VLAN configuration on the routerOS operating system
For a visual example, I will use the Mikrotik CCR1036-8G-2S + router and the CRS125-24G-1S switch.
This option is currently working in several hotels in Moscow and the Moscow region.
Let's set up a conditional task, so that at each switching node there is a class A network (10.1.0.0/24) for company employees and a class C network (192.168.1.0/24) for WiFi for visitors.
Suppose we have a switching node A with a Mikrotik CCR1036-8G-2S + router, a switching node B with a CRS125-24G-1S switch. Switching nodes A and B will be connected by a communication channel (Trunk) in our case via twisted pair (communication channels (trunk) may be several depending on the number of switching nodes; also if there is a fiber optic and optical module SFP mikrotik, then you can assign a trunk to SFP). I will give below the scheme with use of trunk on twisted pair.
')
We proceed to the configuration of the switching node A with the router Mikrotik CCR1036-8G-2S +.
Let's call our router “router-A”.
We denote physical ports so that there is no confusion as to which networks they belong to. Denote by lan marking the physical ports that will belong to the network (class A) 10.1.0.0/24, by the wifi label, the physical ports that will belong to the network (class C) are 192.168.1.0/24 and by marking the trunk to the physical ports that will be used for the communication channel type trunk.
Let's create virtual interfaces in the bridge tab, to connect the LAN ports.
We create Vlan interfaces with which the 10.1.0.0/24 and 192.168.1.0/24 networks will be transported to the switching node B via a trunk communication channel. VLAN id for the network 10.1.0.0/24 will be 11 , and for the network 192.168.1.0/24 will be 22 . With the help of these id, information about the belonging of traffic to vlan1-lan and vlan2-wifi will be transmitted.
Assign the LAN ports of the router to the virtual interfaces (bridge) according to the above scheme
(I will add this LAN port for possibly future switching node C, for every fireman)
Assign networks to virtual interfaces
The provider provides me with the Internet protocol EOiP. Therefore, you do not pay attention to this command, but configure the Internet access via the wan-port according to the settings provided by your provider.
Set up a pool of addresses being distributed to networks, set up dhcp
We will enable NAT so that devices located on the 192.168.1.0/24 and 10.1.0.0/24 networks have Internet access.
We isolate subnets so that devices from the 192.168.1.0/24 network do not see and do not use devices that are on the 10.1.0.0/24 network. (I prefer this method of isolation; there is another way to isolate subnets using Route Rules, but I will use the Firewall rule)
This rule can be enabled and disabled depending on your need for access to devices from the 10.1.0.0/24 network to 192.168.1.0/24 or vice versa.
Now configure the switching node B with the Mikrotik CRS125-24G-1S switch
Let's call our switch "switch-B":
Let us denote physical LAN ports. Let's unite ports 1 through 8 inclusive in a common hardware switch with ether-1 master port and designate it master, the rest from 2 through 8 inclusively denote slave. We will do the same with ports 9 to 16 inclusive with ether-9 master port.
We create Vlan interfaces on the physical 24 lan-port, with the help of which the networks 10.1.0.0/24 and 192.168.1.0/24 will be transported from the switching node A via a trunk communication channel. Do not forget to specify the vlan id that we specified in accordance with the initial scheme.
Let's create virtual interfaces in the bridge tab for combining LAN ports.
Thus, we have a connection between the switching nodes A and B, connected by a twisted pair, through which two different networks 10.1.0.0/24 and 192.168.1.0/24 pass through VLAN.
This option is currently working in several hotels in Moscow and the Moscow region.
Let's set up a conditional task, so that at each switching node there is a class A network (10.1.0.0/24) for company employees and a class C network (192.168.1.0/24) for WiFi for visitors.
Suppose we have a switching node A with a Mikrotik CCR1036-8G-2S + router, a switching node B with a CRS125-24G-1S switch. Switching nodes A and B will be connected by a communication channel (Trunk) in our case via twisted pair (communication channels (trunk) may be several depending on the number of switching nodes; also if there is a fiber optic and optical module SFP mikrotik, then you can assign a trunk to SFP). I will give below the scheme with use of trunk on twisted pair.
')
We proceed to the configuration of the switching node A with the router Mikrotik CCR1036-8G-2S +.
Let's call our router “router-A”.
system identity set name=router-A We denote physical ports so that there is no confusion as to which networks they belong to. Denote by lan marking the physical ports that will belong to the network (class A) 10.1.0.0/24, by the wifi label, the physical ports that will belong to the network (class C) are 192.168.1.0/24 and by marking the trunk to the physical ports that will be used for the communication channel type trunk.
interface ethernet set [ find default-name=ether1 ] name=ether1-wan interface ethernet set [ find default-name=ether2 ] name=ether2-lan interface ethernet set [ find default-name=ether3 ] name=ether3-lan interface ethernet set [ find default-name=ether4 ] name=ether4-lan interface ethernet set [ find default-name=ether5 ] name=ether5-wifi interface ethernet set [ find default-name=ether6 ] name=ether6-wifi interface ethernet set [ find default-name=ether8 ] name=ether8-trunk interface ethernet set [ find default-name=sfp-sfpplus1 ] disabled=yes interface ethernet set [ find default-name=sfp-sfpplus2 ] disabled=yes Let's create virtual interfaces in the bridge tab, to connect the LAN ports.
interface bridge add name=br1-lan interface bridge add name=br2-wifi interface bridge add name=br3-trunk We create Vlan interfaces with which the 10.1.0.0/24 and 192.168.1.0/24 networks will be transported to the switching node B via a trunk communication channel. VLAN id for the network 10.1.0.0/24 will be 11 , and for the network 192.168.1.0/24 will be 22 . With the help of these id, information about the belonging of traffic to vlan1-lan and vlan2-wifi will be transmitted.
interface vlan add interface=br3-trunk name=vlan1-lan vlan-id=11 interface vlan add interface=br3-trunk name=vlan2-wifi vlan-id=22 Assign the LAN ports of the router to the virtual interfaces (bridge) according to the above scheme
interface bridge port add bridge=br1-lan interface=ether2-lan interface bridge port add bridge=br1-lan interface=ether3-lan interface bridge port add bridge=br1-lan interface=ether4-lan interface bridge port add bridge=br2-wifi interface=ether5-wifi interface bridge port add bridge=br2-wifi interface=ether6-wifi interface bridge port add bridge=br3-trunk interface=ether8-trunk interface bridge port add bridge=br1-lan interface=vlan1-lan interface bridge port add bridge=br2-wifi interface=vlan2-wifi interface bridge port add bridge=br3-trunk interface=ether7 (I will add this LAN port for possibly future switching node C, for every fireman)
Assign networks to virtual interfaces
ip address add address=10.1.0.1/24 interface=br1-lan network=10.1.0.0 ip address add address=192.168.1.1/24 interface=br2-wifi network=192.168.1.0 ip address add address=62.64.2.0/0 interface=ether1-wan network=62.64.2.0 The provider provides me with the Internet protocol EOiP. Therefore, you do not pay attention to this command, but configure the Internet access via the wan-port according to the settings provided by your provider.
Set up a pool of addresses being distributed to networks, set up dhcp
ip pool add name=pool-wifi ranges=192.168.1.50-192.168.1.220 ip pool add name=pool-lan ranges=10.1.0.50-10.1.0.220 ip dhcp-server add address-pool=pool-lan disabled=no interface=br1-lan name=dhcp-lan ip dhcp-server add address-pool=pool-wifi disabled=no interface=br2-wifi name=dhcp-wifi ip dhcp-server network add address=10.1.0.0/24 dns-server=8.8.8.8,8.8.4.4 domain=lan.local gateway=10.1.0.1 ip dhcp-server network add address=192.168.1.0/24 dns-server=8.8.8.8,8.8.4.4 domain=wifi.local gateway=192.168.1.1 We will enable NAT so that devices located on the 192.168.1.0/24 and 10.1.0.0/24 networks have Internet access.
ip firewall nat add action=masquerade chain=srcnat out-interface=ether1-wan src-address=10.1.0.0/24 ip firewall nat add action=masquerade chain=srcnat out-interface=ether1-wan src-address=192.168.1.0/24 We isolate subnets so that devices from the 192.168.1.0/24 network do not see and do not use devices that are on the 10.1.0.0/24 network. (I prefer this method of isolation; there is another way to isolate subnets using Route Rules, but I will use the Firewall rule)
ip firewall filter add action=drop chain=forward disabled=yes dst-address=192.168.1.0/24 in-interface=br1-lan This rule can be enabled and disabled depending on your need for access to devices from the 10.1.0.0/24 network to 192.168.1.0/24 or vice versa.
Now configure the switching node B with the Mikrotik CRS125-24G-1S switch
Let's call our switch "switch-B":
system identity set name=switch-B Let us denote physical LAN ports. Let's unite ports 1 through 8 inclusive in a common hardware switch with ether-1 master port and designate it master, the rest from 2 through 8 inclusively denote slave. We will do the same with ports 9 to 16 inclusive with ether-9 master port.
interface ethernet set [ find default-name=ether1 ] name=ether1-master-lan interface ethernet set [ find default-name=ether2 ] master-port=ether1-master-lan name=ether2-slave-lan interface ethernet set [ find default-name=ether3 ] master-port=ether1-master-lan name=ether3-slave-lan interface ethernet set [ find default-name=ether4 ] master-port=ether1-master-lan name=ether4-slave-lan interface ethernet set [ find default-name=ether5 ] master-port=ether1-master-lan name=ether5-slave-lan interface ethernet set [ find default-name=ether6 ] master-port=ether1-master-lan name=ether6-slave-lan interface ethernet set [ find default-name=ether7 ] master-port=ether1-master-lan name=ether7-slave-lan interface ethernet set [ find default-name=ether8 ] master-port=ether1-master-lan name=ether8-slave-lan interface ethernet set [ find default-name=ether9 ] name=ether9-master-wifi interface ethernet set [ find default-name=ether10 ] master-port=ether9-master-wifi name=ether10-slave-wifi interface ethernet set [ find default-name=ether11 ] master-port=ether9-master-wifi name=ether11-slave-wifi interface ethernet set [ find default-name=ether12 ] master-port=ether9-master-wifi name=ether12-slave-wifi interface ethernet set [ find default-name=ether13 ] master-port=ether9-master-wifi name=ether13-slave-wifi interface ethernet set [ find default-name=ether14 ] master-port=ether9-master-wifi name=ether14-slave-wifi interface ethernet set [ find default-name=ether15 ] master-port=ether9-master-wifi name=ether15-slave-wifi interface ethernet set [ find default-name=ether16 ] master-port=ether9-master-wifi name=ether16-slave-wifi interface ethernet set [ find default-name=ether24 ] name=ether24-trunk We create Vlan interfaces on the physical 24 lan-port, with the help of which the networks 10.1.0.0/24 and 192.168.1.0/24 will be transported from the switching node A via a trunk communication channel. Do not forget to specify the vlan id that we specified in accordance with the initial scheme.
interface vlan add interface=ether24-trunk name=vlan1-lan vlan-id=11 interface vlan add interface=ether24-trunk name=vlan2-wifi vlan-id=22 Let's create virtual interfaces in the bridge tab for combining LAN ports.
interface bridge add name=br-lan interface bridge add name=br-wifi interface bridge port add bridge=br-lan interface=vlan1-lan interface bridge port add bridge=br-wifi interface=vlan2-wifi interface bridge port add bridge=br-lan interface=ether1-master-lan interface bridge port add bridge=br-wifi interface=ether9-master-wifi Thus, we have a connection between the switching nodes A and B, connected by a twisted pair, through which two different networks 10.1.0.0/24 and 192.168.1.0/24 pass through VLAN.
Source: https://habr.com/ru/post/322720/
All Articles