How to setup VLANs?

Term · May 24, 2020, 2:19pm

Hello,
I have RB4011 and managed Cisco switch.
I created vlans 10,11,12,13,14 and 15 (for management).

Vlans are assigned to ether10 in RB. There is cisco swich connected. Created DHCP servers.
But have 2 problems.

internet doesn’t work in devices connected to cisco switch. I can ping devices from router but internet doesn’t work.
I need to allow communication for example between devices in vlans 11 and 12.

vlan 11 (media) - there is synology, tv etc.
vlan 12 (servers) - there are servers with plex etc

So I need to allow communicate between server and synology too.

How can I do that please? Do I need to create bridge too? For which ports/vlans?
Thank you.

erlinden · May 24, 2020, 2:39pm

To start with…show your config: /export hide-sensitive file=router

Though being in Dutch (or Belgian if you wish), this sample might give you a good direction:
https://www.wirelessinfo.be/mikrotik-vlan-basis-configuratie/

Term · May 24, 2020, 2:57pm

have clean routerboard now. Trying to setup it from scratch.

All I have are vlans and dhcp server. And masquerade for pppoe

gazingbazooka · May 25, 2020, 12:49am

Start here: http://forum.mikrotik.com/t/using-routeros-to-vlan-your-network/126489/1

ksteink · May 25, 2020, 4:29am

RB4011 doesn’t have a good switch chip. That means that you can only create VLANs controlled by the CPU chip (software based instead of HW accelerated / offloaded. That means that you need to create a bridge interface per VLAN and only one bridge interface can give you wired speed. The others will not and might hurt your router’s CPU load.

This is a great router but for VLANs you need a switch with L3 functionality. Any CRS3.x will do this

Sent from my iPhone using Tapatalk

mkx · May 25, 2020, 5:53am

The first quoted sentence is true. The second one is not.

Use of multiple bridges, one per VLAN, is deprecated. Since ROS version 6.42 it is advised to use single bridge with vlan-filtering=yes set. This way, bridge behaves as VLAN-aware / managed switch and will deal with VLAN tags just fine.

Regarding HW acceleration: as soon as ethernet ports are not directly members of bridges (i.e. if one created vlan interface on top of ethernet interface), then bridges can not be HW accelerated as intermediate layer (in this case vlan interface which is handled entirely in software) blocks possibility for HW acceleration.

@OP: definitely go with link posted by @gazingbazooka, it’s a very fine tutorial