Hi,
We run a cisco environment and have recently had a Mikrotik wireless radio link installed for redundancy to a distant building. Main link is fibre and this one only needs to come up if the main fibre link goes down. We had a radio link in place before and the cisco switches were just set as trunk ports but no idea what radio system was in use, think it failed in a storm and the people who set it up have left.
We have about 20 vlans. The wireless link is setup with two mikrotik routers. The link is working fine but Im not sure how to integrate it into the cisco network. Im assuming I need to add all the vlans to the Mikrotik routers, but does each vlan need an IP address? Previously I dont believe it would have.
It depends,
Are you replacing the CISCO router, or simply providing a second WAN into the CISCO router.
If its the latter, the MT devices are nothing more than probably moving the public IP along or simply terminating the WAN connection, and
simply providing a private WANIP to the Cisco. In other words, no vlans, no firewall rules, probably very little on the MT devices.
Neither, the wireless link is simply connected to two switches (connects building to another building).
So router > core switch > switch > mikrotik microwave link >>> other side of mikrotik microwave link in other building > switch > devices
Current layout:
router > core switch > switch > (fibre connecting buildings) > switch > devices
Ah its a backup to the fibre link between building, Got it!!
In this case, its simply acting as a wifi switch.
Thus
Take a look at this example…
Assume the management vlan is 99, and the other vlans are 2,10,20,30,40,50,60
VLAN 99 subnet is 192.168.99.0/24
NOTE the only difference I can see between the two MT devices, is the IP address on the mananagement subnet.
…
# model =generic
/interface bridge
add admin-mac= auto-mac=no name=bridge vlan-filtering=no { changed to yes, after the config is complete as last step }
/interface vlan
add comment="Management Network" interface=bridge name=VLAN99 vlan-id=99
/interface list
add name=MANAGEMENT
/interface bridge port
add bridge=bridge ingress-filtering=yes frame-types=admit-only-vlan-tagged interface=ether1 comment="Trunk Port to Switch"
add bridge=bridge ingress-filtering=yes frame-types=admit-only-vlan-tagged interface=wireless-link comment="Trunk Over WIFI"
/ip neighbor discovery-settings
set discover-interface-list=MANAGEMENT
/interface bridge vlan
add bridge=bridge tagged=bridge,ether1,wireless-link vlan-ids=99
add bridge=bridge tagged=ether1,wireless-link vlan-ids=2,10,20,30,40,50,60
/interface list member
add interface=VLAN99 list=MANAGEMENT
/ip address
add address=192.168.99.10/24 interface=VLAN99 network=192.168.99.0
/ip dns
set allow-remote-requests=yes servers=192.168.99.1
/ip route
add dst-address=0.0.0.0/0 gateway=192.168.99.1
/system ntp client servers
add address=192.168.99.1
/tool mac-server
set allowed-interface-list=NONE
/tool mac-server mac-winbox
set allowed-interface-list=MANAGEMENT
Thanks Ill have a look at it Turns out it was closer to 40 vlans! I was just manually inputting them into both routers using the gui and assigning them to the bridge as thought that might be the first step!
Ah yep they are in there now already haha. I havent touched the mikrotik console yet but I can mostly understand whats going on and where I should have done it to make my life easier!
Although they all have different names to the vlan name
If the VLAN already defined on either end of the link. The 60Ghz LHG should just bridge anything passing over it with the default configuration. e.g. you don’t need to set vlan-filtering=yes and define VLANs unless you want to restrict traffic going over the link. So if the Cisco’s already have VLANs set, there may be no need to do anything on LHG.
In terms of the cisco config on either end, something like LACP could be used.
When I created all my vlans using the gui, I went into the Interfaces>Vlan tab, added the name, vlan ID and interface set to bridge.
When running a print on both of the above, I have vlans in ‘interface vlan’ but not in ‘interface bridge vlan’ like your commands would do. /Interface vlan shows them as being in the bridge interface:
/interface/vlan creates a Layer3 route on a VLAN. While the critical setting vlan-filtering=yes/no on the /interface/bridge is what essentially converts the software bridge from a.dumb switch and a VLAN-aware switch. The /interface/bridge/vlans is how you set hybrid/trunk/access ports at Layer2 — but ONLY if vlan-filtering=yes.
So if the LHG is strictly a bridge and you want a Layer2 bridge what is sent on either end, you should not need a /interface/vlan. Nor vlan-filtering=yes. Nor any IPs.
If vlan-filtering=no, the bridge will carry both VLAN and native packets without restrictions. Now since LHG is a switch in all cases, and by default it does use RSTP by default. So if you have bpdu-guard or something on the Cisco that may be the issue, dunno. You can disable STP on the /interface/bridge if that’s the case.
Thanks all,
I’ve been playing about with GNS3 last night so might try see if I can lab it out before doing anything and having to get on the roof to reset it!
FWIW. You shouldn’t have to go to roof, assuming you know the user/password. All Mikrotik support winbox via Layer2, so can connect via MAC address if the device is plugged into same LAN as your PC.
Turns out it was closer to 40 vlans! I was just manually inputting them into both routers using the gui and assigning them to the bridge as thought that might be the first step!