Community discussions

 
saka
just joined
Topic Author
Posts: 2
Joined: Wed May 29, 2019 11:59 am

Tagged input packet with VLAN ID

Sat Jun 01, 2019 9:45 am

Hi,
As i show network diagram in attachment, a security station was connected with devices like: PC, Camera, IP-Phone and etc. to main building with mikrotik "SXT 5nD R2".
In security station, devices connect to network via desktop switch (UNMANAGED) and in other hand in main building mikrotik radio connected to a cisco 2960.
Each device have its VLAN ID. The problem is: in security station i can not configure VLAN due to unmanaged switch.
my question is:
Is a way to config vlan on mikrotik radio (i do not want to buy a managed switch) an send packets with related VLAN ID to main building?

Best Regards,
Saeed
You do not have the required permissions to view the files attached to this post.
 
sindy
Forum Guru
Forum Guru
Posts: 3811
Joined: Mon Dec 04, 2017 9:19 pm

Re: Tagged input packet with VLAN ID

Sun Jun 09, 2019 11:28 am

Hi @saka, you haven't stated the most important part (or I haven't understood it from your post) - are all the devices including the camera and the POS terminal able to tag/untag the frames with a VLAN tag themselves, or do they depend on the switch doing that for them? If the PC is running Windows, it most likely needs the switch to tag/untag the frames, Linux PCs can usually do that themselves.

So - if all your connected devices, or all but one, can handle VLAN tagging on themselves, an unmanaged switch is enough and you only need the two Mikrotiks to communicate wirelessly in bridging mode so that they would pass the tagged VLAN frames transparently between the trunk port at the C2960 and the dumb switch at the security station, and if the single device needs the VLAN tagging/untagging to be done externally, to do that on the Mikrotik.

If more than one device connected on the security station needs the tagging/untagging to be done externally, I would prefer a managed switch, because it is possible to do the task of converting "mac-based VLAN" into "tag-based VLAN" on the Mikrotik, but such solution is poorly manageable. The dumb switch will not tell the Mikrotik from which of its ports the frame is coming, so the only identification you have is the MAC address of the device, which changes if you replace it by a new one.

So if you think about connecting just a single security station at the gate of some resort, the managed switch (which can be a hEX) will cost you less hair during maintenance; if you think about tens of such security stations, then maybe the savings on the price difference between a dumb switch and hEX can justify the workload associated to the maintenance of the MAC-based VLAN. Also think about the night when a camera fails and needs to be replaced - with managed switch, the guard can disconnect the old one, connect the new one to the same port and that's it; with MAC-based VLAN, you'll have to connect there and change the MAC in the filter rules on the Mikrotik radio to the one of the new camera.

One more reason to use a "better" switch would be that most cameras, many POS terminals, and almost all IP phones can be powered using PoE, so it's less burden with cabling if you use hEX PoE or an equivalent. But yes, there are also dumb switches with PoE, so it is again your time&nerves vs. the price of the switch.

Let me know if, despite all the disadvantages, you want to take the MAC-based way.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
saka
just joined
Topic Author
Posts: 2
Joined: Wed May 29, 2019 11:59 am

Re: Tagged input packet with VLAN ID

Mon Jun 10, 2019 5:16 pm

Hi Dear Sindy
Thanks alot for your complete answer, Devices in Security Station unable to tag/untag the frames with a VLAN tag themselves.
I think that (As you mentioned) buying a WS-2960C-8TC-L resovle the problem.
Thanks and Best Regards.
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1776
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: Tagged input packet with VLAN ID

Tue Jun 11, 2019 12:06 pm

Bad news: since the devices can't tag traffic themselves, with an unmanaged switch it's not possible to isolate the networks.

You'll need something to do that for them: indeed managed switch would do the trick, but also any routerboard with 5 ports (if the count is correct).

So suggest you get a cheap 5 ports Tik router and configure access ports on it and trunk to SXT.

Who is online

Users browsing this forum: No registered users and 107 guests