I couldn't find a good straight forward example of how to do "Router on a stick with a MikroTik and Cisco Switch. This worked for me and I was wondering if anyone had any ideas on how to make it better?

I have a MikroTik 751G – Router/Wireless Access Point/5 Port Switch running Router OS 5.2. I'm trying to get the MikroTik to do some of the common things we teach young people in the Cisco Networking Academy program. In this exercise I got the MikroTik to do inter-VLAN routing on a Cisco 2950 switch. My teacher called this configuration “Router on a Stick.” On a Cisco router, an interface is made into a trunk port by creating a sub-interface for each VLAN running on the trunk line. The following steps describe how the MikroTik does it and commands for this setup.

MikroTik 751G Initial setup:
The router was connected to the LAN's gateway router (192.168.1.1) with static IP address 192.168.1.2 on ether1. Ether2 is configured as a master port for ports: ether3, ether4, and ether5. This make ports 2 thru 5 an Ethernet switch. The router was assigned the IP address 10.0.0.1/24 on the “Bridge-local interface. For this exercise the wireless access point (wlan1) was disabled.

OBJECTIVE:
Since the MikroTik 751G router is an integrated device containing a switch and wireless access point, I will create 3 VLANs in the 751G: VLAN10, VLAN20 and VLAN30. The Cisco switch will be setup with the same VLAN configuration. Ports on the Cisco switch will be assigned to appropriate VLANs and trunk ports will be established on both the router and switch. The IP network address configuration will be assigned as follows:
Interface Network Gateway Description
VLAN 1 10.0.0.0/24 10.0.0.1 On Cisco 2950 – Not Router
VLAN 10 10.0.1.0/24 10.0.1.1
VLAN 20 10.0.2.0/24 10.0.2.1
VLAN 30 10.0.3.0/24 10.0.0.1
ether1-gateway 192.168.1.0 192.168.1.2 WAN Connection
ether5-Trunk Trunk to 2950

Summary
Overview of Steps:

1. Configure a physical Ethernet interface on the router to be the trunk port to the switch.
2. Create VLANs and put them on the router's Ethernet trunk interface created in step 1.
3. Give the VLANs IP addresses
4. Create the dhcp servers for each VLAN
5. Configure the Cisco switch
1. Create the VLANs
2. Set the appropriate fast Ethernet ports to access mode
3. Set the appropriate fast Ethernet ports to access a VLAN
4. Set a trunk port on the switch
5. make the default VLAN (VLAN1) the management VLAN
6. cable the switch trunk port to the router trunk port and everything should work



How To
Details

1. Configure a physical Ethernet interface on the MikroTik router to be the trunk port to the Cisco switch (in my case, the default configuration had ether1 as a WAN interface and ether2 as the master port for Ethenet 3 thru 5) I Made the ether5 interface its own port (Master=none) and called it the Trunk port to the Cisco switch. I did this in the GUI changing the master-port parameter to “none” and the name to “ether5-Trunk.” In the command line it would be:

[admin@MikroTik] /interface ethernet> edit ether5-slave-local name=ether5-Trunk master-port=none

2. Create VLANs on the MikroTik router and put them on the trunk interface, in this case ether5-Trunk

[admin@MikroTik] interface vlan>
add name="vlan10" vlan-id=10 interface=ether5-Trunk disabled=no
add name="vlan20" vlan-id=20 interface=ether5-Trunk disabled=no
add name="vlan30" vlan-id=30 interface=ether5-Trunk disabled=no

3. Give the VLANs IP addresses.

[admin@MikroTik] /ip address>
add address=10.0.1.1/24 network=10.0.1.0 interface=vlan10
add address=10.0.2.1/24 network=10.0.2.0 interface=vlan20
add address=10.0.3.1/24 network=10.0.3.0 interface=vlan30

4. To create DHCP servers for each VLAN (use the wizard to make your life easy or ) follow these 3 steps.
1. Create address pools for VLAN dhcp servers

[admin@MikroTik] /ip pool>
add name="pool-VLAN-10" ranges=10.0.1.10-10.0.1.254
add name="pool-VLAN-20" ranges=10.0.2.10-10.0.2.254
add name="pool-VLAN-30" ranges=10.0.3.10-10.0.3.254

2. Add each dhcp server to the VLAN interface

[admin@MikroTik] /ip dhcp-server>
add name=dhcp-vlan10 address-pool=pool-VLAN10 interface=vlan10
add name=dhcp-vlan20 address-pool=pool-VLAN20 interface=vlan20
add name=dhcp-vlan30 address-pool=pool-VLAN30 interface=vlan30

3. Add each dhcp server to /ip dhcp-server network> This is where you get the dhcp server to serve up all the other options possible to client machines such as: Gateway, DNS servers, WINS server, NTP server and the like.

[admin@MikroTik] /ip dhcp-server network>
add address=10.0.1.0/24 gateway=10.0.1.1 wins-server=10.0.0.10 \
dns-server=4.2.2.2,8.8.8.8 domain=Testnet10
add address=10.0.2.0/24 gateway=10.0.2.1 wins-server=10.0.0.10 \
dns-server=4.2.2.2,8.8.8.8 domain=Testnet20
add address=10.0.3.0/24 gateway=10.0.3.1 wins-server=10.0.0.10 \
dns-server=4.2.2.2,8.8.8.8 domain=Testnet30

5. Configure the Cisco switch
1. Create the VLANs

Switch>enable
Switch#configure terminal
Switch(config)#vlan 10
Switch(config-vlan)#name VLAN10
Switch(config-vlan)#no shutdown
Switch(config-vlan)#exit
Switch(config)#vlan20
Switch(config-vlan)#name VLAN20
Switch(config-vlan)#no shutdown
Switch(config-vlan)#exit
Switch(config)#vlan30
Switch(config-vlan)#name VLAN30
Switch(config-vlan)#no shutdown
Switch(config-vlan)#end
Switch#

2. Assign the fast Ethernet ports to VLANs. The following commands must be issued on each interface to be put on a VLAN. The Range command can be used to put multiple interfaces on the same VLAN.

Switch#configure terminal
Switch(config)#interface fastEthernet 0/XX
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 10
Switch(config-if)#exit

3. Set a trunk port that will be connected to the MikroTik trunk interface (ether5-Trunk).

Switch#configure terminal
Switch(config)#interface fastethernet 0/XX
Switch(config-if)#switchport mode trunk
Switch(config-if)#switchport trunk native vlan 1
Switch(config-if)#switchport trunk allowed vlan all
Switch(config-if)#end

4. make the default VLAN (vlan1) the management vlan and give it an IP address on the same network as the MikroTik router whose address is 10.0.0.1/24 (you already made VLAN 1 the native VLAN in step 3 above).

Switch#configure terminal
Switch(config)#interface vlan 1
Switch(config-if)#description ##__Management VLAN__##
Swich(config-if)#ip address 10.0.0.2 255.255.255.0
Switch(config-if)#no shut
Switch(config-if)#end

5. cable the switch trunk port to the router trunk port and everything should work

FINALLY:
I reconfigured my gateway router (192.168.1.1) with a new static route to the MikroTik that aggregated the 10.0.0.0/24 to include the new VLAN addresses by changing the netmask from 24 to 22 (10.0.0.0/22). now I can ping all the hosts on the MikroTik router from all hosts on the gateway router.

If you are staying within the confines of the CCNA course then it seems fair enough. In productions networks I would not use VLAN 1 as the management network nor would I have VLAN 1 as the native VLAN on the Cisco trunk - but Cisco doesn't cover the security reasons for those choices until later courses.

have heard that VLAN 1 should not be the management nor native VLAN but never saw documentation. And your right Cisco Academy actually instructs this use of VLAN 1 in many exercises

I'll look for information on the proper configuration of VLAN 1
Thanks

Cisco ships switches with all ports in VLAN 1 and configured so that they work "out of the box" as switches.

To avoid certain security issues it is a good idea to set the native VLAN on trunks to an unused VLAN and only use tagged VLANs on trunks to carry management, control or data traffic. Cisco does not get into that until CCNA Security level training.

Hi Marcus, thank you for your research on creating vlans from a cisco switch to the mikrotik router.  It works flawlessly.  This is the first complete instruction outline with all the details for setting up the network where the bridge is completely sidelined thus improving the speed to a wire speed on the switch ports.  It worked right out of the box after config was done. Simply marvelous.  Now I can start putting some rules, filtering and doing other stuff.  Thank you for a wonderful write-up.  There are so many folks looking for a vlan setup using the cisco switch and want to do it without using the bridge.  Wonder why this write-up of yours has not got that attention.
I bought this router so that I could configure the heck out of it since the pfsense router I had on a small desktop was generating so much heat.  I had pfsense on a virtualbox vm.  Ran flawlessly but generated lots of heat.  This Mikrotik router is fantastic.  So many configurations and possibilities. 

thanks
mtiker2916

Hi, this is a newbie question of sorts. Marcus makes a mention of a "sub-interface" on the cisco sw. My understanding of the sub-interface is when a physical interface (port) on the router/switch uses convention like "fa0/0.xx" to partition the interface "fa0/0" into any number of required sub-interfaces. My question is, if the physical interface(s) between the cisco sw and the mikrotik router is configured as a trunk interface with VLANS defined on both sides (SW and router) and a SVI defined on the Mikrotik, then would this still be categorized as using sub-interfaces on the Mikrotik? I am confused because in this example there was no partitioning of the interface on either side and only a trunk used (both devices are trunk-aware). Please explain.

thanks for your help and time.

tiker