can be implemented in switch environment and in router environment simultaneously. Also possible to run VLAN in wireless or bridge interface It is not possible to have VLAN put on a wireless interface in a station mode FILO VLAN tagged is used for 802.1QinQ implementation 12

Virtual LANs in MikroTik (2) To create vlan in MikroTik, you should have the interface first (if you want to implement in bridge interface) VLAN ID = unique Interface for trunk / access 13

802.1Q Flow Chart in RouterOS Start 1 Accept 802.1Q? NO 2 Create access bridge YES Create trunk bridge Add port (interface) and vlan to access bridge Add port (interface) to trunk bridge NO Create DHCPserver? Create access port? NO Create DHCPserver? NO 2 YES YES Create vlan on trunk interface YES Create vlan on trunk interface Create IP address and DHCP setup at Vlan interface 1 Created By Mohammed Khomeini Abu 2 Finish 14

VIRTUAL LANS IMPLEMENTATION 15

How Virtual LANs implemented in : Small network (SOHO) Medium network (SME) Wireless network Tunneling 16

Virtual LANs SoHo (1) Have only single router and single/multi managed switch Create 2 VLAN in MikroTik router Vlan-100 = office Vlan-200= wifi 17

Virtual LANs SoHo (2) Public Interface 18

Virtual LANs SoHo (3) R1 Configuration IP Address, Subnet Mask, Default Gateway and masquerade is configured at ether1 To be able to forward tagged packet, we need to create trunk bridge [admin@r1] > interface bridge add name=bridge-trunk protocol-mode=rstp Add port (interface) that you want to forward the VLAN in the trunk bridge (at least 1 port) [admin@r1] > interface bridge port add interface=ether5 bridge=bridge-trunk Add VLAN on trunk interface (bridge-trunk) [admin@r1] > interface vlan add name=vlan-100 interface=bridge-trunk vlan-id=100 [admin@r1] > interface vlan add name=vlan-200 interface=bridge-trunk vlan-id=200 19

Virtual LANs SoHo (4) Create IP Address for VLAN [admin@r1] > ip address add address=192.168.100.1/24 interface=vlan-100 [admin@r1] > ip address add address=192.168.200.1/24 interface=vlan-200 Create DHCP setup for interface vlan-100 and vlan-200 with public DNS (8.8.8.8 and 8.8.4.4) Connect managed switch into interface=ether5 Configure managed switch as desired 20

QUIZ From 21

Virtual LANs SME (1) You have more than one router Create 3 VLAN in MikroTik router Vlan-100 = office Vlan-200 = wifi Vlan-230 = voip 22

Virtual LANs SME (2) Public Interface 23

Virtual LANs SME (3) R1 Configuration IP Address, Subnet Mask, Default Gateway and masquerade is configured at ether1 To be able to forward tagged packet, we need to create trunk bridge [admin@r1] > interface bridge add name=bridge-trunk protocol-mode=rstp Add port (interface) that you want to forward the VLAN in the trunk bridge [admin@r1] > interface bridge port add interface=ether2 bridge=bridge-trunk [admin@r1] > interface bridge port add interface=ether5 bridge=bridge-trunk 24

Virtual LANs SME (4) Add VLAN on trunk interface (bridge-trunk) [admin@r1] > interface vlan add name=vlan-100 interface=bridge-trunk vlan-id=100 [admin@r1] > interface vlan add name=vlan-200 interface=bridge-trunk vlan-id=200 [admin@r1] > interface vlan add name=vlan-230 interface=bridge-trunk vlan-id=230 To create access port, create access bridge interface first. [admin@r1] > interface bridge add name=bridge-vlan-230 Then add access port interface and VLAN into the access bridge [admin@r1] > interface bridge port add interface=ether4 bridge=bridge-vlan-230 [admin@r1] > interface bridge port add interface=vlan-230 bridge=bridge-vlan-230 25

Virtual LANs SME (5) Create IP Address [admin@r1] > ip address add address=192.168.100.1/24 interface=vlan-100 [admin@r1] > ip address add address=192.168.200.1/24 interface=vlan-200 [admin@r1] > ip address add address=192.168.230.1/24 interface=vlan-230 Create DHCP setup for interface vlan-100, vlan-200, and vlan-230 with public dns (8.8.8.8 and 8.8.4.4) Connect managed switch into interface=ether2 Configure managed switch as desired 26

Virtual LANs SME (6) R2 Configuration Create bridge interface [admin@r2] > interface bridge add name=bridge-trunk Add interface that we want to forward tagged (trunk) packet to bridge-trunk interface [admin@r2] > interface bridge port add interface=ether2 bridge=bridge-trunk [admin@r2] > interface bridge port add interface=ether5 bridge=bridge-trunk Connect managed switch into interface=ether2 Configure managed switch as desired 27

Virtual LANs Wireless (1) Public Interface 28

Virtual LANs Wireless (2) R1 Configuration IP Address, Subnet Mask, Default Gateway and masquerade is configured at ether1 To be able to forward tagged packet, we need to create trunk bridge [admin@r1] > interface bridge add name=bridge-trunk protocol-mode=rstp Add port (interface) that you want to forward the VLAN in the trunk bridge (at least 1 port) [admin@r1] > interface bridge port add interface=ether5 bridge=bridge-trunk 29

Virtual LANs Wireless (3) Add VLAN on trunk interface (bridge-trunk) [admin@r1] > interface vlan add name=vlan-100 interface=bridge-trunk vlan-id=100 [admin@r1] > interface vlan add name=vlan-200 interface=bridge-trunk vlan-id=200 Create IP Address [admin@r1] > ip address add address=192.168.100.1/24 interface=vlan-100 [admin@r1] > ip address add address=192.168.200.1/24 interface=vlan-200 Create DHCP setup for interface vlan-100 and vlan-200 with public dns (8.8.8.8 and 8.8.4.4) 30

Virtual LANs Wireless (4) R2 and R3 Configuration Create bridge interface [admin@r2] > interface bridge add name=bridge-trunk Add interface that we want to forward tagged (trunk) packet to bridge-trunk interface [admin@r2] > interface bridge port add interface=ether1 bridge=bridge-trunk [admin@r2] > interface bridge port add interface=wlan1 bridge=bridge-trunk Configure Wireless interface as ap-bridge (for R3, wireless interface is configured as mode=stationbridge) [admin@r1] > interface wireless set wlan1 mode=ap-bridge disabled=no In R3, connect managed switch into interface=ether1 and configure managed switch as desired 31

Virtual LANs over PPTP (1) RouterOS supported bridge through Point to Point Tunnel Protocol (PPTP) using BCP (Bridge Control Protocol). BCP allows to bridge ethernet packet through PPP link To implement VLAN over PPTP tunnel, we should use BCP and MLPPP feature to forward packet between segment / subnet. 32

Virtual LANs PPTP (2) R1 will become dhcp-server for vlan-100 and vlan-200 R4 will forward untagged packet to ether5 for client Create PPTP Server (R1) and client (R4) 33

Virtual LANs over PPTP (3) Make sure there is a routing between R1 to R4 R1 Configuration IP Address, Subnet Mask, Default Gateway and masquerade is configured at ether2 Create bridge interface [admin@r1] > interface bridge add protocol-mode=rstp name=bridge-pptp Add port (interface) that you want to forward the VLAN in the trunk bridge (at least 1 port) [admin@r1] > interface bridge port add interface=ether5 bridge=bridge-pptp 34

Virtual LANs over PPTP (4) Add VLAN on trunk interface (bridge-pptp) [admin@r1] > interface vlan add name=vlan-100 interface=bridge-pptp vlan-id=100 [admin@r1] > interface vlan add name=vlan-200 interface=bridge-pptp vlan-id=200 Create IP Address [admin@r1] > ip address add address=192.168.100.1/24 interface=vlan-100 [admin@r1] > ip address add address=192.168.200.1/24 interface=vlan-200 Create DHCP setup for interface vlan-100 and vlan-200 with public DNS (8.8.8.8 and 8.8.4.4) 35

Virtual LANs over PPTP (5) Create PPTP-Server with BCP and MLPPP enabled [admin@r1] > ppp profile add bridge=bridge1 name=pptp-bridge [admin@r1] > interface pptp-server server set enabled=yes default-profile=pptp-bridge \ [admin@r1] > mrru=5000 [admin@r1] > ppp secret add name=pptp-user password=1234 profile=pptp-bridge \ [admin@r1] > local-address=1.1.1.1 remote-address=2.2.2.2 R4 Configuration Create bridge interface [admin@r4] > interface bridge add protocol-mode=rstp name=bridge-pptp Add interface that we want to forward tagged (trunk) packet to bridge-trunk interface [admin@r4] > interface bridge port add interface=ether5 bridge=bridge-pptp 36

Virtual LANs over PPTP (6) Create PPTP-Server with BCP and MLPPP enabled [admin@r4] > ppp profile add bridge=bridge-pptp name=pptp-bridge [admin@r4] > interface pptp-client add connect=192.168.12.1 user=pptp-user \ [admin@r4] > password=1234 profile=pptp-bridge mrru=5000 disabled=no [admin@r4] > Connect managed switch into interface=ether5 Configure managed switch as desired 37

CONCLUSION 38

Conclusion All VLAN should be put in bridge interface as it is easy to manipulate whether it is a trunk port or an access port. The disadvantage is we create more header on data link layer When you don t enable MLPPP in PPP tunnel, you still can use internet but slow, cause the packet has been fragmented. In wireless mode, should use other than mode=station Remember flow chart 39

References 1. wiki.mikrotik.com 2. Cisco CCNA modules 3. Vlan workshop, www.roamingnet.com 4. id-networkers.com 5. www.mikrotik.co.id 40

Credit to Mr. Rofiq Fauzi Mr. Pujo Dewobroto Mr. Gatot Wibowo Hamiseno Mr. Herry Darmawan Mr. Mat Dawam Abas MikroTik Team 41

Mohammed Khomeini Bin Abu khomeini1980@gmail.com +6013-7221134 (whatsapp) 42

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information