Community discussions

MikroTik App
 
User avatar
kwagga
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 90
Joined: Sun Aug 28, 2011 11:49 pm
Location: Pretoria, South Africa

VLAN: Inter VLAN Routing - Beginner Advice

Wed Jan 30, 2013 9:40 pm

Hi Guys,

I have a couple questions regarding Mikrotik and VLAN's. I'm fairly familiar with the concepts surrounding VLANS, VLAN Tagging and VLAN Trunking. However, I have never used VLAN's with Mikrotik.

I've been told that Mikrotik and RouterOS is every bit as good as the likes of Cisco and Juniper when it comes to routing.

I've been tasked to implement VLAN's at my company, and I'm hoping a can solicit some advise here on the the forums from people far older and wiser than me.

I'm particularly interested in tips regarding best practice, as well as possible pitfalls to look out for.

Assume the diagram below is our company network:
Image

Currently, our company network is completely flat, however the switches in each building is D-Link Websmart switches, and I believe allow several VLAN's and VLAN Trunks.

I've convinced our Exec's that Mikrotik is the best way forward, in terms on features and budget - so I hope it's all doable.

The one thing I'm concerned about, is not so much the implementation of VLAN trunks and Port VLAN's, but Inter-VLAN routing, and VLAN Tagging.

Referencing the image above, I first thought it would be best to give each building it's own subnet, and throw all the devices in that VLAN (Computers and IP Phones), but then I figured that wouldn't suffice, as I lose the ability to implement QOS, and I'm sure it's best practice to have your Voice network seperate from your data network.

So, if I then make use of VLAN Tagging (Both phones and computers connect into the same switch) - but phones can do tagging, alternatively I'd just get a separate switch for them, and do Port VLAN.

Example Network:

Building 1/VLAN1 - 192.168.1.0/24
Building 2/VLAN2 - 192.168.2.0/24
Building 3/VLAN3 - 192.168.3.0/24
Building 4/VLAN4 - 192.168.4.0/24
Building 5/VLAN5 - 192.168.5.0/24
Building 6/VLAN6 - 192.168.6.0/24 (Gateway/Firewall/Servers/File Servers/Mail Servers/DHCP Servers/DNS/Servers/etc)
ALL Buildings/VLAN7 - IP Phones?

All the computers and phones, should be able to access VLAN 6 - where all the Servers are (including the VOIP server, and Internet Gateway).

If I put the phones in their own network, they can be in a single VLAN on their own.

What would be the best way to implement the above scenario?
Would a single central router (i.e Cloud Core Router) suffice, or would each building require a router?
How would it work, if a computer in VLAN 1 want's to talk to another host in VLAN 4, or the Server network in VLAN6?
What would be the best implementation of the above for a healthy network?

One last thing, the entire network is Gigabit, with fibre between the Server Room, and each building, in a star topology - however, our network is extremely slow - so I'm hoping segmenting the network and using a Mikrotik CCR, as our central switch/router, overall network performance will improve.

Any advice/tips in this regard, would be highly appreciated!
 
Dobby
Member
Member
Posts: 399
Joined: Wed Jan 11, 2012 12:07 am
Location: Hogwarts

Re: VLAN: Inter VLAN Routing - Beginner Advice

Fri Feb 01, 2013 1:20 am

Deleted because not related.
Last edited by Dobby on Mon Mar 11, 2013 1:09 am, edited 1 time in total.
 
CelticComms
Forum Guru
Forum Guru
Posts: 1765
Joined: Wed May 02, 2012 5:48 am

Re: VLAN: Inter VLAN Routing - Beginner Advice

Fri Feb 01, 2013 3:04 am

The CCR could certainly act as an internal inter VLAN router. It would be easier to comment of you could list the goals that you have in mind for the introduction of VLANs. As Dobby said, it would also be useful to know how many clients/devices are in each building. Have you considered having any additional inter-building fiber to provide some redundancy between switches?
 
User avatar
kwagga
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 90
Joined: Sun Aug 28, 2011 11:49 pm
Location: Pretoria, South Africa

Re: VLAN: Inter VLAN Routing - Beginner Advice

Fri Feb 01, 2013 6:20 am

Hi Dobby, CelticComms, thank you for your comments.

Each building will require no more than 50 computers, and 50 phones (100 IP's Max) - One thing that I noticed, some computers are being connected through their phones!

Phone has LAN and PC connections at the back - what problems could this create for the VLAN's?

As for redundancy, this is not required, should there be a failure, it will be dealt with accordingly. There's an additional wireless network between the buildings, which is off now, but that could be switched on, should there be a failure.

My Primary goals, is to separate the phone traffic, from the rest of the network traffic, so that it can allow us to implement things like QoS and small broadcast domains, resulting in an improved network.

Currently our network range is 192.168.0.0/16 for the entire network. This is not ideal.

Thanks again
 
CelticComms
Forum Guru
Forum Guru
Posts: 1765
Joined: Wed May 02, 2012 5:48 am

Re: VLAN: Inter VLAN Routing - Beginner Advice

Fri Feb 01, 2013 1:33 pm

Some IP phones (e.g. Cisco) which have an on-board switch allow the tagging of the VOIP traffic. It is probably a good idea to check if the phones there have that capability.
 
ericsooter
Member Candidate
Member Candidate
Posts: 285
Joined: Mon Mar 07, 2005 6:16 pm
Location: Oklahoma USA

Re: VLAN: Inter VLAN Routing - Beginner Advice

Sat Feb 02, 2013 12:39 am

We just did a similar migration for a school district. The network was flat with a very similar
topology as you are showing. They had Gig Fiber links between all branches in a star topology.
We toyed with the notion of putting routers at each branch site; but instead chose to go the
Vlan route. They had Cisco switches; so we broke each site subnet into vlans. We used a RB1200AH2
as the main router.

With RouterOS we were able to aggregate two ports onto the core Cisco switch (for load and redundancy).
Then it was very easy to create vlan sub-interfaces on the main bonding interface. If we were to do it now; I
would have used the Cloud Core router. We haven't seen very high cpu load; but I hear VLAN tagging/untagging
can put some load on the cpu.

>>ALL Buildings/VLAN7 - IP Phones?

Should not be a problem, just make sure the the phones support VLANS. Almost all of them do these days.

>>All the computers and phones, should be able to access VLAN 6 - where all the Servers are (including the VOIP server, and Internet Gateway).

Remember the concept of a vlan is like have completely seperate ethernet switches that have a router between
them. So bascially each vlan will have a subnet associated with them and a default gateway that will be on
the CCR router. Any traffic between the subnets will be routed.

>If I put the phones in their own network, they can be in a single VLAN on their own.

Yes they will. You will need to add a gateway to get them to talk to the rest of the network.

>Would a single central router (i.e Cloud Core Router) suffice, or would each building require a router?
I think a single one should work fine. I think the terminology is router-on-a-stick.
http://www.youtube.com/watch?v=bO6nbkza008

>How would it work, if a computer in VLAN 1 want's to talk to another host in VLAN 4, or the Server network in VLAN6?
Again, you use routing with gateways to get between the subnets. It is very nice to have the server on its own vlan;
it makes it easier to secure and lock down. Very simple to add firewall rules to the entire subnet.

>One last thing, the entire network is Gigabit, with fibre between the Server Room, and each building, in a star topology - however, our network is extremely slow - so I'm hoping segmenting the network and using a Mikrotik CCR, as our central switch/router, overall network performance will improve.

Yes, you are probably dealing with lots of broadcast chatter. Breaking up the network will greatly help.
It will also confine any network problems (ie broadcast storms) to one subnet. So it will be easier to narrow
down problems.

One more thing, another potential problem is getting the VLAN map in all the ethernet switches. In our school project, it was 30 Cisco catalysts. The cisco
VTP (Vlan trunk protocol) made it pretty easy to propagate it from a master switch.

-eric
Last edited by ericsooter on Mon Feb 04, 2013 5:09 pm, edited 1 time in total.
 
Dobby
Member
Member
Posts: 399
Joined: Wed Jan 11, 2012 12:07 am
Location: Hogwarts

Re: VLAN: Inter VLAN Routing - Beginner Advice

Sun Feb 03, 2013 3:03 am

Deleted because not related.
Last edited by Dobby on Mon Mar 11, 2013 1:09 am, edited 1 time in total.
 
User avatar
kwagga
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 90
Joined: Sun Aug 28, 2011 11:49 pm
Location: Pretoria, South Africa

Re: VLAN: Inter VLAN Routing - Beginner Advice

Tue Feb 12, 2013 6:24 pm

Thanks Dobby & ericsooter for your input, I do appreciate it!

I'll study this thread with my colleagues, and see what solution we can design, I'll present my findings here, for future Mikrotik Users, who also find themselves in my position.

Thanks again

Who is online

Users browsing this forum: Bing [Bot], emunt6, f008600 and 57 guests