This is by far the cleanest and most comprehensive explanation I've found. By a lot. I've lost track of how many times I've read through pcunite's guide and all MT's documentation. None of it has managed to hit on the methodology in an effective way. This, sir, is glorious. Thank you.
Your explanations are much better than most written online resources and easier to understand than Mikrotik's own documentation. Thanks for these videos!
This is very smart publicity work by Mikrotik. These are exceptionally powerful pieces of equipment. But their native manuals and documentation fail catastrophically to convey this in terms of making them accessible to people like myself with only a very basic level of understanding, but who want to dive deeper with out spending thousands on training courses. What that translates to for Mikrotik is more sales - much more. Because content like this opens the door for so many people into just how powerful this equipment is. I'm using a Routerboard 1100 in my house and am only now just dipping my toes into the water of what it is capable of (I bought it over 3 years ago). But even with the small amount I already know, I wouldn't use anything else.
This is not done by MikroTik, they are not endorsing me in any manner and have never reached out to me for any sort of publicity. This is my own personal project where I wanted to make information like this more accessible to everyone in the community. I will take this as a compliment though ^^ And feel free to leave any suggestions or comment on the work that I have done.
@@TheNetworkBerg Well in that case good on you. Shame Mikrotik still haven't woken up to this. Even when I wrote that I was thinking it was a bit of a shock to see them finally doing this - something they should have been doing for some time.
YOU ARE THE MAN!!! THE WHOLE DAY TODAY IVE BEEN TRYING TO FIGURE OUT HOW TO DO INTERVLAN IN MIKROTIK!!! SINCE IM USED TO CISCO. BUT BOY YOU MAKE ME REALIZED AND LEARN SOMETHING TODAY@!!! THANKS MAN1
19:30 For R1, usually I just create a bridge, add ether2 and ether3 to that bridge, then add the VLAN interface to the bridge. Much more simple than adding multiple VLAN interface to specific port then bridging vlan interface. You have 2 interfaces, let say you have 8...
Thank you very much! Mikrotik docs are very hard to understand especially when using winbox. I have been trying to set up VLANs on my Mikrotik Router for hours. But everything works out great now :).
Great video. Had to slow it down for the 'third' way you covered. Still seems like the MT way way of doing things on layer two is overly complicated. But you do a great job of explaining it.
Thanks you for the kind words, yeah I agree MikroTik is definitely something different when it comes to L2 networking. I've seen many people on Reddit or Facebook groups generally asking about VLANs because it seems to be the most confusing subject regarding MikroTik. My videos covering VLANs are also the most viewed on my channel so it's definitely something a lot of people look into that they feel they need help with.
just found your channel and went over your VLAN and bridging videos on mikrotik as a refresher, very awesome material!! good pace and easily digestible, thank you for creating this content! If I can request a video suggestion for the future on how to create a span port, have searched high and low for this topic and to no avail. Am basically attempting to practice auditing my own home network traffic via a pcap capture but having trouble trying to learn how start with configuring simple span port/interface etc. Cheers!
Thank you for the kind words, I do not currently have a video covering port spanning/mirroring but I will definitely consider it. I have thought about creating a video series covering more layer 2 concepts and reached out to my community on RUclips regarding it. I am just waiting to see if someone is willing to provide me with a couple of switches to better demonstrate things, but if not I may just use some small routeboards for the demonstrations as well :)
As always, the way you explain about topic is awesome, i like that you break whole video into different sets and third set was most difficult to understand cause i am at learning stage, better if you can provide an identity to router which can be visible in winbox window while you are doing configuration on it. so that we can understand on which router we are currently working. i would like to thank you for making such a informative and wonderful videos which makes learning a fun. Thank you.
If you use hardware, in most cases, it is better to use only one bridge interface. All actions like tagging, untagging interface creating are happening in that one bridge, tagging/untagging can be different, based on model and its switch chip features, but idea stays the same. PS: Great video, learned a lot from you and I hope to see ZT video on ROS.
Thank you for the comment and I agree with you if you are just going to be doing basic switching behind the MikroTik to a LAN/DMZ network. I actually covered ZeroTier back in December, it was one of my most viewed videos at the time. You can catch that video here: ruclips.net/video/eFI59jJ2MM8/видео.html Although the video was made during v7 Beta the principles are still exactly the same, only bad thing is that ZT on MikroTik is a bit outdated :C
Thank you for the kind words, I believe my third scenario illustrates how to setup a single bridge with multiple VLANs over it. Although I take it you are talking about creating multiple VLAN interface and just adding the interfaces to the same bridge like on the second scenario. That's definitely another viable option, similar to how you can create a VLAN interface and instead of binding it to a physical interface you bind it to the bridge and then any ports within the bridge will be tagged for all the VLANs inside of it. It's just kind of more ways how to accomplish the same thing on with different steps. I am still amazed at how many different and new ways that I wasn't even aware of before this video that you can also use to configure VLANs. Maybe MikroTik needs to revise how VLANs can be configured on their devices and standardize it to a single format for people to more easily understand and absorb. Although that might also take away some of the awesome custom solutions people come up with by using these different and unique ways of configuration.
@@TheNetworkBerg You definitely should've pointed out that the 3rd way is the optimal way of doing VLANs because it's the only way of preserving hardware offloading across all VLANs on devices with switch chip. It works for both switching CRS series and routing RB/CCR series of devices, obviously if said device has a switch chip, but even if it doesn't.
@@Soda88 I think what I want to make clear in the next video is that the scope of how VLANs are being covered in the MTCRE is not quite in the same light as what many people's expectations are. Which is to implement VLANs on their LAN/DC networks on a switching layer. The MTCRE focuses more on using VLANs as a way of extending the network and routing traffic between devices. To optimally understand VLANs and many L2 concepts like port mirroring, STP, etc I would suggest looking at the MTCSWE certification which focuses more on the aspect of using MikroTik for switching purposes. My ultimate goal after the next video is for a user to be able to add a VLAN on a Routerboard/CCR/CHR/x86 device to span a L2 service from an edge to a CPE to deliver IP services and route traffic.
Thank you !!! Really well done. Unfortunately, the third method, which seems the best, I can't follow it. The second method works perfectly but I would like, of course :D, to try the third one.
The way I've created vlans (vlans for the router side, not Switch side) across multiple downlink/trunk interfaces is make a single bridge, add all the ports I want as trunks and create the VLANs on the bridge interface. First time I've seen it done that way (example 3). I'm assuming the way I do it is fine as well? Something I've learned in my time with mikrotik, you can make just about anything work that you want. The skill with mikrotik is making it work efficiently. Problem is, sometimes it's hard to tell if the way you did something is actually efficient or not. LOL the things I Set up and work fine in my lab may not necessarily work in an enterprise setting with 1000's of devices requesting dhcp and dns, etc.
i am happy that i found this chanell, am still learning mtcna but am sure this mtcre videos will be my guide after classroom. whenever i want to further my studies. hi sir, do you think it a good idea to dive into mtcre right after mtcna?
Thank you for sharing your knowledge. I am new to VLAN; I have just on router, and one switch, I wish to configure 5VLANS on 5ports on the router, and then connect the same ports to my switch where APs can pick the IPs and broadcast to it's devices. Please help me
New to Mikrotik and your videos have been so very helpful. Either I am not catching it or I simply can't find a video to explain how to handle the following. zt1, Ether1 - WAN, Ether3-hybrid 'trunk' to switch (VLANS untagged(1), tagged 10, tagged 20, tagged 30). Do you need to bridge this and use pvid to change the default untagged to a VLAN for any reason to allow LAN traffic to the zertotier? maybe a diagram might make this easier than text :)
Hello We have configured our Mikrotik router as a hotspot, connected through Cisco switches, and then connected from the switch to Cisco APs, the problem is just that when connected to the PC through the wireless after 10 minutes or less not work wireless but working Android no problem just the problem is PCs maybe the issue is NAT or filter rules
Great video!!! One QQ- At around 8:15 you said that most people wouldn’t need to know how to configure VLANs directly on the switch chip. I think you are implying that much of the new hardware is doing this on the bridge. But I have found that you still need to understand this legacy VLAN configuration for wireless (CAPsMAN) because of switch chip in the hAPs and cAPs… please confirm if time permits.
Correct, most of the new hardware with the "Bridge" method with HW Offload and specifying /interface bridge ports is essentially telling the router to use the switch chip for which VLANs and which ports. This video is aimed at the MTCRE certification, and how to use VLANs on MikroTik routers. I really cannot comment on CAPsMAN or MikroTik APs as I do not use it or these devices. Perhaps in the future I will get a few APs and configure CAPsMAN to see if there is some reliance on setting tags up directly on the switch chip.
Thank you for the kind words. I think my third example currently illustrates this where I have configured a single bridge with VLAN10/VLAN20 being done at a Layer 2 level on MikroTik 2 and MikroTik 3.
That’s why everybody hates MikroTik. It’s too complicated to understand it at once. You should make thousands of mistakes, waste a tons of nerves just for your vlan tags could travel through the LAN. But the price… yeah, I think its fair.
Very understandable statement, I know of quite a few people who tend to get frustrated when it comes to switching on MikroTik. Personally I do not use MikroTik for my core switching. Simple VLAN tags under an interface on my uplinks are more than enough for me. I do LOVE MikroTik for all of the core features on a routing layer it brings and at the price range it is at though.
Hello. Very interesting video. Do you plan to elaborate a lab in EVENG, where you integrate Fortinet with Mikrotik in an Inter VLAN Routing environment, using both brands? Regards.
Hi friend-i have ccr1036-8G-2S+ and on my router add 1 vlan with dhcp + 2 bounding which added to this bridge and on this network i have 1400 host.Uplink vlan i add to bridge and in this bridge add my uplink SFP+1.Then have 2 vlan which interface is SFP+2 and on this port i have 1000 host.In the evenings after 21:00 when all hosts is online,my router CPU up to 100%.What i do mistake? can i send screenshot to you mail ?i dont add tagged untagged on vlans and dont use vlan filtering..Thank you
how you think,if after router i put Cisco 3750x or cisco 4948 and trunk all vlans to swich and delete bridges,then cpu use can down to 40-60 ?i now bridge use from cpu but i think cpu can up to 100% when i will ad 5-6 bridge((
I am having issue with which method to use, i tried the bridge method without vlan filtering i can only communicate with some vlan and not other. I trying to add trunking to my exsi server
Nice content, We are just starting with VLANs in our school, as our flat network is not working with 4000 thousand IP addresses. If I may ask, what is the best way to use our Mikrotik CCR2004-16G-2S+ hardware or software vlans? I'm still trying to wrap my head around the whole VLAN network setup.
For a school network or general campus/dc setups I would highly suggest using the single bridge method. This is considered "The correct way" this documentation on MT's site really helped me get a better understanding of the setup: help.mikrotik.com/docs/display/ROS/CRS3xx%2C+CRS5xx%2C+CCR2116%2C+CCR2216+switch+chip+features
Thank You, for explaining this in different ways. I have a question - is there a way to setup multiple vlans on single port(in Mikrotik2) and then statically assign IP adresses for next host(Mikrotik4 or Mikrotik5) from whichever vlan IP pool? For example: Mikrotik1(eth1 trunk, both vlan=10,20) Mikrotik2 (eth2 trunk, both vlan=10,20) --> Mikrotik2 (eth3 access, PVID=10) --> default vlan for device from eth3 will be vlan10, but with possibility to join vlan20 subnet(statically assign IP?). Essentially multiple vlans on single port from next device(managable switch) after initial router.
to complicate....i try but it is to much with bridge setup.... to many details.. need this but not manage to setup... i have main router and on that router have bridge.... and that is problem, can't isolate one port for VLAN on switch connected to that eth5... 7.8 is version....
Hey ,sir can you help I have the question regarding accessing mikrotik to mikrotik through Mac address on a different broadcast domain How can I do that
if i have a mikrotik router board, the trunks you talk about going to device 2,4,5 or can these all these be virtualized by the main router board or are these other physical devices?
man i have a question: 16:21 , how did you manage set dhcp-server on slave interface ? Because LAN is included LAN-BR-VL10 bridge. When i tried to do that, mikrotik gave error " Interface is slave"
I thought this is easy like this, and didn't work. I watched the video, and he does the same I thought it should be done to make it work, but they cannot see each other as neighbours, nor can ping each other, but they are directly connecteed. Does anyone have any idea? I try to make it work between a RBD52G-5HacD2HnD and a LHGGM with no luck :(
It seems that there is no explanation on how to make this happen on multiple ports. I would like to have trunk VLAN on all ports and some of them be access ports for certain ports. Should i got with switchmode or go as it is configured in router? I don't care about routing. Only switching.
Ok. got it right till the end. Everything works now. Would it be possible to upgrade your tutorial by adding firewall rules between VLANs? Say, I'd like VLAN10 and VLAN20 to get access to internet, VLAN10 get access to VLAN20 but not the other way round, expect for VLAN20 get access only to an IP in VLAN10, the printer's Ip for example. Thank you.
In the new video ruclips.net/video/TAGW_XCqCfs/видео.html I cover how to setup ACLs for Inter-Vlan routing, give it a watch. There should be a timestamp for it too :)
@@TheNetworkBerg oh yes, I see. Very useful as a start. Anyway, I hope you're going to delve a bit deeper into that with a dedicated tutorial. Thank you very much indeed.
Hi Thank you so much for the information you share. Great job. Very interesting, but do you also have videos on how to create a VLAN with a router/switch that has 2 switch chips. And the app eve that u use, is this an app specific for mikrotik virtual environment. for a test environment.
Thank you for clearing these up! I set up the similar setting like this (with Mikrotik1 and Mikrotik2) Question: why my laptop (under Mikrotik2) on VLAN10, still can ping other device on VLAN20? Should the VLAN can not ping each other? Any hints? Thank you
If you have a L3 device configured with both vlans in the same routing table they will be able to communicate. You need to add Firewall Forward rules to restrict traffic between the VLANs
@@TheNetworkBerg Ah okay. So by default the 'Mikrotik1' (who assign IP address using DHCP, to both VLAN) allow it to be communicating each other. So I have to add the Firewall Forward rules in the the 'Mikrotik1'. Am I right? Thank you
If I have a MikroTik CRS 328 and it connect to a Netgate 6100. Do I use a Bridge on the Switch or just setup vlan? Any help would be great. I am using the 1GE Wan for ISP and than the 10GE SFP for the Uplink port.
Firewall rules, you could in essence just drop all forward traffic between VLANs and only set Src=IT Dst=All other VLANs to be allowed. The firewall is stateful so return traffic will be allowed automatically.
This Mikrotik Cloud Router Switch is really confusing when it comes to VLAN's when you are use to real switches like Cisco and Alcatel-Lucent. Do you have a video where you actually configure a Mikrotik switch where you configure an access VLAN and then tagging for example on the Voice VLAN or even LLDP for Voice. I do not know what is the best way on doing this on the Mikrotik for all ports
why you not do a new way of vlan on main MikroTik1 ? This is the most importand part and you not do that. How we should create vlan in new way in router on stick ? How create dhcp-servers on new bridge way. What with Hybrid port for WiFi AccessPoints ? What when I use 4 cables to stack of switches by LACP... how then use that New Way of VLAN - Please create a new video, of course this is out of MTCNA but this video must be created !!! Please do that video as Part3 :D. I wait for it.
First of all thanks for the video! Maybe a stupid question but isn't it a Best Practice to have only one bridge on Switches with a Switch Chip (eg.CRS3XX) in order to use hardware offloading?
Most probably, which is sort of what the third scenario in the video covers. I am also covering the MTCRE which treats VLANs a bit in a different light as we use it as a means for extending networks and spanning L2/L3 services while working on RouterBoards/CCRs/CHRs/x86's etc If you want to get more into best practices for how to configure a MikroTik as a switch on platforms like the CRS and implementing this in a LAN or DC then there is a completely different track covering that which is called the MTCSWE (MikroTik Certified Switching Engineer)
Which is the best method to use for VLANs and VLAN trunks that would give the best performance. I assume the software VLANs, are going to go via the CPU, so the overall bandwidth would thus be throttled down to the CPU bandwidth.
Best performance would be creating a bridge and having the switch chip manage all the VLANs, but when it comes to the routing world and routing packets you will typically see and use software defined VLANs between networks. It's more about what you want to use VLANs for, if it's just on a LAN network or a Data Center then a single software bridge with all VLANs is the most ideal setup for max performance.
Thank you for the video, one thing though, If I do separate bridges for each VLAN on the main router, won't that mean that it wont have harware offloading turned off?
Yes, adding multiple bridges will have that type of impact and performance will be degraded. Adding a single bridge and doing your tagging/untagged on that bridge would be the best solution for hardware offloading and the best performance.
@@TheNetworkBerg I appreciate your reply, I tried doing it with a single bridge, but because these are slave interfaces I keep getting dhcp server cannot be set on slave interface message. I love that mikrotik has several ways of doing the same thing, but it is sometimes very confusing as well :)
Great guide thank you! 6:35 if I implement capsman local forwarding in a network with vlans, the vlan configuration on the AP must be on the cpu (bridge) instead of the switch chip. Is this correct?
Because this is for the MTCRE and not the MTCSWE, it's just another method of using VLANs to route with and that traffic will most likely be used in the CPU.
I mean... video is great. But its my 3rd attempt of understanding it and still i don't get it in 100%. Maybe it's for the advanced users. I'll let my co-workers run the network infrastructure.
Hello. Which version of MikroTik OS and file type did you use to get 10 interfaces? Each CHR I download only gives me 4 interfaces. Thank you for your uploads. That have been helping me extensively!
Hi there, depending on what emulator you use, you can add additional interfaces on the emulator itself. With EVE-NG when you import the nodes the default is set to 4 interfaces. You can change this to something different. I tend to either do 10, 12 or 24 interfaces.
Awesome!!! But these options are not best suited for any device. You need to check the VLAN switching support pages to see the optimal configuration way for your device. And abstracting the bridges differently than your device's chips, can lead to CPU load, throughput bottlenecks, or even weird routing or not working at all
If it comes down to just pure switching of frames then yes the single bridge method with VLAN filtering is the optimal setup, however, this video's aim is not just for pure switching. This is covering the topics inside the MTCRE (Routing), and using stuff like an SVI that is bound to an interface is quite common for routing.
Depends on your requirement, if its for routing I would recommend a software defined vlan interface, if it is for pure L2 connectivity/switching then a single bridge managing all vlans will give you the best performance
VLAN Documentation / References:
VLAN Interfaces:
wiki.mikrotik.com/wiki/Manual:Interface/VLAN
Bridge VLAN Table:
wiki.mikrotik.com/wiki/Manual:Bridge_VLAN_Table
Switch Chip:
wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features
Hardware Offloading:
wiki.mikrotik.com/wiki/Manual:Interface/Bridge#Bridge_Hardware_Offloading
help.mikrotik.com/docs/display/ROS/L3+Hardware+Offloading
This is by far the cleanest and most comprehensive explanation I've found. By a lot. I've lost track of how many times I've read through pcunite's guide and all MT's documentation. None of it has managed to hit on the methodology in an effective way. This, sir, is glorious. Thank you.
Thank you so much for nice comment, and thanks for watching the video!
I was just want write same comment. At last I fully understand vlans on mikrotik. Thank you
Indeed
Your explanations are much better than most written online resources and easier to understand than Mikrotik's own documentation. Thanks for these videos!
Glad it was helpful!
This is very smart publicity work by Mikrotik. These are exceptionally powerful pieces of equipment. But their native manuals and documentation fail catastrophically to convey this in terms of making them accessible to people like myself with only a very basic level of understanding, but who want to dive deeper with out spending thousands on training courses.
What that translates to for Mikrotik is more sales - much more. Because content like this opens the door for so many people into just how powerful this equipment is. I'm using a Routerboard 1100 in my house and am only now just dipping my toes into the water of what it is capable of (I bought it over 3 years ago). But even with the small amount I already know, I wouldn't use anything else.
This is not done by MikroTik, they are not endorsing me in any manner and have never reached out to me for any sort of publicity. This is my own personal project where I wanted to make information like this more accessible to everyone in the community. I will take this as a compliment though ^^ And feel free to leave any suggestions or comment on the work that I have done.
@@TheNetworkBerg Well in that case good on you. Shame Mikrotik still haven't woken up to this. Even when I wrote that I was thinking it was a bit of a shock to see them finally doing this - something they should have been doing for some time.
2:12 - "... and what 80102.q allows you to do ..." :D Yeah, sometimes standards are a mouthful. :) Cheers, brother, I adore your channel!!!
Hahaha they definitely can be, especially if you are a bit dyslexic.
awesome video, very few guys understand how this works, very well explained here!
Man, gotta say. Thank you for your content. it rocks.
Thank you for this. New to the mikrotik ecosystem. Your videos have been incredibly helpful
Excellent video, your teaching skills are superb, can't wait for another video.
Thank you very much!
YOU ARE THE MAN!!! THE WHOLE DAY TODAY IVE BEEN TRYING TO FIGURE OUT HOW TO DO INTERVLAN IN MIKROTIK!!! SINCE IM USED TO CISCO. BUT BOY YOU MAKE ME REALIZED AND LEARN SOMETHING TODAY@!!! THANKS MAN1
19:30 For R1, usually I just create a bridge, add ether2 and ether3 to that bridge, then add the VLAN interface to the bridge. Much more simple than adding multiple VLAN interface to specific port then bridging vlan interface. You have 2 interfaces, let say you have 8...
That's basically what I did with mine since all the ports are attached to the bridge.
Plus having 2 bridges you end up not being able to use hardware offloading on one bridge, at least on my device.
Thank you very much!
Mikrotik docs are very hard to understand especially when using winbox. I have been trying to set up VLANs on my Mikrotik Router for hours. But everything works out great now :).
Thank you so much for clarifying the switch thing at about 8:15 ...
Great video. Had to slow it down for the 'third' way you covered. Still seems like the MT way way of doing things on layer two is overly complicated. But you do a great job of explaining it.
Thanks you for the kind words, yeah I agree MikroTik is definitely something different when it comes to L2 networking. I've seen many people on Reddit or Facebook groups generally asking about VLANs because it seems to be the most confusing subject regarding MikroTik.
My videos covering VLANs are also the most viewed on my channel so it's definitely something a lot of people look into that they feel they need help with.
Thanks so much for your Video. I have trouble to install VLANs on my Network with the Microtik Router OS. Put now everything works fine.😅
Hi brother, salute off Kazakhstan
Thank you again. Your vids are one of a kind. Appreciate the help. Looking forward to the next
Glad you like them!
Next time you do lab please change default names of routers to avoid confusion, and thank you for sharing your knowlage
I totally agree and this was a whoopsie from my side ^^
thanks for this. and I'd recognize Night City anywhere, lol.
This is absolutely incredible explanation and training material! Thank you for taking the time to go and create this material.
My friend, you're the best!
The best explanation I have seen. Thank you
Wow, thanks!
Great, great, great explaination! Thank you!
just found your channel and went over your VLAN and bridging videos on mikrotik as a refresher, very awesome material!! good pace and easily digestible, thank you for creating this content! If I can request a video suggestion for the future on how to create a span port, have searched high and low for this topic and to no avail. Am basically attempting to practice auditing my own home network traffic via a pcap capture but having trouble trying to learn how start with configuring simple span port/interface etc. Cheers!
Thank you for the kind words, I do not currently have a video covering port spanning/mirroring but I will definitely consider it. I have thought about creating a video series covering more layer 2 concepts and reached out to my community on RUclips regarding it. I am just waiting to see if someone is willing to provide me with a couple of switches to better demonstrate things, but if not I may just use some small routeboards for the demonstrations as well :)
As always, the way you explain about topic is awesome, i like that you break whole video into different sets and third set was most difficult to understand cause i am at learning stage, better if you can provide an identity to router which can be visible in winbox window while you are doing configuration on it. so that we can understand on which router we are currently working.
i would like to thank you for making such a informative and wonderful videos which makes learning a fun. Thank you.
You picked up words of my mouth.
That is a great resource ! This will help with my homelab setup.
If you use hardware, in most cases, it is better to use only one bridge interface. All actions like tagging, untagging interface creating are happening in that one bridge, tagging/untagging can be different, based on model and its switch chip features, but idea stays the same.
PS: Great video, learned a lot from you and I hope to see ZT video on ROS.
Thank you for the comment and I agree with you if you are just going to be doing basic switching behind the MikroTik to a LAN/DMZ network.
I actually covered ZeroTier back in December, it was one of my most viewed videos at the time. You can catch that video here:
ruclips.net/video/eFI59jJ2MM8/видео.html
Although the video was made during v7 Beta the principles are still exactly the same, only bad thing is that ZT on MikroTik is a bit outdated :C
@@TheNetworkBerg Tnx, ill have a look.
I'm subbing on Patreon. This in incredible and I can't wait for the rest of the videos
Thank you very much David, it is definitely not expected but I do appreciate it very much!
This was awesome, I needed a simple way to do the vlans based on Cisco's concept. The last method was easy and clean. Thanks.
Great video, thanks! Wait for a video with vlan on one bridge with all of mikrotik interfaces. Thanks a lot, it's very helpfull
Very complete explanation! Thanks.
Great Video, thanks man, you are a genius on Mikrotik.
Thank you for the explaination, I'm new to Mikrotik and this video has been really helpful
Great video and excellent explanation!! Could you also cover setting up VLAN's with only one bridge and not having them separately for each VLAN? Tx
Thank you for the kind words, I believe my third scenario illustrates how to setup a single bridge with multiple VLANs over it. Although I take it you are talking about creating multiple VLAN interface and just adding the interfaces to the same bridge like on the second scenario. That's definitely another viable option, similar to how you can create a VLAN interface and instead of binding it to a physical interface you bind it to the bridge and then any ports within the bridge will be tagged for all the VLANs inside of it.
It's just kind of more ways how to accomplish the same thing on with different steps. I am still amazed at how many different and new ways that I wasn't even aware of before this video that you can also use to configure VLANs. Maybe MikroTik needs to revise how VLANs can be configured on their devices and standardize it to a single format for people to more easily understand and absorb. Although that might also take away some of the awesome custom solutions people come up with by using these different and unique ways of configuration.
@@TheNetworkBerg You definitely should've pointed out that the 3rd way is the optimal way of doing VLANs because it's the only way of preserving hardware offloading across all VLANs on devices with switch chip. It works for both switching CRS series and routing RB/CCR series of devices, obviously if said device has a switch chip, but even if it doesn't.
@@Soda88 I think what I want to make clear in the next video is that the scope of how VLANs are being covered in the MTCRE is not quite in the same light as what many people's expectations are. Which is to implement VLANs on their LAN/DC networks on a switching layer. The MTCRE focuses more on using VLANs as a way of extending the network and routing traffic between devices.
To optimally understand VLANs and many L2 concepts like port mirroring, STP, etc I would suggest looking at the MTCSWE certification which focuses more on the aspect of using MikroTik for switching purposes.
My ultimate goal after the next video is for a user to be able to add a VLAN on a Routerboard/CCR/CHR/x86 device to span a L2 service from an edge to a CPE to deliver IP services and route traffic.
@@Soda88 aha ! so 3rd way to preserve the hardware offloading, that was my question after watching this incredibly well explained material!
Respect to your good work, thanks a lot
Much appreciated!
watched edgerunners and wanted to watch vlan stuff to get it off my mind lmao. saw the intro and everything flashed back
Sorry fabi, this is a netrunner channel 😁
Thank you !!! Really well done. Unfortunately, the third method, which seems the best, I can't follow it.
The second method works perfectly but I would like, of course :D, to try the third one.
The way I've created vlans (vlans for the router side, not Switch side) across multiple downlink/trunk interfaces is make a single bridge, add all the ports I want as trunks and create the VLANs on the bridge interface. First time I've seen it done that way (example 3).
I'm assuming the way I do it is fine as well? Something I've learned in my time with mikrotik, you can make just about anything work that you want. The skill with mikrotik is making it work efficiently. Problem is, sometimes it's hard to tell if the way you did something is actually efficient or not. LOL the things I Set up and work fine in my lab may not necessarily work in an enterprise setting with 1000's of devices requesting dhcp and dns, etc.
Thanks!
You're welcome! Thank you for supporting the channel ^^!
i am happy that i found this chanell, am still learning mtcna but am sure this mtcre videos will be my guide after classroom. whenever i want to further my studies. hi sir, do you think it a good idea to dive into mtcre right after mtcna?
Yes it is perfectly fine to go for the RE directly afterwards
Bra, het iemand al gese jy lyk soos die dude van Linus Tech Tips haha, nice.
Hahahaaha dankie! Nee dit is 'n eerste :P!
It's great video. Thank you.
waiting for your next content 😤
Busy working on it :D!
Thank You, for explanations can you please create same scenario for Native VLANs on MikroTik.
Thanks dude
Thanks man
L2 - frame
L3 - packet
L4 - datagram/segment
Correct.
Thank you for sharing your knowledge.
I am new to VLAN; I have just on router, and one switch, I wish to configure 5VLANS on 5ports on the router, and then connect the same ports to my switch where APs can pick the IPs and broadcast to it's devices.
Please help me
New to Mikrotik and your videos have been so very helpful. Either I am not catching it or I simply can't find a video to explain how to handle the following. zt1, Ether1 - WAN, Ether3-hybrid 'trunk' to switch (VLANS untagged(1), tagged 10, tagged 20, tagged 30). Do you need to bridge this and use pvid to change the default untagged to a VLAN for any reason to allow LAN traffic to the zertotier? maybe a diagram might make this easier than text :)
Thank you for this video. Can you also make video about multiple VLANs over EoIP, please?
Hi could you do a video about wifi setup especially with new wifi packages.
your awesome
Hello
We have configured our Mikrotik router as a hotspot, connected through Cisco switches, and then connected from the switch to Cisco APs, the problem is just that when connected to the PC through the wireless after 10 minutes or less not work wireless but working Android no problem just the problem is PCs maybe the issue is NAT or filter rules
Great video!!! One QQ- At around 8:15 you said that most people wouldn’t need to know how to configure VLANs directly on the switch chip. I think you are implying that much of the new hardware is doing this on the bridge. But I have found that you still need to understand this legacy VLAN configuration for wireless (CAPsMAN) because of switch chip in the hAPs and cAPs… please confirm if time permits.
Correct, most of the new hardware with the "Bridge" method with HW Offload and specifying /interface bridge ports is essentially telling the router to use the switch chip for which VLANs and which ports.
This video is aimed at the MTCRE certification, and how to use VLANs on MikroTik routers. I really cannot comment on CAPsMAN or MikroTik APs as I do not use it or these devices. Perhaps in the future I will get a few APs and configure CAPsMAN to see if there is some reliance on setting tags up directly on the switch chip.
Thanks for the explenation and video.
Why dont you use vlan filtering on the bridge?
You can only have one bridge with hw-offload.
Kind regards
Thank you for the kind words. I think my third example currently illustrates this where I have configured a single bridge with VLAN10/VLAN20 being done at a Layer 2 level on MikroTik 2 and MikroTik 3.
That’s why everybody hates MikroTik. It’s too complicated to understand it at once. You should make thousands of mistakes, waste a tons of nerves just for your vlan tags could travel through the LAN. But the price… yeah, I think its fair.
Very understandable statement, I know of quite a few people who tend to get frustrated when it comes to switching on MikroTik. Personally I do not use MikroTik for my core switching. Simple VLAN tags under an interface on my uplinks are more than enough for me. I do LOVE MikroTik for all of the core features on a routing layer it brings and at the price range it is at though.
Hello.
Very interesting video.
Do you plan to elaborate a lab in EVENG, where you integrate Fortinet with Mikrotik in an Inter VLAN Routing environment, using both brands?
Regards.
good job😎
This video is really helpful, thank you. How would one use the untag feature for a CAP assigned to a particular datapath?
Hi friend-i have ccr1036-8G-2S+ and on my router add 1 vlan with dhcp + 2 bounding which added to this bridge and on this network i have 1400 host.Uplink vlan i add to bridge and in this bridge add my uplink SFP+1.Then have 2 vlan which interface is SFP+2 and on this port i have 1000 host.In the evenings after 21:00 when all hosts is online,my router CPU up to 100%.What i do mistake? can i send screenshot to you mail ?i dont add tagged untagged on vlans and dont use vlan filtering..Thank you
how you think,if after router i put Cisco 3750x or cisco 4948 and trunk all vlans to swich and delete bridges,then cpu use can down to 40-60 ?i now bridge use from cpu but i think cpu can up to 100% when i will ad 5-6 bridge((
awesome..
I am having issue with which method to use, i tried the bridge method without vlan filtering i can only communicate with some vlan and not other. I trying to add trunking to my exsi server
Huge thanks for the shared knowledge. I enjoy watching the channel. Can you tell, please which environment is used for the simulation?
Nice content, We are just starting with VLANs in our school, as our flat network is not working with 4000 thousand IP addresses. If I may ask, what is the best way to use our Mikrotik CCR2004-16G-2S+ hardware or software vlans?
I'm still trying to wrap my head around the whole VLAN network setup.
For a school network or general campus/dc setups I would highly suggest using the single bridge method. This is considered "The correct way" this documentation on MT's site really helped me get a better understanding of the setup:
help.mikrotik.com/docs/display/ROS/CRS3xx%2C+CRS5xx%2C+CCR2116%2C+CCR2216+switch+chip+features
Thank You, for explaining this in different ways. I have a question - is there a way to setup multiple vlans on single port(in Mikrotik2) and then statically assign IP adresses for next host(Mikrotik4 or Mikrotik5) from whichever vlan IP pool? For example: Mikrotik1(eth1 trunk, both vlan=10,20) Mikrotik2 (eth2 trunk, both vlan=10,20) --> Mikrotik2 (eth3 access, PVID=10) --> default vlan for device from eth3 will be vlan10, but with possibility to join vlan20 subnet(statically assign IP?). Essentially multiple vlans on single port from next device(managable switch) after initial router.
to complicate....i try but it is to much with bridge setup.... to many details.. need this but not manage to setup...
i have main router and on that router have bridge.... and that is problem, can't isolate one port for VLAN on switch connected to that eth5... 7.8 is version....
Hey ,sir can you help I have the question regarding accessing mikrotik to mikrotik through Mac address on a different broadcast domain How can I do that
if i have a mikrotik router board, the trunks you talk about going to device 2,4,5 or can these all these be virtualized by the main router board or are these other physical devices?
man i have a question: 16:21 , how did you manage set dhcp-server on slave interface ? Because LAN is included LAN-BR-VL10 bridge. When i tried to do that, mikrotik gave error " Interface is slave"
I thought this is easy like this, and didn't work. I watched the video, and he does the same I thought it should be done to make it work, but they cannot see each other as neighbours, nor can ping each other, but they are directly connecteed. Does anyone have any idea? I try to make it work between a RBD52G-5HacD2HnD and a LHGGM with no luck :(
Love IT!
It seems that there is no explanation on how to make this happen on multiple ports. I would like to have trunk VLAN on all ports and some of them be access ports for certain ports. Should i got with switchmode or go as it is configured in router? I don't care about routing. Only switching.
Ok. got it right till the end. Everything works now. Would it be possible to upgrade your tutorial by adding firewall rules between VLANs? Say, I'd like VLAN10 and VLAN20 to get access to internet, VLAN10 get access to VLAN20 but not the other way round, expect for VLAN20 get access only to an IP in VLAN10, the printer's Ip for example. Thank you.
In the new video ruclips.net/video/TAGW_XCqCfs/видео.html I cover how to setup ACLs for Inter-Vlan routing, give it a watch. There should be a timestamp for it too :)
@@TheNetworkBerg oh yes, I see. Very useful as a start. Anyway, I hope you're going to delve a bit deeper into that with a dedicated tutorial. Thank you very much indeed.
I will definitely consider a dedicated tutorial about the subject :)!
@@TheNetworkBerg Thanks
I'm not sure but it looks like there is a misconfig on your video at 21:28 according mikrotik documentation.
Hi Thank you so much for the information you share. Great job. Very interesting, but do you also have videos on how to create a VLAN with a router/switch that has 2 switch chips. And the app eve that u use, is this an app specific for mikrotik virtual environment. for a test environment.
Thank you for clearing these up!
I set up the similar setting like this (with Mikrotik1 and Mikrotik2)
Question: why my laptop (under Mikrotik2) on VLAN10, still can ping other device on VLAN20? Should the VLAN can not ping each other?
Any hints? Thank you
(I'm using the 'Bridged VLAN' method)
i have a same question about this
If you have a L3 device configured with both vlans in the same routing table they will be able to communicate. You need to add Firewall Forward rules to restrict traffic between the VLANs
@@TheNetworkBerg Ah okay. So by default the 'Mikrotik1' (who assign IP address using DHCP, to both VLAN) allow it to be communicating each other.
So I have to add the Firewall Forward rules in the the 'Mikrotik1'.
Am I right?
Thank you
My issue is the dhcp is not passing through the tonthe bridge. MT says I cannot apply client to a slave interface
mine too, how did you manage that?
If I have a MikroTik CRS 328 and it connect to a Netgate 6100. Do I use a Bridge on the Switch or just setup vlan? Any help would be great. I am using the 1GE Wan for ISP and than the 10GE SFP for the Uplink port.
Hello
I am interested in configuring a voice vlan and a data vlan for a voip phone
can you help me?
What would be the easiest way to block inter-vlan routing but allow for example my IT vlan to communicate with all of the VLAN's?
Firewall rules, you could in essence just drop all forward traffic between VLANs and only set Src=IT Dst=All other VLANs to be allowed. The firewall is stateful so return traffic will be allowed automatically.
may i know what is the application name that u use to draw the network diagram? very clearly and beautiful, thank u.
It is called EVE-NG a network emulator
Great job! Thanks.
What network drawing tool do you use?
hi thanks for the info but do you also have examples that are configured on one router.I want to create a separate network for my smart home products
hi
i will to know more about vlan on two to three route
This Mikrotik Cloud Router Switch is really confusing when it comes to VLAN's when you are use to real switches like Cisco and Alcatel-Lucent. Do you have a video where you actually configure a Mikrotik switch where you configure an access VLAN and then tagging for example on the Voice VLAN or even LLDP for Voice. I do not know what is the best way on doing this on the Mikrotik for all ports
why you not do a new way of vlan on main MikroTik1 ? This is the most importand part and you not do that. How we should create vlan in new way in router on stick ? How create dhcp-servers on new bridge way. What with Hybrid port for WiFi AccessPoints ? What when I use 4 cables to stack of switches by LACP... how then use that New Way of VLAN - Please create a new video, of course this is out of MTCNA but this video must be created !!! Please do that video as Part3 :D. I wait for it.
First of all thanks for the video!
Maybe a stupid question but isn't it a Best Practice to have only one bridge on Switches with a Switch Chip (eg.CRS3XX) in order to use hardware offloading?
Most probably, which is sort of what the third scenario in the video covers. I am also covering the MTCRE which treats VLANs a bit in a different light as we use it as a means for extending networks and spanning L2/L3 services while working on RouterBoards/CCRs/CHRs/x86's etc
If you want to get more into best practices for how to configure a MikroTik as a switch on platforms like the CRS and implementing this in a LAN or DC then there is a completely different track covering that which is called the MTCSWE (MikroTik Certified Switching Engineer)
Close, but not perfect. Adding more overlays to clearify which router we see, and sticking to 1 trunk would help.
Which is the best method to use for VLANs and VLAN trunks that would give the best performance.
I assume the software VLANs, are going to go via the CPU, so the overall bandwidth would thus be throttled down to the CPU bandwidth.
Best performance would be creating a bridge and having the switch chip manage all the VLANs, but when it comes to the routing world and routing packets you will typically see and use software defined VLANs between networks. It's more about what you want to use VLANs for, if it's just on a LAN network or a Data Center then a single software bridge with all VLANs is the most ideal setup for max performance.
@@TheNetworkBerg Thank you.
I don't have plans on routing, I just need it to switch at L2
so, in this example, vlan 1 is equivalent to native vlan in Cisco...
Thank you for the video, one thing though, If I do separate bridges for each VLAN on the main router, won't that mean that it wont have harware offloading turned off?
Yes, adding multiple bridges will have that type of impact and performance will be degraded. Adding a single bridge and doing your tagging/untagged on that bridge would be the best solution for hardware offloading and the best performance.
@@TheNetworkBerg I appreciate your reply, I tried doing it with a single bridge, but because these are slave interfaces I keep getting dhcp server cannot be set on slave interface message.
I love that mikrotik has several ways of doing the same thing, but it is sometimes very confusing as well :)
Great guide thank you! 6:35 if I implement capsman local forwarding in a network with vlans, the vlan configuration on the AP must be on the cpu (bridge) instead of the switch chip. Is this correct?
Only one brdige at the same time can be HW offloaded, so why you have more bridge interfaces?
Because this is for the MTCRE and not the MTCSWE, it's just another method of using VLANs to route with and that traffic will most likely be used in the CPU.
Does this kind of procedure work also on CRS112?
Thanks
Here is the most optimal way to configure VLANs on a CRS112 from MikroTIk:
help.mikrotik.com/docs/pages/viewpage.action?pageId=103841836
I mean... video is great. But its my 3rd attempt of understanding it and still i don't get it in 100%. Maybe it's for the advanced users. I'll let my co-workers run the network infrastructure.
Can you create a full course from scratch ? in order like: lesson 1 lesson 2 and so on, New subscriber
Hello there, I am creating a playlist which will have all of the videos in a structure order to watch :)
Sir when are going to integrate cisco switches with mikrotik for inter vlans with redius server?
Hello. Which version of MikroTik OS and file type did you use to get 10 interfaces? Each CHR I download only gives me 4 interfaces. Thank you for your uploads. That have been helping me extensively!
Hi there, depending on what emulator you use, you can add additional interfaces on the emulator itself. With EVE-NG when you import the nodes the default is set to 4 interfaces. You can change this to something different. I tend to either do 10, 12 or 24 interfaces.
@@TheNetworkBerg, Thank you so much! I am glad it was something simple to change in the import.
Awesome!!! But these options are not best suited for any device. You need to check the VLAN switching support pages to see the optimal configuration way for your device. And abstracting the bridges differently than your device's chips, can lead to CPU load, throughput bottlenecks, or even weird routing or not working at all
If it comes down to just pure switching of frames then yes the single bridge method with VLAN filtering is the optimal setup, however, this video's aim is not just for pure switching. This is covering the topics inside the MTCRE (Routing), and using stuff like an SVI that is bound to an interface is quite common for routing.
And which way is recommended?
Depends on your requirement, if its for routing I would recommend a software defined vlan interface, if it is for pure L2 connectivity/switching then a single bridge managing all vlans will give you the best performance