Community discussions

MikroTik App
 
networknoob88
newbie
Topic Author
Posts: 45
Joined: Sun Jul 15, 2018 6:00 pm

First time MT user, got new CCR1009-7G, how to create VLAN (interface vs bridge)?

Tue Jul 17, 2018 7:52 am

I'm new to the real networking world and just got a CCR1009-7G with the latest version of RouterOS/Winbox to learn.

One thing that's causing me massive confusion is VLAN. Tried to look up guides and documentations and they all seemed to mostly refer to either some older version of CCR1009 or some older version of RouterOS, where the VLAN settings were apparently different. There were some newer forum posts that seemed to explain the differences, but they're too technical for me to understand at this point.

In my RouterOS 6.42.6 on my CCR1009-7G, I see two places that allow me to create VLANs, one in "Interface" and one in "Bridge". Where should I start? What's the difference?

Right now I'm mostly in interested in setting up some basic untagged VLANs, or what I assume to be "port-based VLANs". Each VLAN on a single port or two ports (so VLAN200 on ether4, VLAN300 on ether5 and ether6 which I guess should be bridged?), then each port will connect to dumb switches with dumb clients. Just for isolation really.

Your advice, or a simple updated guide, would be greatly appreciated!
 
networknoob88
newbie
Topic Author
Posts: 45
Joined: Sun Jul 15, 2018 6:00 pm

Re: First time MT user, got new CCR1009-7G, how to create VLAN (interface vs bridge)?

Tue Jul 17, 2018 5:17 pm

In this document:
https://wiki.mikrotik.com/wiki/Vlans_on ... nvironment
which I assume applies to the current RouterOS version, the example is to first create vlan under Interface, but add a trunk port as the VLAN's interface. Then create a bridge that connects an access port to the VLAN.

What if I do not need a trunk port? I just want the VLAN on a particular port, do I add this port to the VLAN's interface? Do I still need a bridge? Another confusing thing is, when I create a VLAN under Interface, I do not see any option to make the port tagged or untagged. These options only seem to appear under the Bridge vlans. Then there's also PVIDs and "VLAN filtering" etc that's even more confusing. Finally, if I end up creating both a bridge and vlan, exactly how do I reference my vlan later in firewalls and routes etc, by the bridge name or vlan name? Do I assign IP range and DHCP server on the vlan or on the bridge?

Help!
 
User avatar
Steveocee
Forum Guru
Forum Guru
Posts: 1120
Joined: Tue Jul 21, 2015 10:09 pm
Location: UK
Contact:

Re: First time MT user, got new CCR1009-7G, how to create VLAN (interface vs bridge)?

Tue Jul 17, 2018 10:27 pm

If you create a VLAN against an interface then the tag applies to that interface on either ingress or egress.
If you apply the VLAN to a bridge then the VLAN tag is there for any interfaces that are ports of that bridge.

If you have 1 "main" bridge and the VLANs are attached to it then effectively your entire network becomes the "trunk".
 
networknoob88
newbie
Topic Author
Posts: 45
Joined: Sun Jul 15, 2018 6:00 pm

Re: First time MT user, got new CCR1009-7G, how to create VLAN (interface vs bridge)?

Wed Jul 18, 2018 1:15 am

If you create a VLAN against an interface then the tag applies to that interface on either ingress or egress.
If you apply the VLAN to a bridge then the VLAN tag is there for any interfaces that are ports of that bridge.

If you have 1 "main" bridge and the VLANs are attached to it then effectively your entire network becomes the "trunk".
Thanks. How do I make the ports untagged as packets leave so my non vlan aware clients can use the vlan? Does it have something to do with PVID?

Who is online

Users browsing this forum: Bing [Bot], nescafe2002 and 75 guests