Results 1 to 1 of 1

Thread: Routing in Mikrotik VLANs

  1. #1
    Super Moderator patris_70's Avatar
    Join Date
    Jan 1970
    Post Thanks / Like

    Default Routing in Mikrotik VLANs


    In the previous article[Only Registered and Activated Users Can See Links. Click Here To Register...] I explained what the 802.1Q and how it can be used to carry multiple VLANs on a single Ethernet connection. This article also explored the VLAN settings on Linux.

    This article today is about configuring VLANs on Mikrotik.


    VLANs allow the isolation of traffic between equipment groups in the network, creating islands. A router as Mikrotik can make the inter-connection between these VLANs, with the advantage of being an outfit that he can apply filters to L3/L4 QoS and in that process. Ie: if you use the Mikrotik to such interconnection, we have a better control of what is trafficked or not.

    Even we can completely isolate the VLANs. We can create rules allowing each VLAN to access the Internet, but prevents them from communicating with each other.

    Configuring VLANs

    To configure VLANs on Mikrotik is very simple, just a command to create it. Go to the context interface -> vlan
    [Admin @ MikroTik] interface vlan>
    And type the command:
    add name = vlan-id = NOME_DA_VLAN VLANID interface = InterfaceName
    Change the name of your NOME_DA_VLAN VLAN (worth any string). The VLANID is the number of the VLAN you must have created on your Ethernet switch and InterfaceName is the interface name in Mikrotik (ether0, ether1, etc.)..

    For example to create two VLAN port ether1: 108 and 20 and with names and client cliente1 23. To do this use the command:
    [Admin @ MikroTik] interface vlan> add name = cliente1 vlan-id = 108 interface = ether1
    [Admin @ MikroTik] interface vlan> add name = cliente23 vlan-id = 20 interface = ether1
    To check the result, use the print command:
    [Admin @ MikroTik] interface vlan> print
    Flags: X - disabled, R - running
    0 X cliente1 1500 enabled 108 ether1
    1 X 23 enabled cliente23 1500 ether1
    Note that the lines have the number 0 (first number in line) and is disabled (it has an "X" on that line). We then need to enable these VLANs:
    [Admin @ MikroTik] interface vlan> enable 0
    [Admin @ MikroTik] interface vlan> enable 1

    Now the print command should show the two VLANs enabled:
    [Admin @ MikroTik] interface vlan> print
    Flags: X - disabled, R - running
    Cliente1 0 R 1500 enabled 108 ether1
    1 R 1500 enabled cliente23 23 ether1
    Using the interfaces created

    Mikrotik now has two new interfaces: cliente1 and cliente23. For instance, to associate an IP address to each interface, go to the context ip -> address and type:
    [Admin @ MikroTik] ip address> add address = interface = cliente1
    [Admin @ MikroTik] ip address> add address = interface = cliente23
    You can use this name in the filters, rules, QoS, etc..


    Mikrotik is easy to configure, the complex is come up with the network that will use these VLANs. There are some common mistakes you may commit if you have no experience with routing and VLANs and all these errors are external to Mikrotik

    Routing and addressing

    If you do not have good knowledge of routing, addressing, and network mask, get help to those who understand. It is common in such cases (when not dominating this issue) put network addresses equal in different VLANs (causing conflict) or addresses in different networks equipment within the same VLAN.

    Switch configuration

    The VLAN is not a magical thing that is jumping the network happy and smiling crazy to obey you by telepathy. The network as a whole has to be consistent with markup (tag) packages and appropriate setting of the gates.

    The port Ethernet switch that is connected to Mikrotik has to be configured with VLANs, the same numbers that the Mikrotik VLANs (for example, if you created the VLAN-ID 108 in Mikrotik have to have a tagged VLAN on switches 108).

    داخل انجمن سوال کنید تا دیگران هم اگر مشکل شما را دارند یا برایشان در آینده پیش بیاید استفاده کنند. پیغام خصوصی برای جواب دادن به سوال نیست.

  2. # ADS
    Circuit advertisement
    Join Date

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

علاقه مندی ها (Bookmarks)

علاقه مندی ها (Bookmarks)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts