Community discussions

MikroTik App
 
JamesWithTik
just joined
Topic Author
Posts: 3
Joined: Tue Sep 07, 2021 11:34 am

VLANs with SwOS

Fri Sep 10, 2021 6:22 pm

Hi everyone

I can’t wrap my head around the way MikroTik implements VLAN :) Maybe someone here on the forum can help me.

Here is my setup. I have an old Cisco Switch. Currently, all devices are connected here.
I wanna switch all clients to the new  CRS354-48G-4S+2Q+RM

Here is a picture of my setup.

Image

What I have done so far:
- I switched from RouterOS to SwOS. ATM I don’t think I need the added functionality of RouterOS. This device will only be switching for now.

I connected the old Cisco Switch with an untagged VLAN 40 Port to MiktroTik port 30.

Port 1 will be the Firewall Port in the Future
Port 10 is an internal client.
Port 11 is an AP with guest wifi on a different SSID.
Port 12 is a guest client.
Port 48 is the temp connection for now to the Cisco Switch.

Here is my planned config and in brackets the reasoning behind it.

Port 1 will be future Firewall port. It is member of all VLANs. VLAN mode is set to optional (because it will have access to everything).
VLAN receive is set to any (probably even better would be only tagged, but you never know and it does not hurt?)
default VLAN ID is 1 (does not really matter, because all traffic will be tagged)
Force VLAN ID is set to no.

Port 10 is only VLAN member of VLAN 40. VLAN is set to strict (because it will only use internal traffic. It should only receive VLAN 40 traffic).
VLAN receive is set to only untagged (because the client will never send tagged traffic).
Default VLAN ID is set to 40 (so all traffic from the client will be handled as internal traffic).
Force VLAN ID is set to yes (probably not necessary, because it is only VLAN 40 member only anyway?)

Port 11 is VLAN member of VLAN 40 and VLAN 70. The AP uses untagged for internal and VLAN 70 for guest traffic. VLAN is set to strict.
VLAN receive is set to any (because the AP will get tagged and untagged traffic).
Default VLAN ID is set to 40 (so all traffic from default SSID is handled as internal traffic).
Force VLAN ID is set to no (because we will receive guest VLAN 70 traffic)

Port 12 is only VLAN member of VLAN 70. VLAN is set to strict (because it will only use guest traffic. It should only receive VLAN 70 traffic).
VLAN receive is set to only untagged (because the client will never send tagged traffic).
Default VLAN ID is set to 70 (so all traffic from the client will be handled as guest traffic).
Force VLAN ID is set to yes (probably not necessary, because it is VLAN 70 member only anyway?)

After I configured all this stuff, I will enable management VLAN to 20, disconnect the temp connection, lose connection, connect Firewall to port 1.

Does this sound good to you? I am a little bit concerned about the switch to the new switch. The VLAN naming conventions are very different from what I know from Unifi, Cisco and Netgear.
 
Zacharias
Forum Guru
Forum Guru
Posts: 3459
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: VLANs with SwOS

Sat Sep 11, 2021 1:08 am

All CRS3xx devices can implement Bridge VLAN filtering in hardware level, so i would suggest you start from here:
viewtopic.php?f=23&t=143620
 
User avatar
k6ccc
Forum Guru
Forum Guru
Posts: 1490
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)
Contact:

Re: VLANs with SwOS

Sun Sep 12, 2021 7:24 am

What you are trying to do is trivially easy in SwOS. I'm not in a position to look at mine as a comparison (and I'm too tired to be sure without looking), but I think you pretty much there.
I wont be able to compare to mine until Monday, but can do so then.
 
JamesWithTik
just joined
Topic Author
Posts: 3
Joined: Tue Sep 07, 2021 11:34 am

Re: VLANs with SwOS

Mon Sep 13, 2021 5:23 pm

Thank you guys, for the sanity check. I was a little bit concerned, because in my lab, it did not behave like I expected it to do. Probably a configuration error. I will try it this week and report back how it went.
 
JamesWithTik
just joined
Topic Author
Posts: 3
Joined: Tue Sep 07, 2021 11:34 am

Re: VLANs with SwOS  [SOLVED]

Fri Sep 17, 2021 4:07 pm

Well, I am ashamed to say that I found my error today.

I thought that something has to be wrong with my config or with my understanding of VLAN. Instead there was a cable error involved.
Instead of the cisco Port 20 that has all the tagged traffic, I connected Mikrotik to Port 21 that has only untagged guest traffic...

:lol:
 
User avatar
k6ccc
Forum Guru
Forum Guru
Posts: 1490
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)
Contact:

Re: VLANs with SwOS

Fri Sep 17, 2021 7:27 pm

Ah, a Layer 1 issue. Glad you got it figured out.

Who is online

Users browsing this forum: No registered users and 12 guests