Community discussions

 
swankcr
just joined
Topic Author
Posts: 1
Joined: Tue Jan 03, 2017 5:54 am

Question about multiple VLANs

Tue Jan 03, 2017 6:13 am

Hello!

I just purchased my first Mikrotik device. I got a RouterBOARD 3011UiAS, and am currently using the default config. ether1 is my WAN port and getting a DHCP address from my provider. ether2 is a master to ether3-ether5. ether6 is the master of ether7-10. I have one network defined and there is a bridge that is attached to ether2-master and ether6-master. DHCP is working and all my devices are able to connect.

I currently have an access point plugged into ether10 (using PoE). Everything is working just fine as is, and I am completely happy. Moving forward, I am redoing my media center and running a cat6 cable to get rid of some wireless performance issues I've been seeing. I plan to put a switch in my media center to hard wire all the devices. But I have some devices that I would like to separate from the rest of my network.

Here is what I want to do, I was hoping you could tell me if I am setting myself up for failure.

I want to create two vlans:

vlan100 - trusted (192.168.1.0/24)
vlan101 - untrusted (192.168.2.0/24)

I will need ether10 to be a trunk port to allow my wireless AP to service clients on both networks.
I have one device that will need to be connected to an access port for vlan 100
I have one port that will need to be a trunk port to the switch in the media center. One of those devices will need to be on vlan100 and the rest on vlan101.

So, what I am thinking is:

ether10 - trunk with both vlans for AP
ether2 - access port for vlan 100
ether6 - trunk port for vlan's 100 and 101

So, I know I need to create the vlans. I will assign vlan100 to ether2. I get how that works. But I'm not quite understanding where the bridge plays in. Vlan 100 will be on ether10, ether2, and ether6. Do I need to create a bridge and add the vlan's to the bridge and place all three interfaces in it?
 
tr00g33k
Frequent Visitor
Frequent Visitor
Posts: 84
Joined: Sun Mar 29, 2015 3:58 pm

Re: Question about multiple VLANs

Tue Jan 03, 2017 3:53 pm

You create vlan 100 and 101 like this
/interface vlan add name=Vlan100-eth10 interface=eth10 vlan-id=100
/interface vlan add name=Vlan100-eth6 interface=eth6 vlan-id=100

/interface vlan add name=Vlan101-eth10 interface=eth10 vlan-id=101
/interface vlan add name=Vlan101-eth6 interface=eth6 vlan-id=101

/interface bridge add name=Vl100_bridge
/interface bridge ports add interface=Vlan100-eth10 bridge=Vl100_bridge
/interface bridge ports add interface=Vlan100-eth6 bridge=Vl100_bridge
and here you add ports that you want to be access ports for vlan 100

/interface bridge add name=Vl101_bridge
/interface bridge ports add interface=Vlan101-eth10 bridge=Vl101_bridge
/interface bridge ports add interface=Vlan101-eth6 bridge=Vl101_bridge
and here you add ports that you want to be access ports for vlan 101
If the ether6 is master of ehter10, you only add tagged vlans on ehter6, and will be assigned to all other ports that are slave`s.
This is quickly expalined, if you need any further help let us know. I hope this will show you the right way to do it.

Who is online

Users browsing this forum: No registered users and 50 guests