Im new to routeros, recently bought a CRS109 to try it out but im having problems getting vlans to work on mikrotik. At home im running a pfsense router on hyperv where I have set up an interface on pfsense with vlan tag 20 and on hyper v I configured an external virtual switch with vlan tag 20 (also on the hyperv machine). Pfsense is also my DNS and DHCP server.
I followed some videos on vlans with routeros on youtube but im not able to get my pfsense to connect to mikrotik using a vlan with tag 20. I hope someone here can help me out with my problem. The goal of this vlan is to be able to seperate my internal network with a new secondary network using a vlan while still being able to use pfsense for dhcp, dns and firewalling. If I can get this working I also plan to use this for a guest wifi.
Im uncertain if the configuration/steps I used are missing something or it might be something with my pfsense.. all other vlans on my pfsense working ..
I made a small diagram of my network:
On the mikrotik I have set up a vlan20:
Next I set up a bridge:
Added the bridge to the ports list:
Configured an address in the IP addresses list:
Also set up a static route in the route table:
My current interface list:
Im not sure what im missing or did wrong, is there anyone who can give me some pointers ?
Thanks in advance!
Not sure how you created the vlan on the virtual switch. As far as my knowledge goes, you can’t create a trunk port vie GUI in hyper-v, you must do it via powershell.
There are instructions on how to do this, just google for it
1.) Have you enabled “VLAN filtering” on the VLAN-tab in the bridge settings?
2.) You have to add the IP-address to the VLAN20-interface, not to the bridge. Maybe I will work the way you did if you have only one VLAN on your bridge, but I would assign the IPs allways to the VLAN-interface.
3.) As skuykend said, you have to check which physical ports are on your bridge. For now, you don’t have any physical ports within your VLAN-Bridge. So, add at least one port to it, or add the VLAN20-interface to your default-bridge.
Btw.: I think naming your Bridge BR-VLAN20 is a bit unlucky/uncorrect: Think of this bridge as a “VLAN-Trunk-bridge” on which you can add several VLANs and not a bridge for only VLAN20.
If you work on newer RouterOS-version you have a VLANs-tab in the bridge window. There you can see and configure, which VLANs are tagged/untagged on which ports or interfaces.
Thanks for the replies and suggestions. The vlan filtering on the bridge wasnt enabled, I enabled it and left it to default pvid 1. Also removed the vlan bridge and instead connected it to the port my hyperv server is connected to, this port also still has pvid1. Moved the IP for the vlan to the vlan itself instead of the vlan bridge. Unfortunately it is not working yet.
I reset the configuration and started over a few times, I opened a ping on my pfsense box but im not yet able to ping the ip address set on the vlan on the switch. The address is set to 192.168.20.253/24 with 192.168.20.0 as network. Is this correct ? Or should it be just 192.168.20.253/192.168.20.253 ?
Also I noticed on the VLANs tab in the bridge menu the ports are not being tagged ?
If I set pvid on ether4 to 20 my connection drops so it is doing something, how can I set up a trunk on this port so my connection wont drop ?
If you set PVID 20 on ether4 this will mean, you set VLAN 20 as untagged to that port - and I don’t think that’s what you want.
You want to set VLAN1 as untagged and VLAN20 as tagged on ether4 (or any other ports).
So you gonna leave the PVID on ether4 at “1” (again, thats the untagged VLAN). To add VLAN20 tagged to ether4, you go to the Bridge - VLANs tab and add an entry:
VLAN ID = 20
tagged ports = ether4 (or which port you want, you could also use your default bridge)
I finally got it working very nice.
The solution to the problem I had, in case anyone else struggles with the same problem of not getting vlans to talk from mikrotik to pfsense over hyperv, was I got my trunk set up wrong on hyperv and also the VLAN in pfsense itself. I set up the vlan in pfsense as a seperate interface with a VLAN which I should have set up on the LAN interface directly, creating a trunk in pfsense I guess.
A print of my interface assignments now in pfsense:
I also had to set up a trunk with an allowed vlan list on hyperv on the LAN interface allowing tagged traffic in using powershell, I had previously set this on an individual interface connected to an individual internal hyper v switch instead of the LAN interface in the pfsense hyperv machine:
Next mistake was setting up the VLAN in mikrotik on the guest wifi interface 3g, my hyperv server is connected on ether4 on the mikrotik switch so I put it there :
Also set the PVID on the VLAN20 to 20 in the ports menu
Added VLAN20 to the VLANs menu and tagged the 3g interface with vlan20 and ether4 on 1 as suggested by az1984
I set the IP address on the vlan interface
And also the suggestions above, enabling vlan filtering on the bridge. Thanks again for the suggestions/help.
very nice.
