MikroTik

Hello.
I am a beginner.
Can you please explain me how to configure RouterBOARD 750 for work with vlan like this: Here is my configuration


My vlan dont works. Can you please explain how to set up it correct?

First of all router boards and RouterOS is not designed to be a switch, so don't expect it to act like a switch or be very efficient or good at switching functions. Each VLAN is it's own separate routed interface.

With that being said, what you want is fairly simple to accomplish.
1.) Create your two VLAN interfaces on Ether1
2.) If not already done remove ports 4 and 5 from the switch chip/group.
3.) Create two bridges, one for VLAN4 and one for VLAN5.
4.) Assign VLAN4 and ether4 to one bridge and VLAN5 and ether5 to the other bridge.

That will make traffic coming in on ether5 go out of VLAN5 tagged, and the reverse of that, and the same thing for VLAN4.

thank you

First of all router boards and RouterOS is not designed to be a switch, so don't expect it to act like a switch or be very efficient or good at switching functions. Each VLAN is it's own separate routed interface.
.

Where did this come from? If board have switch chip on it (RB750 has one for ports ether2-ether5) switching is possible and it is working. You can't be good or bad at it, it just is there and it is working.

And RouterOS has whole section in Winbox's main menu call "switch" and there is page called "VLAN". You should be able to find all you need there. And have the all manageable switch functionality without even touching your CPU

Where did this come from? If board have switch chip on it (RB750 has one for ports ether2-ether5) switching is possible and it is working. You can't be good or bad at it, it just is there and it is working.

As a simple switch yes it works, but my statement comes from me using 3Com and Cisco managed switches in almost all of my networks. If I'm in a production network, I'm going to use VLANs and other features of a full switch to isolate end users from each other and to support other goals of the network. If you don't need or want those functions then the switch chip will work fine.

I am trying to do something very similar to the OP. I want VLAN 10 and VLAN 20 (private/public). I've spent numerous hours on this and I'm not getting anywhere.

I want a separate DHCP server on VLAN 10 and VLAN 20. I am able to create both of those VLANs, apply them to separate interfaces, remove those interfaces from the original switch chip group (by taking away the "master" port setting on it). I setup DHCP on both VLANs - it seems like everything should work. In Winbox I'm not getting any errors. But when I plug a computer into those ports I'm not getting an IP Address. I would assume (incorrectly?) that when I would apply a VLAN to an interface it should automatically tag packets with the corresponding VLAN ID and deliver me an IP from the DHCP Server on that VLAN.

Although what did work was putting the interface and VLAN on it into a bridge. Doesn't this defeat the purpose of having a VLAN, though? Or am I missing something? What if I had multiple VLANs on one physical interface with one DHCP server on each VLAN? Wouldn't that cause problems?

You have to keep in mind that traffic leaving a VLAN interface of a MikroTik, including DHCP will have a VLAN tag on it, and any traffic going into that interface must have the appropriate VLAN tag. Windows does not know how to read VLAN tags at all and does not pass VLAN tags, and I do not believe you can easily or will be able to somehow port that ability into it. Linux does know how to read VLAN tags, but you need to download the package for that usually and make sub interfaces so it knows to listen to a specific VLAN.

So if I'm reading your setup correctly, you would need a managed switch in between the client PC and the router that would read, attach, and strip off the VLAN tags for the computer in order to get it to work.

I have a RB750G which I was creating the VLAN tags on. I didn't put it into the mix yet, but I also have an RB250GS (managed switch). So I should be using the 250GS as the mediator between the 750G and the PCs? I will try that and see what happens.

I've never used the 250, so I can't answer what it can do for Tagged and Untagged ports with VLANs. You can try it out and see what happens.

In essence yes, you cannot send VLAN tags to client machines, most of the time they will not understand them and just drop the packet, something needs to strip off the VLAN tag before it is sent to the client. Then something needs to add back in the VLAN tag on return traffic so it gets back to the right interface. That is what an "untagged" port on a switch does, any traffic leaving that interface will have any VLAN tags removed, and any traffic coming in without a tag will have a VLAN tag added to it, the PVID of the port.

Thanks for the help. That all seems to make sense. For the life of me I can't get it to work. I have it strip off the VLAN tag on Port2 (where my laptop is plugged in) and Port 1 is set to VLAN 10. I'll keep researching..I feel like I'm missing something right in front of me. lol I spent hours on this.

If your laptop is plugged directly into port 2 where there is a VLAN assigned to that port and all of your services are running on the VLAN interface, the reason it's not working is because your laptop more than likely cannot read the VLAN tags, and is therefore just dropping the traffic. The same also holds true for port 1, anything plugged into that needs to be VLAN aware. By default most equipment is not set up to deal with VLANs right out of the box and you need to specifically configure them for it.

Lets start back at the beginning with basics. What is the layout of the network and what are you trying to achieve? A quick diagram of what you are thinking would be helpful in this.

I'm simply trying to learn how to do it, so I can deploy it into a small business network later.

For now, I have a 750G with Ether4 with the VLAN

What I'd like:
Ether1->
Ether2->
Ether3->
Ether4-> VLAN 10 w/ DHCP to laptop
Ether5-> Laptop for management (no VLAN)

What I have now:

Ether1->
Ether2->
Ether3->
Ether4->VLAN 10 -> RB250GS (ether1) -> MacBook (ether2)
Ether5->Laptop for management (no vlan)

On the managed switch (250GS):

Ether1 - VLAN 10 is enabled on the Ingress and force adds the VLAN 10 header on Egress.
Ether2 - VLAN 10 is enabled on the Ingress but I have it "always strip" the VLAN tag on the Egress. I'd assume this strips any VLAN tags heading towards the laptop.

It's still not passing DHCP at all. I'm about to give up on this entirely. I didn't think it would be this difficult.

Hello.
I am a beginner.
Can you please explain me how to configure RouterBOARD 750 for work with vlan like this:

Code: Select all

vlan4, vlan5 ==> [ether1]
                 [ether2]
                 [ether3]
                 [ether4] == vlan4 ==> computer
                 [ether5] == vlan5 ==> another computer

Here is my configuration


My vlan dont works. Can you please explain how to set up it correct?

I can't see your configuration image but let's go:

INTERFACE -> + sign -> VLAN
as you are using vlan4 and vlan5 incoming your RB, these VLANs must be tagged, in your case set the tag in VLAN ID.

To outcoming traffic to computers the vlan must be untagged and you can obtain this not configuring vlan on eth4 and eth5 interfaces, it's better to create a bridge interface and add vlan4,vlan5,eth4 and eth5, because your computers must not be capable to use VLAN, unless your NIC card computer is set to do use vlan.

Hello.
I am a beginner.
Can you please explain me how to configure RouterBOARD 750 for work with vlan like this:

Code: Select all

vlan4, vlan5 ==> [ether1]
                 [ether2]
                 [ether3]
                 [ether4] == vlan4 ==> computer
                 [ether5] == vlan5 ==> another computer

Please give more detailed description of your configuration. What is the purpose of this configuration. What exactly do you mean by vlan4 and vlan5?

I'm simply trying to learn how to do it, so I can deploy it into a small business network later.

For now, I have a 750G with Ether4 with the VLAN

What I'd like:
Ether1->
Ether2->
Ether3->
Ether4-> VLAN 10 w/ DHCP to laptop
Ether5-> Laptop for management (no VLAN)

What I have now:

Ether1->
Ether2->
Ether3->
Ether4->VLAN 10 -> RB250GS (ether1) -> MacBook (ether2)
Ether5->Laptop for management (no vlan)

On the managed switch (250GS):

Ether1 - VLAN 10 is enabled on the Ingress and force adds the VLAN 10 header on Egress.
Ether2 - VLAN 10 is enabled on the Ingress but I have it "always strip" the VLAN tag on the Egress. I'd assume this strips any VLAN tags heading towards the laptop.

It's still not passing DHCP at all. I'm about to give up on this entirely. I didn't think it would be this difficult.

But is Ether2 set to add in the VLAN10 tag to all ingress traffic? It may be stripping of the VLAN tag for all traffic leaving the interface so the laptop can read it, but if it's not adding in a tag for all traffic coming in from the laptop it will never reach the appropriate RB interface. Once again I can't specifically speak to a 250S configuration as I've never used one, but without the Laptop being able to talk back to VLAN10 by way of the switch, there is no way it can reach out and recieve a DHCP lease.

Yes Egress is set to strip off the VLAN tags on Ether2 where the laptop is plugged in and the VLAN is enabled on the Ingress. Everything is setup exactly as it should be at this point. I don't want to put any more time into this as I spent approx. 10 hours on this and I've gotten absolutely nowhere. Adding the VLANs and physical port to a bridge defeats the purpose of me having VLANs in the first place.