Community discussions

MikroTik App
 
User avatar
Sn1p3r
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 59
Joined: Thu Mar 10, 2011 5:50 pm
Location: Croatia
Contact:

VLAN - best practice?

Wed Apr 03, 2019 2:35 pm

Hello,

My current setup works without a problem, but I would like to check with community is there maybe a better, "cleaner" way to do it.

ether7:
Business network, untagged traffic - this port is tagging all traffic to ID 104

ether8:
WiFI Network, tagged traffic (ID 100 guests, ID 17 access points)
CIsco switches and WLC that are tagging traffic.

sfp1:
Link to Core Gateway


What is the best way to deal with ports that I just want to trunk already tagged traffic?
What is the best way of tagging traffic from specific port and pushing it out?

Current configuration is attached.
You do not have the required permissions to view the files attached to this post.
 
TheCiscoGuy
Frequent Visitor
Frequent Visitor
Posts: 51
Joined: Fri Jun 22, 2018 8:32 am

Re: VLAN - best practice?

Tue Apr 09, 2019 11:35 pm

What device model is this on?
Network Solutions Engineer and Trainer
Cisco | Juniper | Mikrotik | Ubiquiti
 
User avatar
Sn1p3r
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 59
Joined: Thu Mar 10, 2011 5:50 pm
Location: Croatia
Contact:

Re: VLAN - best practice?

Wed Apr 10, 2019 11:48 pm

What device model is this on?
This is CCR1009-8G-1S-1S+
 
TheCiscoGuy
Frequent Visitor
Frequent Visitor
Posts: 51
Joined: Fri Jun 22, 2018 8:32 am

Re: VLAN - best practice?

Thu Apr 11, 2019 12:12 am

Due to the nature of bridges, I always put the vlans on the physical interfaces then create a bridge for each vlan, I don't rely on the bridges switch logic for vlan filtering (and I believe it is disabled by default anyways). That method is only for the CCR platforms though which is why I asked.
Network Solutions Engineer and Trainer
Cisco | Juniper | Mikrotik | Ubiquiti
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 1741
Joined: Sat Dec 24, 2016 11:17 am
Location: jo.overland at gmail.com

Re: VLAN - best practice?

Thu Apr 11, 2019 7:32 am

Due to the nature of bridges, I always put the vlans on the physical interfaces then create a bridge for each vlan, I don't rely on the bridges switch logic for vlan filtering (and I believe it is disabled by default anyways). That method is only for the CCR platforms though which is why I asked.
That is the old way of doing it. See my post here where I did learn VLan.
viewtopic.php?t=138232

There are many many post explaining Vlan on this forum, just do a search,
 
How to use Splunk to monitor your MikroTik Router(s)

MikroTik->Splunk
 
 
anav
Forum Guru
Forum Guru
Posts: 4584
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: VLAN - best practice?

Thu Apr 11, 2019 8:42 pm

For vlan bridges, this is by far the best resource..........
viewtopic.php?f=13&t=143620
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
millenium7
Member Candidate
Member Candidate
Posts: 296
Joined: Wed Mar 16, 2016 6:12 am

Re: VLAN - best practice?

Tue Apr 16, 2019 4:33 am

Due to the nature of bridges, I always put the vlans on the physical interfaces then create a bridge for each vlan, I don't rely on the bridges switch logic for vlan filtering (and I believe it is disabled by default anyways). That method is only for the CCR platforms though which is why I asked.
That is the old way of doing it. See my post here where I did learn VLan.
viewtopic.php?t=138232
The benefit of the 'old' way is VLAN rewriting
i.e. you can bridge VLAN101 coming in on ether1 to VLAN105 on ether2
Any traffic coming in as VLAN101 on ether1 gets its VLAN tag rewritten as 105 going out ether2 and vice versa
I believe the 'new' method cannot do that, you can only tag/untag but you can't change the tag
 
anav
Forum Guru
Forum Guru
Posts: 4584
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: VLAN - best practice?

Thu Apr 18, 2019 1:55 am

Interesting functionality what is the use case for that scenario vice simply using one vlan for both subnets??
Obviously there seems to be a reason to have two VLANS vice one and normally if there is some degree of sharing (common printer etc) then firewall can be made so that the connectivity needed exists at layer 3.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 1741
Joined: Sat Dec 24, 2016 11:17 am
Location: jo.overland at gmail.com

Re: VLAN - best practice?

Thu Apr 18, 2019 9:12 am

We hva joined two company that did have more or less the same setup, but different VLAN, så it could be used there, but we did instead using cable from VLAN x on one port to VLAN y on another port to join the VLAN together. Works but not recommended. So later all the VLAN was harmonized.
 
How to use Splunk to monitor your MikroTik Router(s)

MikroTik->Splunk
 
 
millenium7
Member Candidate
Member Candidate
Posts: 296
Joined: Wed Mar 16, 2016 6:12 am

Re: VLAN - best practice?

Sat Apr 20, 2019 2:44 am

Interesting functionality what is the use case for that scenario vice simply using one vlan for both subnets??
Obviously there seems to be a reason to have two VLANS vice one and normally if there is some degree of sharing (common printer etc) then firewall can be made so that the connectivity needed exists at layer 3.
- Company acquisition with overlapping VLAN's
- Intentionally merging 2 tagged VLAN's as if it were one, like a router-on-a-stick config at layer2 during the above (requires MSTP to not cause a loop)
- Connections to other providers/customers i.e. they specify they need connectivity on VLAN 10 but you already use that VLAN for something else. You can bring it in on 500 and rewrite as 10 to them
- I've had to do this when I needed to split 2 customers for PPPoE policy routing (Customer A goes 1 way, Customer Y goes the other) but it was cleaner and easier to not modify things on the customer side as I wanted all radio configs to be exactly the same so if/when that customer leaves the radio is re-used elsewhere it keeps working without needing anything changed. Was a mikrotik in front of it that simply rewrote VLAN X as VLAN Y, easier on the installers
- I suppose you could use it for tagging of services in a way. i.e. VLAN10 everywhere, as above makes it easier with equipment moves, but you rewrite as '1110' for location 1, '1210' for location 2 etc. Q-in-Q would be better but maybe its not supported on some equipment

Who is online

Users browsing this forum: No registered users and 17 guests