Community discussions

MikroTik App
 
samih
newbie
Topic Author
Posts: 42
Joined: Tue Jan 25, 2011 9:48 am
Location: Lebanon

VLAN using RB750

Tue Aug 28, 2012 9:51 am

hello i am using RB750. here is the scenario:
i want to use 3 ports : ether1, ether2 and ether3
ether1 is on vlan 1, ether2 is on vlan 2. and i want vlan 1 and vlan 2 to be separated from each other but i also want vlan 1 and vlan 2 to communicate with ether3

please help.
 
djdrastic
Member
Member
Posts: 367
Joined: Wed Aug 01, 2012 2:14 pm

Re: VLAN using RB750

Tue Aug 28, 2012 10:18 am

Samih you're almost always better off putting a smart/intelligent switch in front of the mikrotik and doing vlans on there and trunking down those vlans as tagged down to the mikrotik.Use firewall/routing rules to stop networks from talking to each other.
 
samih
newbie
Topic Author
Posts: 42
Joined: Tue Jan 25, 2011 9:48 am
Location: Lebanon

Re: VLAN using RB750

Wed Aug 29, 2012 8:48 am

thank you man for you reply.
but i dont have enough budget to add a smart switch.
i know that it can be done with rb750.
any help please.
 
burkni
newbie
Posts: 29
Joined: Tue Mar 29, 2011 1:55 pm

Re: VLAN using RB750

Wed Aug 29, 2012 6:38 pm

Do you want vlan1 and vlan2 to be tagged on ether3? That's I think the only way it's actually seperated. You can easily set up your ports so vlan1 is untagged on ether1, vlan2 is untagged on ether2 and vlan1 and vlan2 are both tagged on ether 3. Can't find it now but I did it on RB750G and I found some info on how to, I shall dig into it again. It is fairly simple when you start looking. If you're using WinBox you set the port mode in Switch/Port. There you'd set all ports you're using in this scenario to secure. Can't find in WinBox where to change the tagging but in terminal it's like this: You can do the secure part in the same thing.
/interface ethernet switch port
set 0 vlan-header=always-strip vlan-mode=secure
set 1 vlan-header=always-strip vlan-mode=secure
set 2 vlan-header=add-if-missing vlan-mode=secure
You might have to make some rules too, not sure what I did, would have to look it up.
 
User avatar
sirEgghead
just joined
Posts: 19
Joined: Mon Aug 27, 2012 10:54 pm

Re: VLAN using RB750

Wed Aug 29, 2012 11:00 pm

/ip firewall filter add disabled=no in-interface=ether1 out-interface=ether2 action=drop
/ip firewall filter add disabled=no in-interface=ether2 out-interface=ether1 action=drop
That will work if you want the 2 to not talk to each other. Or:
/ip firewall address-list add list="LAN1" address=192.168.1.0/24
/ip firewall address-list add list="LAN2" address=192.168.2.0/24

/ip firewall filter add disabled=no src-address-list="LAN1" dst-address-list="LAN2" action=drop
/ip firewall filter add disabled=no src-address-list="LAN2" dst-address-list="LAN1" action=drop
Hope that info is useful.


Thomas
 
samih
newbie
Topic Author
Posts: 42
Joined: Tue Jan 25, 2011 9:48 am
Location: Lebanon

Re: VLAN using RB750

Thu Aug 30, 2012 9:45 am

thanks burkni for your reply. i searched a lot and i found something of what you had said. anyway i will make the setup like this.
the next step is to make ether1 communicate with ether3 and ether2 communicate with ether3.
can you offer some help pleasee.
thanks

by the way i want the packets going out of ether3 to be tagged with the vlan id of ether1 or ether2.
 
burkni
newbie
Posts: 29
Joined: Tue Mar 29, 2011 1:55 pm

Re: VLAN using RB750

Thu Aug 30, 2012 11:20 am

One question, are you just forwarding the traffic on these vlans through the interfaces or do you need to route from ether1/ether2 to ether3? If I understand you right you're just forwarding the traffic?
If that is the case then this scenario should work for you:
/interface ethernet switch port
set 0 vlan-header=always-strip vlan-mode=secure
set 1 vlan-header=always-strip vlan-mode=secure
set 2 vlan-header=add-if-missing vlan-mode=secure

/interface ethernet switch rule
add new-dst-ports=ether1 ports=ether3 switch=switch1 vlan-header=present vlan-id=1
add new-dst-ports=ether2 ports=ether3 switch=switch1 vlan-header=present vlan-id=2
add new-dst-ports=ether3 new-vlan-id=1 ports=ether1 switch=switch1 vlan-header=not-present
add new-dst-ports=ether3 new-vlan-id=2 ports=ether2 switch=switch1 vlan-header=not-present
This is not enough, we have to pass the traffic through and tag the packets:
/interface ethernet switch vlan
add ports=ether3 switch=switch1 vlan-id=1
add ports=ether3 switch=switch1 vlan-id=2
add ports=ether1,ether2 switch=switch1 vlan-id=0
This last line seems to be needed for things to work. This kind of "bridges" the vlans between these interfaces, it does no routing. The vlans are, or should be, completely seperated this way.
 
samih
newbie
Topic Author
Posts: 42
Joined: Tue Jan 25, 2011 9:48 am
Location: Lebanon

Re: VLAN using RB750

Thu Aug 30, 2012 11:26 am

ok what you understood is the right thing. i want to forward packets from ether1/ether2 to ether3 with with vlan-id tags so i can separate then at ether3.

i did what you wrote but when i insert
/interface ethernet switch rule> add new-dst-ports=ether2 ports=e
ther3 switch=switch1 vlan-header=present vlan-id=1
i got a msg : failure: not supported for this switch
do you know the reason ?? is it related to the license level or what???
 
burkni
newbie
Posts: 29
Joined: Tue Mar 29, 2011 1:55 pm

Re: VLAN using RB750

Thu Aug 30, 2012 12:05 pm

This worked on my RB750G, maybe RB750 is different, I wouldn't think so though. The names I use, ether1 and so on, are the names on the interfaces, it might be different in your case. Check the names or change them to match this. That's my best bet. You might be able to update the firmware/OS?
Hope this helps. I find it strange if there's such a big difference between RB750 and RB750G. My router has Level 4 and is up-gradable to v6.x if that helps you troubleshoot this. :)
 
samih
newbie
Topic Author
Posts: 42
Joined: Tue Jan 25, 2011 9:48 am
Location: Lebanon

Re: VLAN using RB750

Thu Aug 30, 2012 12:29 pm

i checked everything, the naming and others. all of them are the same.

anyway thanks a lot dear.

regards
 
burkni
newbie
Posts: 29
Joined: Tue Mar 29, 2011 1:55 pm

Re: VLAN using RB750

Thu Aug 30, 2012 1:17 pm

OK. According to this, rules are not supported on RB750 but it is on RB750G:
http://wiki.mikrotik.com/wiki/Switch_Chip_Features

This one had similar problem:
http://forum.mikrotik.com/viewtopic.php?f=9&t=36841

Get RB750G. :)
 
hq83
just joined
Posts: 7
Joined: Mon Oct 29, 2012 11:10 am

Re: VLAN using RB750

Mon Oct 29, 2012 5:06 pm

I need something like this but not exactly the same.
Unable to figure out from the example above. anyone can help?

ether1 - WAN port for ISP vlan10, vlan20, vlan30, vlan40 being tagged by ISP.
ether3 - I wan to forward vlan20, vlan30, vlan40 to this port which will be connected to another router. VoIP and IPTV is being connected to that router.
vlan10 is being use for internet for the other ports.
 
burkni
newbie
Posts: 29
Joined: Tue Mar 29, 2011 1:55 pm

Re: VLAN using RB750

Mon Nov 26, 2012 12:14 pm

@hq83 - Which router do you have? Just wondering if your router supports the rules.
 
hq83
just joined
Posts: 7
Joined: Mon Oct 29, 2012 11:10 am

Re: VLAN using RB750

Tue Nov 27, 2012 5:20 am

Hi,
I am using rb1100ah

Who is online

Users browsing this forum: Amazon [Bot], andreacar, f008600, fibracapi, Google [Bot], GoogleOther [Bot], itsbenlol, mickeymouse690 and 71 guests