Hello,
As I'm new to Mikrotik and to configuring Vlans, I'm relying on you to give me a hand, I hope my explanations won't be too unpleasant to read, despite my rather poor English.
Here is my configuration:
-UDM Pro Max router
-UACC-DAC-SFP10 (Ubiquiti) 10Gbe => connected to combo 1 of the Mikrotik
-Mikrotik CRS312-4c+8xg-rm switch
-2x UACC-DAC-SFP10 1Gbe : Link aggregation (812.3ad) (I may add one or two RJ45 cables later to increase aggregation, if necessary) => Connected to Mikrotik combo 3 and 4
-Ubiquiti US-24-250W POE switch (24 ports)
I'm using the Mikrotik switch as an aggregation switch for the Ubiquiti switch and as a 10Gbe switch for customers who support it. So far, so good!
You still need to learn how to tame the Mikrotik equipment.
In terms of the Vlans configured on the router :
- 23-LAN-MNGT ==> Management LAN, only the network equipment needs to have these IPs (including the wifi terminals)
- 33-LAN-CLIENTS ==> LAN for all clients
- 43-LAN-IOT
- 53-LAN-CHILD
- 63-LAN-GUEST
- 73-LAN-WORK
- 103-LAN-LAB
I'm using Router OS (I realised that link aggregation wasn't working in SwOS with my Ubiquiti switch, I don't know why).
I've tried to configure the switch using several commands found on the forum, but I have a knack of breaking down, I don't know exactly what I'm doing and how I should go about it.
At first sight the Vlans are well configured, but the DHCP on my router doesn't assign IPs (192.168.33.xx) to my clients connected to the Mikrotik switch, they're all on 192.168.23.xx and not on VLAN 33-LAN-MNGT, so it doesn't matter what I do (create a VLAN 33 interface, create a vlan id 33 bridge, add a DHCP relay on 192.168.33.1).
I plan to delete the DHCP range for my Vlan 23-LAN-MNGT on my router so that I can only assign manual IPs to the equipment once the switch has been configured.
The Ubiquiti switch works perfectly, but I've had to put all the ports on the Ubiquiti switch on Vlan 33 (except for the wifi terminals in .23 and a Zigbee adapter in .43), I don't know if there's a better practice?
From what I understand, the ‘default’ Vlan on an Ubiquiti router will always be the Vlan used by the router, so 23-LAN-MNGT in my case, so I have to switch all the switch ports to different VLANs.
Don't hesitate to tell me what you think of my configuration (hardware and Vlan), I've been thinking about it for a long time and I waited several months to set it up, the time to find all the hardware I needed (I bought quite a few second-hand).
Sorry for the basic questions, as you've noticed I'm a beginner but I'm very interested in the network.
I've gone back to an original configuration (just the 802.3ad bonding configured) in order to apply your advice without being polluted by a bizarre configuration invented by myself.
Thanks in advance for your help
Re: VLAN UDM Pro Mikrotik
What I do when configuring vlans is take one port off the bridge!!
/interface ethernet
set [ find default-name=eth8 ] name=OffBridge8
/ip address
add address=192.168.77.1/30 interface=OffBridge8 network=192.168.77.0
/interface list member { only need one interface list on this device }
add interface=OffBridge8 list=TRUSTED
Then plug in lapotp to ether8 set ipv4 settings to 192.168.77.2 and you should be in. A must safer and nice location to do the config from.
+++++++++++++++
This is the best ref....... ( check the switch ref example)
viewtopic.php?t=143620
Also this ref is excellent
https://www.youtube.com/watch?v=YLtGQAQ8iS0&t=77s
/interface ethernet
set [ find default-name=eth8 ] name=OffBridge8
/ip address
add address=192.168.77.1/30 interface=OffBridge8 network=192.168.77.0
/interface list member { only need one interface list on this device }
add interface=OffBridge8 list=TRUSTED
Then plug in lapotp to ether8 set ipv4 settings to 192.168.77.2 and you should be in. A must safer and nice location to do the config from.
+++++++++++++++
This is the best ref....... ( check the switch ref example)
viewtopic.php?t=143620
Also this ref is excellent
https://www.youtube.com/watch?v=YLtGQAQ8iS0&t=77s
Re: VLAN UDM Pro Mikrotik
Thanks a lot, I've learned a lot thanks to you and everything works.
I can access the MiKroTik Switch from my VLAN33 (Clients) and from my VLAN23 (MGMT).
To do this, I had to add the two VLANs in Interface List / VLAN : Is this bad practice?
I still have a mystery, I can't ping my MiKroTik router or my Ubiquiti router when I'm connected to my switches (VLAN33), is this normal?
I'm trying to send a ping from my VLAN33 to equipment in VLAN23, logically my Firewall is correctly configured on my router (I can access the router administration interface locally from both VLANs), I imagine that there is a particular configuration on MiKroTik?
I can access the MiKroTik Switch from my VLAN33 (Clients) and from my VLAN23 (MGMT).
To do this, I had to add the two VLANs in Interface List / VLAN : Is this bad practice?
I still have a mystery, I can't ping my MiKroTik router or my Ubiquiti router when I'm connected to my switches (VLAN33), is this normal?
I'm trying to send a ping from my VLAN33 to equipment in VLAN23, logically my Firewall is correctly configured on my router (I can access the router administration interface locally from both VLANs), I imagine that there is a particular configuration on MiKroTik?
You do not have the required permissions to view the files attached to this post.
Re: VLAN UDM Pro Mikrotik
Well would have to see the MT config to comment constructively.
Yes there should be no need to reach the config from the client network??? Why??
The management network is there for that purpose.
The only other access is via ether8 direct on site.
/export file=anynameyouwish (minus router serial number, any public WANIP information, keys etc. )
Yes there should be no need to reach the config from the client network??? Why??
The management network is there for that purpose.
The only other access is via ether8 direct on site.
/export file=anynameyouwish (minus router serial number, any public WANIP information, keys etc. )
Re: VLAN UDM Pro Mikrotik
This is a personal network, with only the equipment on VLAN23 (PVID1).
As this is a home network, it doesn't require any extra security and I'd like to be able to access the configuration directly from my VLAN Clients, which is there to host the house machines.
This is for greater convenience
The switch is placed between my router and my POE 24p switch, and is only used to provide 10Gb and 802.3ad to the 24p switch.
Here is the configuration:
As this is a home network, it doesn't require any extra security and I'd like to be able to access the configuration directly from my VLAN Clients, which is there to host the house machines.
This is for greater convenience
The switch is placed between my router and my POE 24p switch, and is only used to provide 10Gb and 802.3ad to the 24p switch.
Here is the configuration:
Code: Select all
# 2024-12-06 19:16:00 by RouterOS 7.16.1
# software id = T2R6-XMNP
#
# model = CRS312-4C+8XG
# serial number =
/interface bridge
add name=bridge vlan-filtering=yes
/interface ethernet
set [ find default-name=combo3 ] auto-negotiation=no speed=1G-baseT-full
set [ find default-name=combo4 ] auto-negotiation=no speed=1G-baseT-full
/interface vlan
add interface=bridge name=vlan23 vlan-id=23
add interface=bridge name=vlan33 vlan-id=33
/interface bonding
add mode=802.3ad name=802.3ad-Uplink-US-24-250W slaves=combo3,combo4 \
transmit-hash-policy=layer-3-and-4
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/port
set 0 name=serial0
/interface bridge port
add bridge=bridge ingress-filtering=no interface=ether1 pvid=33
add bridge=bridge ingress-filtering=no interface=ether2 pvid=33
add bridge=bridge ingress-filtering=no interface=ether3 pvid=33
add bridge=bridge ingress-filtering=no interface=ether4 pvid=33
add bridge=bridge ingress-filtering=no interface=ether5 pvid=33
add bridge=bridge ingress-filtering=no interface=ether6 pvid=33
add bridge=bridge ingress-filtering=no interface=ether7 pvid=33
add bridge=bridge ingress-filtering=no interface=ether8 pvid=33
add bridge=bridge ingress-filtering=no interface=ether9 pvid=33
add bridge=bridge interface=combo1
add bridge=bridge interface=combo2
add bridge=bridge disabled=yes interface=combo3
add bridge=bridge disabled=yes interface=combo4
add bridge=bridge interface=802.3ad-Uplink-US-24-250W
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface bridge vlan
add bridge=bridge tagged=combo1,802.3ad-Uplink-US-24-250W untagged=\
ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether1 vlan-ids=33
add bridge=bridge tagged=combo1,802.3ad-Uplink-US-24-250W,bridge vlan-ids=23
add bridge=bridge tagged=combo1,802.3ad-Uplink-US-24-250W untagged=\
ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether1 vlan-ids=43
add bridge=bridge tagged=combo1,802.3ad-Uplink-US-24-250W untagged=\
ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether1 vlan-ids=53
add bridge=bridge tagged=combo1,802.3ad-Uplink-US-24-250W untagged=\
ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether1 vlan-ids=63
add bridge=bridge tagged=combo1,802.3ad-Uplink-US-24-250W untagged=\
ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether1 vlan-ids=73
add bridge=bridge tagged=combo1,802.3ad-Uplink-US-24-250W untagged=\
ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether1 vlan-ids=103
/interface list member
add interface=ether1 list=LAN
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=ether5 list=LAN
add interface=ether6 list=LAN
add interface=ether7 list=LAN
add interface=ether8 list=LAN
add interface=ether9 list=LAN
add interface=combo1 list=LAN
add interface=combo2 list=LAN
add interface=combo3 list=LAN
add interface=combo4 list=LAN
/ip address
add address=192.168.23.2/24 interface=vlan23 network=192.168.23.0
add address=192.168.23.2/24 interface=ether2 network=192.168.23.0
/ip dns
set servers=192.168.23.1
/system clock
set time-zone-name=Europe/Paris
/system note
set show-at-login=no
/system routerboard settings
set enter-setup-on=delete-key
/system swos
set address-acquisition-mode=dhcp-only identity=MikroTik static-ip-address=\
192.168.1.247Who is online
Users browsing this forum: infabo and 43 guests