Is this vlan setting correct?

RouterOS Beginner Basics
1

Hi, im new on Mikrotik and i learn to create vlan and i watched tutorial on youtube and on forum mikrotik and i want the opinion of someone who knows about the topic and tell me if the vlan I am doing is correct

In attachments i give you my config router mikrotik and scheme
Thanks for all opinion :smiley:

Switch configuration cisco

IOU1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
IOU1(config)#interface Ethernet0/0
IOU1(config-if)#switchport trunk encapsulation dot1q
IOU1(config-if)#switchport mode trunk
IOU1(config-vlan)#name vlan10
IOU1(config-vlan)#exit
IOU1(config)#vlan 20
IOU1(config-vlan)#name vlan20
IOU1(config-vlan)#exit
IOU1(config)#interface Ethernet0/1
IOU1(config-if)#switchport mode access
IOU1(config-if)#switchport access vlan10
IOU1(config-if)#exit
IOU1(config)#interface Ethernet0/2
IOU1(config-if)#switchport mode access
IOU1(config-if)#switchport access vlan20

mikrotik

# 2024-08-03 22:30:07 by RouterOS 7.11.2
# software id = 
#
/interface bridge
add name=bridge vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] disable-running-check=no
set [ find default-name=ether2 ] disable-running-check=no
set [ find default-name=ether3 ] disable-running-check=no
set [ find default-name=ether4 ] disable-running-check=no
set [ find default-name=ether5 ] disable-running-check=no
set [ find default-name=ether6 ] disable-running-check=no
set [ find default-name=ether7 ] disable-running-check=no
set [ find default-name=ether8 ] disable-running-check=no
/interface vlan
add interface=ether1 name=vlan10 vlan-id=10
add interface=ether1 name=vlan20 vlan-id=20
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=pool0 ranges=10.0.10.1-10.0.10.254
add name=pool1 ranges=10.0.20.1-10.0.20.254
/ip dhcp-server
add address-pool=pool0 interface=vlan10 name=vlan10dhcp
add address-pool=pool1 interface=vlan20 name=vlan20dhcp
/port
set 0 name=serial0
/interface bridge port
add bridge=bridge interface=ether1
/interface bridge vlan
add bridge=bridge tagged=ether1,bridge vlan-ids=10
add bridge=bridge tagged=ether1,bridge vlan-ids=20
/ip address
add address=10.0.10.1/24 interface=vlan10 network=10.0.10.0
add address=10.0.20.1/24 interface=vlan20 network=10.0.20.0
/ip dhcp-client
# DHCP client can not run on slave or passthrough interface!
add interface=ether1
/ip dhcp-server network
add address=10.0.10.0/24 gateway=10.0.10.1
add address=10.0.20.0/24 gateway=10.0.20.1
/ip firewall filter
add action=drop chain=forward dst-address=10.0.10.0/24 src-address=\
    10.0.20.0/24
/system note
set show-at-login=no

scheme.png
conf_router.rsc (1.71 KB)

2

Hello and welcome to the forum :smiley:

Please use code function for Mikrotik configuration as well.

Configuration is wrong, you are missing firewall rules, you are running DHCP client on trunk port etc.

Start here: http://forum.mikrotik.com/t/using-routeros-to-vlan-your-network/126489/1 and I can suggest you to watch TheNetworkBerg videos on VLANs.

3

Some minor changes.

cisco

interface Ethernet0/0
description trunk from mikrotik
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20
switchport mode trunk

#mikrotik

(Use bridge instead of ether1)

/interface vlan
add interface=bridge name=vlan10 vlan-id=10
add interface=bridge name=vlan20 vlan-id=20

Give lan access at least initially.

/interface list member
add interface=vlan10 list=LAN
add interface=vlan20 list=LAN

4 
# 2024-08-04 09:23:27 by RouterOS 7.11.2
# software id = 
#
/interface bridge
add name=bridge vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] disable-running-check=no
set [ find default-name=ether2 ] disable-running-check=no
set [ find default-name=ether3 ] disable-running-check=no
set [ find default-name=ether4 ] disable-running-check=no
set [ find default-name=ether5 ] disable-running-check=no
set [ find default-name=ether6 ] disable-running-check=no
set [ find default-name=ether7 ] disable-running-check=no
set [ find default-name=ether8 ] disable-running-check=no
/interface vlan
add interface=bridge name=vlan10 vlan-id=10
add interface=bridge name=vlan100 vlan-id=100
add interface=bridge name=vlan200 vlan-id=200
/interface list
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=10.0.10.2-10.0.10.254
add name=dhcp_pool1 ranges=10.0.100.2-10.0.100.254
add name=dhcp_pool2 ranges=10.0.200.2-10.0.200.254
/ip dhcp-server
add address-pool=dhcp_pool0 interface=vlan10 name=dhcp1
add address-pool=dhcp_pool1 interface=vlan100 name=dhcp2
add address-pool=dhcp_pool2 interface=vlan200 name=dhcp3
/port
set 0 name=serial0
/interface bridge port
add bridge=bridge interface=ether1
add bridge=bridge interface=ether2
/interface bridge vlan
add bridge=bridge tagged=ether1,bridge untagged=ether2 vlan-ids=10
add bridge=bridge tagged=ether1,bridge vlan-ids=100
add bridge=bridge tagged=ether1,bridge vlan-ids=200
/interface list member
add interface=vlan10 list=LAN
/ip address
add address=10.0.10.1/24 interface=vlan10 network=10.0.10.0
add address=10.0.100.1/24 interface=vlan100 network=10.0.100.0
add address=10.0.200.1/24 interface=vlan200 network=10.0.200.0
/ip dhcp-client
# DHCP client can not run on slave or passthrough interface!
add interface=ether1
/ip dhcp-server network
add address=10.0.10.0/24 gateway=10.0.10.1
add address=10.0.100.0/24 gateway=10.0.100.1
add address=10.0.200.0/24 gateway=10.0.200.1
/system note
set show-at-login=no

Iโ€™m watched the tutorial of TheNetworkBerg of vlan. Can you please take a look at this?

5

Remove DHCP client from ether1, you are using that port for trunk towards cisco. What is function of that router ? Are you getting internet access trough it ? What device are you using ?

6

This is cloud hosted router mikrotik i use gns3 for configure that bcs i want learn vlans on mikrotik
Ether1 is connected from router to switch
I know i can add firewall masquerade if i want to access to internet but I care more about the vlan configuration itself

7

Okay, so remove DHCP client from ether1 then, on Mikrotik side everything looks good.

Did you try to connect some clients ?

8

I removed client ether1 from dhcp-clients. Ye i connected client and i get ip from pool dhcp

9

So thatโ€™s it, if you want to block interVLAN traffic you can do that using firewall rules.

10

Oke, thanks for help all :smiley:
Have nice day