Hi,
I have a Mikrotik router (RB960PGS hEX) and switch (CSS610-8G-2S+IN) and I would like to configure 3 VLAN's in the following setup:
Each VLAN is suppose to have their own IP range.
VLAN 10: 192.168.0.X
VLAN 20: 192.168.20.X
VLAN 30: 192.168.30.X
No VLAN's should be able to contact each other, only access to WAN.
Inside each VLAN, the machines can talk with each other without issues.
VLAN 10 is the only VLAN that should be the only ones able to connect to the Switch and Router for management
I've looked over the following guides:
https://wiki.mikrotik.com/wiki/Manual:Bridge_VLAN_Table
https://wiki.mikrotik.com/wiki/Manual:Interface/VLAN
And the presentation:
https://mum.mikrotik.com/presentations/ ... 716964.pdf
But cannot get a setup working, so have reverted everything to factory settings.
Can somebody help me out with a configuration for this?
3 x VLAN across Router - Switch
You do not have the required permissions to view the files attached to this post.
Re: 3 x VLAN across Router - Switch
For the hex use this guide.
viewtopic.php?f=13&t=143620
You could use the same guide for the switch unless it has switch chips that you want to take advantage of
and then this is a good guide.
https://www.youtube.com/watch?v=Rj9aPoyZOPo
viewtopic.php?f=13&t=143620
You could use the same guide for the switch unless it has switch chips that you want to take advantage of
and then this is a good guide.
https://www.youtube.com/watch?v=Rj9aPoyZOPo
Re: 3 x VLAN across Router - Switch
I've tried for the last 4 hours to get this to work today and spent around the same yesterday (dunno how many reset's I've tried on both switch and router).
I used the information I could get from both the router.rsc and RouterSwitchAP.rsc which was from the guide provided.
I tried to fit into the default working one I get after reset. But it just breaks somewhere in the setup.
For the switch I used: https://wiki.mikrotik.com/wiki/SWOS/CSS326-VLAN-Example
Putting the values to 10, 20 and 30 instead of whats in the pictures.
But when I do this, I can't get an address from any of the ports and no contact between the switch and the router on the trunk port.
If i set the switch ports to be locked to any of the VLANs I get no IP nor access to the internet.
My ISP is dynamic, so can't set a static IP on the WAN port. It needs to be DHCP.
I've reset the router config (attached), and with this is what it gives me after a reset.
The bridge is already made and all ports are added to it.
VLAN 10 is suppose to be the MGMT-LAN and can reach the internet.
The two others are internet only.
I used the information I could get from both the router.rsc and RouterSwitchAP.rsc which was from the guide provided.
I tried to fit into the default working one I get after reset. But it just breaks somewhere in the setup.
For the switch I used: https://wiki.mikrotik.com/wiki/SWOS/CSS326-VLAN-Example
Putting the values to 10, 20 and 30 instead of whats in the pictures.
But when I do this, I can't get an address from any of the ports and no contact between the switch and the router on the trunk port.
If i set the switch ports to be locked to any of the VLANs I get no IP nor access to the internet.
My ISP is dynamic, so can't set a static IP on the WAN port. It needs to be DHCP.
I've reset the router config (attached), and with this is what it gives me after a reset.
The bridge is already made and all ports are added to it.
VLAN 10 is suppose to be the MGMT-LAN and can reach the internet.
The two others are internet only.
You do not have the required permissions to view the files attached to this post.
Re: 3 x VLAN across Router - Switch
Well you the hex is not even close.
You have no vlans defined,
The vlans need their own dhcp setup so remove the one attached to the bridge.
Each vlan needs their own address etc.
Then you need to define the bridge vlan portion of the setup and adjust the bridge ports setup to reflect the access ports and trunk ports accurately
Its like you didnt read the link provided for the hex??
I didnt realize you were using the SwOS for the switch vice Ros> It appears to me the example you posted is suspect as there is no difference between the two examples or more explicitly, I see no difference between what they say is hybrid and a full up trunk port for all ports 6,7,8 if that was the requirement.
For the SWOS, there seem to be no hybrid ports in your setup so pretty clean so I had a quick look and this appears to be the way!
Should have Assuming port 1 is TRUNK from router, rest are access ports
VLANS -
ID 10 port checkboxes ticked for 1,2,4,5,7
ID 20 port checkboxes ticked for 1,3,6
ID 30 port checkboxes ticked for 1,8
VLAN - Ensure vlan mode is enabled for ports 1-8
Vlan receive: ONLY TAGGED for port 1, ONLY UNTAGGED for ports 2-8
Default VLANID (PVID): Port One=1 Ports Two-Eight respectively--> 10,20,10,10,20,10,30 [2,3,4,5,6,7,8]
You have no vlans defined,
The vlans need their own dhcp setup so remove the one attached to the bridge.
Each vlan needs their own address etc.
Then you need to define the bridge vlan portion of the setup and adjust the bridge ports setup to reflect the access ports and trunk ports accurately
Its like you didnt read the link provided for the hex??
I didnt realize you were using the SwOS for the switch vice Ros> It appears to me the example you posted is suspect as there is no difference between the two examples or more explicitly, I see no difference between what they say is hybrid and a full up trunk port for all ports 6,7,8 if that was the requirement.
For the SWOS, there seem to be no hybrid ports in your setup so pretty clean so I had a quick look and this appears to be the way!
Should have Assuming port 1 is TRUNK from router, rest are access ports
VLANS -
ID 10 port checkboxes ticked for 1,2,4,5,7
ID 20 port checkboxes ticked for 1,3,6
ID 30 port checkboxes ticked for 1,8
VLAN - Ensure vlan mode is enabled for ports 1-8
Vlan receive: ONLY TAGGED for port 1, ONLY UNTAGGED for ports 2-8
Default VLANID (PVID): Port One=1 Ports Two-Eight respectively--> 10,20,10,10,20,10,30 [2,3,4,5,6,7,8]
Last edited by anav on Mon Mar 15, 2021 3:40 pm, edited 2 times in total.
Re: 3 x VLAN across Router - Switch
What I did was to take the base config as you see it.Well you the hex is not even close.
You have no vlans defined,
The vlans need their own dhcp setup so remove the one attached to the bridge.
Each vlan needs their own address etc.
Then you need to define the bridge vlan portion of the setup and adjust the bridge ports setup to reflect the access ports and trunk ports accurately
Its like you didnt read the link provided for the hex??
The example you posted is suspect as there is no difference between the two examples or more explicitly, I see no difference between what they say is hybrid and a full up trunk port for all ports 6,7,8
I then renamed the bridge to BR1 and then run the commands from the example configuration file router.rsc from the guide you mentioned earlier (removing the etherX which I don't have)
So something went wrong during this, since nothing works and I struggle to reach the router, even if I plug directly into it.
I'll re-watch the video, read the guide again and try to see if something was missed or try to make it easier. Not very familiar with network buildup, so easy to mess it up i guess :)
Re: 3 x VLAN across Router - Switch
What I would do is keep one port on the router let say ether5 attached to 192.168.88.1 AND NOT on the bridge.
That way you always can access the router and make changes to the rest of the bridge and ports etc,!
In other words, enter the router as is on ether2 and then modify first ether5.
Then connect to ether 5, modify everything else for a bridge with ports1-4.
so while hooked up on ether2,
remove eth5 from bridge ports and add another IP address......
/ip address
add address=192.168.88.1/24 comment=defconf interface=eth5 network=\
192.168.0.0
Ensure you add it to the interface list members
/interface list member
add interface=eth5 list=LAN
Just to be sure not sure if needed add
/ip dhcp-server network
add address=192.168.88.0/24 dns-server=192.168.88.1 gateway=192.168.88.1
Then add the vlans and associated structures
Then make changes to the bridge ports as necessary for trunk and access ports.
THen add the bridge vlan settings.
Then go back and enable FILTERING on the bridge (last step).
Often this last step kicks the router off line and you have to relog in.
Do so and you can confirm if bridge vlan filtering is then enabled.
Configure the switch and connect to ether2 on the hex and it should work.
That way you always can access the router and make changes to the rest of the bridge and ports etc,!
In other words, enter the router as is on ether2 and then modify first ether5.
Then connect to ether 5, modify everything else for a bridge with ports1-4.
so while hooked up on ether2,
remove eth5 from bridge ports and add another IP address......
/ip address
add address=192.168.88.1/24 comment=defconf interface=eth5 network=\
192.168.0.0
Ensure you add it to the interface list members
/interface list member
add interface=eth5 list=LAN
Just to be sure not sure if needed add
/ip dhcp-server network
add address=192.168.88.0/24 dns-server=192.168.88.1 gateway=192.168.88.1
Then add the vlans and associated structures
Then make changes to the bridge ports as necessary for trunk and access ports.
THen add the bridge vlan settings.
Then go back and enable FILTERING on the bridge (last step).
Often this last step kicks the router off line and you have to relog in.
Do so and you can confirm if bridge vlan filtering is then enabled.
Configure the switch and connect to ether2 on the hex and it should work.