Can I have the Mikrotik work with my Dell switch and act as a router on a stick? I have a DELL switch with an uplink port plugged into the Ether1 port of the MT and it is configured with 2 VLAN's - VLAN1 and VLAN2. I have created 2 VLAN's on the MT. Can I have the ETHER1 on the MT talk on 2 differnt VLAN's? I want VLAN1 to be 1 subnet and VLAN2 to be another. I want the MT to be the router between the 2 subnets. I also want the MT to be the DHCP server for each subnet - can it do these things?
Thanks,
Jerry
562-305-9545
Yes it can.
I have done it with a MiLan 8 port with fiber uplink.
The trick is in the VLan setup at the switch.
You must set up the uplink port as a member of both vlans.
The ports must be asigned to the seperate vlans.
(There are two types of VLan setting required on the MiLan)
I cant remember the exact names at the moment.
Create the VLan(s) on the MikroTik and specify the interface hooked to the uplink port as the "VLan Host" for each VLan.
Create the IP Pools, and DHCP server services and bind them to the seperate VLan interfaces. :!: (IMPORTANT: VLans NOT VLan host interface) :!: Failure to bond DHCP correctly will not work !
Remember to set up source NAT etc. for outbound routing...
I have built this is the lab and it works GREAT !!!
I have done it with a MiLan 8 port with fiber uplink.
The trick is in the VLan setup at the switch.
You must set up the uplink port as a member of both vlans.
The ports must be asigned to the seperate vlans.
(There are two types of VLan setting required on the MiLan)
I cant remember the exact names at the moment.
Create the VLan(s) on the MikroTik and specify the interface hooked to the uplink port as the "VLan Host" for each VLan.
Create the IP Pools, and DHCP server services and bind them to the seperate VLan interfaces. :!: (IMPORTANT: VLans NOT VLan host interface) :!: Failure to bond DHCP correctly will not work !
Remember to set up source NAT etc. for outbound routing...
I have built this is the lab and it works GREAT !!!
Router on a Stick w/dhcp server per vlan
- You must set up the uplink port as a member of both vlans. - Done!
- The ports must be asigned to the seperate vlans. You mean on the switch? VLAN1 is ports 1,2 and 25 (25 is the uplink) VLAN2 is ports 3,4 and 25 (Again 25 is the uplink to the MT)
- Create the VLan(s) on the MikroTik and specify the interface hooked to the uplink port as the "VLan Host" for each VLan. I created 2 VLANs (1 and 2) and they are both assigned to Ether1 (LAN of MT) Is this correct?
- Create the IP Pools, and DHCP server services and bind them to the seperate VLan interfaces. :!: (IMPORTANT: VLans NOT VLan host interface) :!: Failure to bond DHCP correctly will not work ! I set up 2 DHCP pools (10.10.10.0/24 and 20.20.20.0/24) and assigned each to the VLAN interface (NOT ether1) Assigned 10.10.10.1 to VLAN1 interface and 20.20.20.1 to VLAN2 interface.
Still can't pull an address from either DHCP Pool. Assigned an IP to my workstation statically and cannot ping. I am pretty sure I have my switch correct. Can you send me an example of your MT config?
Thanks,
Jerry
- The ports must be asigned to the seperate vlans. You mean on the switch? VLAN1 is ports 1,2 and 25 (25 is the uplink) VLAN2 is ports 3,4 and 25 (Again 25 is the uplink to the MT)
- Create the VLan(s) on the MikroTik and specify the interface hooked to the uplink port as the "VLan Host" for each VLan. I created 2 VLANs (1 and 2) and they are both assigned to Ether1 (LAN of MT) Is this correct?
- Create the IP Pools, and DHCP server services and bind them to the seperate VLan interfaces. :!: (IMPORTANT: VLans NOT VLan host interface) :!: Failure to bond DHCP correctly will not work ! I set up 2 DHCP pools (10.10.10.0/24 and 20.20.20.0/24) and assigned each to the VLAN interface (NOT ether1) Assigned 10.10.10.1 to VLAN1 interface and 20.20.20.1 to VLAN2 interface.
Still can't pull an address from either DHCP Pool. Assigned an IP to my workstation statically and cannot ping. I am pretty sure I have my switch correct. Can you send me an example of your MT config?
Thanks,
Jerry
I cant remember the term at the moment, but the trick is still in the VLAN at the switch.
you have the vlan created, but it needs to "Tag" the packets to they go correctly to the ports. (the router will use tags to get to the correct vlans).
I will look up the config. and drop a line. I cant send a config at the moment as the router setup was for a proof of concept prototype and had been taken down.
I think the missing piece is at the switch !!
Craig
you have the vlan created, but it needs to "Tag" the packets to they go correctly to the ports. (the router will use tags to get to the correct vlans).
I will look up the config. and drop a line. I cant send a config at the moment as the router setup was for a proof of concept prototype and had been taken down.
I think the missing piece is at the switch !!
Craig
Router on a Stick (VLAN's)
This WORKS!
Now - I need to prevent each VLAN/Subnet from accessing each other VLAN/Subnet and only allow each to get an IP address from the DHCP server (MikroTik) and get out to the internet.
How would you accomplish this? Firewall rules?
Thanks,
Jerry
Now - I need to prevent each VLAN/Subnet from accessing each other VLAN/Subnet and only allow each to get an IP address from the DHCP server (MikroTik) and get out to the internet.
How would you accomplish this? Firewall rules?
Thanks,
Jerry
This is the question....
There are differing opinions on how to do this...
Fire wall rules or routing rules...
I will drop a line to support and see what they think...
I am an OEM so I can tug on an ear or two for you...
Just how mant tennants are you looking to service ?? (Vlans)
:lol:
Craig Sickles
http://www.pc-routers.com
PS: I remembered something this morning...
Many clients do NOT know what to do with a VLAN tag.. so..
The trick is to tag the port traffic but NOT pass the tag out of the port...(to the client) Make sence... Tag the traffic "from the port thru the switch to the router and back, but do not pass it to the client. (Most switches can do this, I think it is part of the port tagging. (If tou have a wintel unit passing traffic then you should be ok.)
There are differing opinions on how to do this...
Fire wall rules or routing rules...
I will drop a line to support and see what they think...
I am an OEM so I can tug on an ear or two for you...
Just how mant tennants are you looking to service ?? (Vlans)
:lol:
Craig Sickles
http://www.pc-routers.com
PS: I remembered something this morning...
Many clients do NOT know what to do with a VLAN tag.. so..
The trick is to tag the port traffic but NOT pass the tag out of the port...(to the client) Make sence... Tag the traffic "from the port thru the switch to the router and back, but do not pass it to the client. (Most switches can do this, I think it is part of the port tagging. (If tou have a wintel unit passing traffic then you should be ok.)
