MikroTik VLAN Routing

Tal · Sun Jun 21, 2015 8:03 pm

I have a MikroTik device that I setup like this:

ether2-ether5: Native VLAN
ether6-ether9: VLAN 10
ether1 - Trunk port carrying both VLANs - the Native VLAN is untagged and VLAN 10 is tagged

This is how I set it up:

#Create vlan10 and attach it to the trunk port (ether1)
/interface vlan add name=vlan10 interface=ether1 vlan-id=10

#Create 2 bridges
/interface bridge add name=DEFAULT
/interface bridge add name=VLAN10

#Attach the trunk port to DEFAULT bridge. This basically means anything not tagged on ether1 belongs to the DEFAULT bridge
/interface bridge port add bridge=DEFAULT interface=ether1

#ether2-ether5 are in the DEFAULT bridge
/interface bridge port add bridge=DEFAULT interface=ether2
/interface bridge port add bridge=DEFAULT interface=ether3
/interface bridge port add bridge=DEFAULT interface=ether4
/interface bridge port add bridge=DEFAULT interface=ether5

#ether6-ether9 are in the VLAN10 bridge
/interface bridge port add bridge=VLAN10 interface=ether6
/interface bridge port add bridge=VLAN10 interface=ether7
/interface bridge port add bridge=VLAN10 interface=ether8
/interface bridge port add bridge=VLAN10 interface=ether9

#vlan10 is also in the VLAN10 bridge, which means the MikroTik device knows that even though traffic on ether6-ether9 is untagged, it belongs to vlan10
/interface bridge port add bridge=VLAN10 interface=vlan10

Everything here seems to work perfectly. The problem is that now, I want to configure:
A WAN IP on the Default VLAN
A LAN IP on the Default VLAN
A WAN IP on VLAN 10
A LAN IP on VLAN 10
Do NAT between LAN and WAN ip on Default VLAN
Do NAT between LAN and WAN ip on VLAN 10

The problem I'm having is identifying what I should be configuring with a WAN IP, and what I should be configuring with a LAN IP on each VLAN.

From what I understand, the bridge gets configured with a WAN IP and the vlan (in my case "vlan10") gets configured with a LAN IP. Is this correct?

If so, what happens on the Default VLAN where I did not create an actual vlan object on the mikrotik device for? What do I set the LAN IP on in that case?

Note: I've attached a diagram of what I'm trying to do

Tal · Wed Jun 24, 2015 4:57 am

Ok, I'll try to simplify the problem. This is a simple configuration with 2 WAN interfaces and 2 LAN interfaces. There is no intervlan routing going on here - one WAN link is for ports 2-5, and one WAN link is for ports 6-9. Both WAN interfaces are on ether 1, which is a trunk. The only thing that happens is NAT masquerading between the first WAN link and the first set of ports, and the second WAN link and the second set of ports.

/interface bridge
add name=DEFAULT
add name=VLAN10

/interface vlan
add interface=ether1 l2mtu=1518 name=vlan1 vlan-id=1
add interface=ether1 l2mtu=1518 name=vlan10 vlan-id=10

/interface bridge port
add bridge=DEFAULT interface=ether2
add bridge=DEFAULT interface=ether3
add bridge=DEFAULT interface=ether4
add bridge=DEFAULT interface=ether5
add bridge=VLAN10 interface=ether6
add bridge=VLAN10 interface=ether7
add bridge=VLAN10 interface=ether8
add bridge=VLAN10 interface=ether9

/ip address
add address=1.1.1.1/24 interface=vlan1 network=1.1.1.0
add address=2.2.2.1/24 interface=vlan10 network=2.2.2.0
add address=192.168.1.1/24 interface=DEFAULT network=192.168.1.0
add address=192.168.2.1/24 interface=VLAN10 network=192.168.2.0

/ip firewall nat
add action=masquerade chain=srcnat out-interface=vlan1
add action=masquerade chain=srcnat out-interface=vlan10

This seems to work awesome. There's only 1 thing I need which is screwing things up for me. I need vlan1 on the trunk to be untagged. That's it. Is there an easy way to do this? So far every idea I've had to do this has been super complicated, and failed.

MikroTik VLAN Routing

MikroTik VLAN Routing

Re: MikroTik VLAN Routing