Hi Guys,
I have a couple questions regarding Mikrotik and VLAN's. I'm fairly familiar with the concepts surrounding VLANS, VLAN Tagging and VLAN Trunking. However, I have never used VLAN's with Mikrotik.
I've been told that Mikrotik and RouterOS is every bit as good as the likes of Cisco and Juniper when it comes to routing.
I've been tasked to implement VLAN's at my company, and I'm hoping a can solicit some advise here on the the forums from people far older and wiser than me.
I'm particularly interested in tips regarding best practice, as well as possible pitfalls to look out for.
Assume the diagram below is our company network:
Currently, our company network is completely flat, however the switches in each building is D-Link Websmart switches, and I believe allow several VLAN's and VLAN Trunks.
I've convinced our Exec's that Mikrotik is the best way forward, in terms on features and budget - so I hope it's all doable.
The one thing I'm concerned about, is not so much the implementation of VLAN trunks and Port VLAN's, but Inter-VLAN routing, and VLAN Tagging.
Referencing the image above, I first thought it would be best to give each building it's own subnet, and throw all the devices in that VLAN (Computers and IP Phones), but then I figured that wouldn't suffice, as I lose the ability to implement QOS, and I'm sure it's best practice to have your Voice network seperate from your data network.
So, if I then make use of VLAN Tagging (Both phones and computers connect into the same switch) - but phones can do tagging, alternatively I'd just get a separate switch for them, and do Port VLAN.
Example Network:
Building 1/VLAN1 - 192.168.1.0/24
Building 2/VLAN2 - 192.168.2.0/24
Building 3/VLAN3 - 192.168.3.0/24
Building 4/VLAN4 - 192.168.4.0/24
Building 5/VLAN5 - 192.168.5.0/24
Building 6/VLAN6 - 192.168.6.0/24 (Gateway/Firewall/Servers/File Servers/Mail Servers/DHCP Servers/DNS/Servers/etc)
ALL Buildings/VLAN7 - IP Phones?
All the computers and phones, should be able to access VLAN 6 - where all the Servers are (including the VOIP server, and Internet Gateway).
If I put the phones in their own network, they can be in a single VLAN on their own.
What would be the best way to implement the above scenario?
Would a single central router (i.e Cloud Core Router) suffice, or would each building require a router?
How would it work, if a computer in VLAN 1 want's to talk to another host in VLAN 4, or the Server network in VLAN6?
What would be the best implementation of the above for a healthy network?
One last thing, the entire network is Gigabit, with fibre between the Server Room, and each building, in a star topology - however, our network is extremely slow - so I'm hoping segmenting the network and using a Mikrotik CCR, as our central switch/router, overall network performance will improve.
Any advice/tips in this regard, would be highly appreciated!