Mikrotik VLANs - CRS3XX Step by Step - Mikrotik Tutorial
Вставка
- Опубліковано 6 вер 2024
- Learn to configure VLANS on Mikrotik CSR3XX step by step.
The main VLAN setting is vlan-filtering which globally controls vlan-awareness and VLAN tag processing in the bridge.
#MikrotikTutorial #MikrotikVLANs #ConfigureVLANsMikrotik
Have you configure VLANs on Mikrotik devices? Which switch models have you used?
Do you provide consultant services?
@@carloscardoso8796 Hi Carlos, you can contact me from here: mikrotiktraining.ca/
Yes! I use CRS317, CRS305. I also use CCR2004, CCR1009 and RB760iGS (hex S). I also use some settings like Frame Types and Ingress Filtering. For blokcing the router the way it not route User Networks to Management VLAN it is possible to filter forward traffic going out through interface vlan-99, dropping it, and also add a rule to drop traffic incomming from interface that is not vlan-99 but is trying to go out via vlan-99? I think that whay if I forgot some user network, it will also work, is it right?
I used this config you teach on a mAP,RB433,RB2011 and a RB1200 (sort home network testlab) no firewall setup yet just want to get all under the belt first. Loved the vid helps alot
can you please make a follow up video enabling for ipv6 as well? thanks
In 30 minutes, I understood more than after watching a bunch of hours of training videos. thank you
Great to hear!
I have exactly the same. Simple explanation how to do it well!
This is the clearest explanation of VLANS I have seen. Thank you for taking the time to do such a thorough job!
This is the best
One of the best and clearest tutorials I saw at the Internet. I am system administrator of a network with a 500+ wired devices + 2000+ wireless devices. I have almost every mikrotik model in my network, from hap lite to a CRS317 (95 routers totally).
VLANS on mikrotik devices are a really pain in the ass, to say truth. So many different ways to configure on different devices, its just blows my head.
The best and most useful tutorial we are going to need for years to come !!!!
Glad it was helpful!
You are the greatest Mikrotik trainer I have come across in the past 15 years of using Mikrotik keep it up.
Where the heck has this been all of my life?! Seriously this has cleared up so many things about how to actually DO this on Mikrotik gear!
I"m also a Cisco guy, and purchased the CRS328 series a few years back. This is a complete and excellent guide for configuring VLANS on the Mikrotik CRS3XX. I'm using Port aggregation as well, and if you can create another video about that, I'm sure others besides myself would be ecstatic. Thank you for the informative guide. Job well done!
You're welcome! Thank you for the suggestion, I will add a video about port aggregation!
After many hours of watching youtube videos and reading tutorials about VLAN's and bridges, this is the first video that I was able to follow and make it all work. Thank you for the clearness of the explanation and the right pace for it. Thank you!
Thank you Jose!
I’m happy to hear that
Great tutorial. The implementation of VLANs on Mikrotik have always confused me. this by far the clearest explanation I have found thus far.
Thanks
Needed a quick refresher. You were #1 rated video. Gave me what I needed, thank you!
Glad it was helpful!
this is the best Mikrotik VLan tutorial out there so far. Wish you would make more mikrotik video tutorials. Great stuff.
Thanks, more to come!
Extremely useful, thank you so much for having shared this. I was searching around how to configure my Mikrotek (CRS-305) for several VLAN switch for hours and hours until I found your explanation... crystal clear. Now everything works as intended, solving a problem running for months. I followed your explanations, step by step et voila! If you want to play safe, detach the management interface (eth1 on CRS-305) from the bridge. After that, whatever mistake you do, you are not disconnected. Leave all 10G on the bridge.
Thank you!
Just WOW! So simple explanation how to deal with Mikrotik VLANs, bridge and a specially adjusting inter-VLAN communication with firewall. EXCELLENT JOB! Thanks!
Thanks for posting this; very useful for getting my head around a different vendor implementation. One gotcha I discovered - in case it's useful for others - is that at 13:24 if you add the bridge interface as untagged for the management vlan instead of tagged, the IP address you assign to the Interfaces/Vlan interface is not reachable and when you then turn on vlan-filtering on the bridge, you lose all access to the device and (unless you have a serial cable) have to factory reset it by holding down the reset button until the "user" light flashes while turning on the box.
If you assign an IP to a physical interface, it gives you a backup way to access it while you're testing this. You can remove it once you know the proper IP is accessible.
You can still MAC telnet in that scenario: wiki.mikrotik.com/wiki/MAC_access
@@nicramtimzs6245 Thanks, that's really helpful to know. Looks like WinBox can connect similarly - as long as MAC Winbox Server hasn't been disabled.
Your scenario can work but you are missing a step. The same as settings an access port, if you set a port as untagged, you must also put a PVID on it. On the bridge itself, where you turn on VLAN Filtering, you can also set a PVID on the bridge itself.
Hi Gareth, thank you for your comment.
I've just checked the video but actually, the bridge is under the tagged section: ua-cam.com/video/YLtGQAQ8iS0/v-deo.html
Completely agree with you about having one physical interface out of the bridge to avoid the risk of being locked out.
@@TheNetworkTrip Sorry, didn't mean it to sound like I was saying that you'd done it wrong, just that *I* missed that step and locked myself out.
I looked for how to set up VLAN on Mikrotik devices, and this is in my opinion best guide ever. Explained step by step how to reach the goal.
This is most useful knowledge that I was looking for, I wish I can like it 1000 times. Thank you so much for this content.❤
Thank you taking the time to explain how the Mikrotik 300 series works been scratching my head now for couple days trying to grasp concepts around how this switch handles VLANS, been watching variety of different videos which doesn't on this particular switch thanks once again.
Glad to help!
Thank you for your clear explanation about how MK works with inter-VLAN routing.
Glad it was helpful!
I´ve watched this tutorial everytime I setup a CRS now, each times helps to fresh up my memmory! Thanks :)
Great to hear!
13:40 is a very important detail. Add the bridge itself to the management vlan. The lack of this step was driving me crazy as the switch was acting very erratic. Thanks for this video.
Great! That’s a critical step
Easily the best tutorial for configuring VLANs on Mikrotik switches. I wish I'd found this video weeks ago.
Glad you enjoyed it!
Sir, you have ended my search for the ultimate guide on how to configure my new RB4011 and CRS328 with VLANs!!!
Subscribed and looking forward to all new material - after I watch all your other videos.
Can't thank you enough.
Greetings from Oz.
Awesome, thank you!
I have the same setup, lets see if i can do it to :)
@@firefly2472 I wish I could say I have been totally successful.
To date, still don't have Vlans running.
Still get caught up with the Management Lan settings because all network items already have an IP and are all operational.
@@Dreamwoodinternational . Got them up and running... well kinda. Got everything on my desk to test, learn and do it again :)
@@firefly2472 Safest way to do it.
This was totally amazing. I have watched many vlan videos and this was the best. One question, I am struggling with the concept of what a bridge is and why we need it.
Thanks!
The bridge interface itself is used to manage the switch (it provides access to the CPU).
Your video is the most complete and accurate guide on this topic in youtube. I hope you publish more videos on related topics.
Thank you, I will
Hey All, I loved this guide, it was truly the best, but its missing some context. The issue they wasn't obvious is that he is using native VLAN 1 in his VLAN filtering. This caused me a huge issue. The default VLAN wasn't allowed on router where I had the CRS310 ethernet 1 port plugged into. VLAN1 is the default on the MikroTik and was causing the switch to respond on the management port only, but not allow communication to any other device. I noticed some of the VLAN IDs were excluded, but I ended up tagging my bridge port that was trunking VLANs to the PVID I needed.
Thank you Wilmer for your expertise, I wouldn't have had a clue where to start.
Great explanation of VLANs I would like to see more!
Hi Eric, more content coming soon
Thanks, Mr. Wilmer Almazan you literally saved me my job. This video really helped me get my network up and running. I remember your 5 steps really well. Thanks alot.
Glad it helped
thank thank you very much, it's a big advantage for us to know this technics about vlan, for future expansion of our network i will apply this method .....thank you very much and more power😊😊😊😊👍👍👍👍👍👍
Thank you!
Great and easy to follow and understand video on VLANs in the Mikrotik world.
Glad it was helpful!
Just a quick point - if your device has a switch chip, you should be creating your VLANs there instead for full hardware speed. It is pretty easy to tell if you do, there is an extra menu item in the sidebar 'Switch', usually between 'PPP' and 'Mesh'.
That’s correct. Most RBs have at least one switch chip, and we can use the switch menu as you mentioned before. Thank you!
Just got here looking to properly understand VLANs the Mikrotik way, your channel is impressive! Do you have a video on how to configure VLANs in devices without a switch chip?
Muchas gracias por el video.
Me salvó la tanda. NO sabía que había diferencia entre tener 1 o varios bridge, y tenía un uso de CPU de 100%.
Siguiendo estas instrucciones pasé a 20% de uso CPU.
Un tico por acá. Gracias mae!
Best, amazing and only one Who taught something that really worked for what i need
Thank you, I'm glad it helped!!
Thanks for the great tutorial. It would be great to talk about loopback protection and other steps that are used in practice when configuring access switches.
Thank you a lot! This video helped me to understand how make trunk ports from webfig/winbox on my crs310s.
Buen trabajo Wilmer, es un orgullo tener trainers hispanos que apuesten por el mercado inglés también. 👍👍🇵🇦
Muchas gracias, saludos, un placer
Sir, I must say that this is the best of the best tutorial of Mikrotik VLAN I have ever seen.
Using same scenario Could you please also let us know how we can assign an IP address to all the vlans on a CRS (not the management vlan) ?
Thank you. If you want to perform routing, you can follow this tutorial:
ua-cam.com/video/c2sAA6jMjCY/v-deo.html
best VLAN video on mikrotik
Thank you!
Best tutorial ever ! I shall add info on improvement with this config (since now been using separate bridges and vlan interfaces - but crs326-24s-2q+ made maximum 320 mbit/s throughput till 100% cpu) i need to achieve at least 0,9 gbit/s throughput via vian/1gbit/s sfp
this is it! straight to the point, thank you for your explanations. It works like a charm
Thank you!!
Extending my thanks for explaining VLAN configurations this makes sense tried many other tutorials from youtube this one works the best everyone all other are complete jokes.
Glad it helped!
I had turned the volume up to hear your voice and then about died of a heart attack at the end with the super loud logo roll.
Hello! I’m sorry about that. I will modify the video.
congratulations for the clarity of the toturial
Thank you, glad to hear that
Thank you so much! Mikrotik is soooo hard and counter-intuitive compared to OpenWRT's "switch" table :)
Happy to help!
Great job! Everything is very very clear now!
Thanks! That’s great 😃
I just started watching and I really like your approach. You clearly stating what the plan is and doing it on the actual hardware.
Subscribed and hoping you have more content
You are very proficient in your field.thank you for sharing.this helps a lot especially for people like me.
Glad to help
VERY elucidative and straightforward tutorial.
Thank you Alex!
Thank you so much for your tutorial. The BEST!!
Thanks for the video, I finally understood how to properly configure management vlan.
Great work Wilmer! very clear explanation. Thank you very much!
Omg.. I think I got it 😅 best explanation on UA-cam
Great!
Been playing a few hours today with a 4011 and a crs326. Got this working now. Now lets do all the other things :p
(Lots of hours this take to learn :)
Master or the universe!!! Very good explain
Wow, thanks!
Hola Wilmer, excelente tutorial, funciona perfectamente, solamente tuve un detalle al querer conectar dos switches (1 CRS328 y 1 CSS326) funcionan bien sobre puertos ethernet, pero no así en SFP+ (jumper, hay alguna configuración extra para poder hacer que funcionen sobre SFP+, saludos y gracias por los tutoriales que verdaderamente funcionan.
Good work, good explanation. Thanks a lot.
Glad you liked it
Gracias amigo me costó un poco porque no conseguí tutorial en español
dude, this was very usefull and helps me a lot ! i switch my lab from cisco to mikrotik and your video was really awesome and exactely what i needed to know. :)
This is a very good tutorial on VLANs on Mikrotik CR3XXX series. If you can help me please, I want to configure CRS3XXX switch so that its not Router-on-a-stick rather Inter VLAN routing in switch itself.
Hello!
You can follow this video where I explain how to use it as a layer 3 device
ua-cam.com/video/c2sAA6jMjCY/v-deo.html
wow good and clear explanation, thanks sir
Great video! The best explanation I've seen!
I have a question. What do you use as a PC emulator?
the best video on youtube found so far!
Glad you enjoyed it
It's a very good explanation and gives an excellent way to configure VLANs. I'm in the process of testing this in the case of a trunk (uplink or downlink from another switch) when there is a bonding interface of two ethernet ports. I hope this same schema works with bonding.
Hi Guillermo, you can apply the same approach. Good luck!
@@TheNetworkTrip I did the lab yesterday and worked just fine. I simply put the bonding interface in the bridge instead of the ethernet interfaces forming the bonding.
Thank you again for your explanation.
Great Video, thank you sir.
Was able to create 2 SSID's on mikrotik ap and assign vlan to both using same config as what you have shown in switch configuration. Much appreciated.
Nice work!
Amazing Tutorial love it
Thanks
Wow awesome lessons
Thank you!!
For the CRS part starting at minute 8:00 and filling in the /bridge port values, this is the time to enter in frame types admit priority and untagged and also to check ingress filtering.
Hello, thank you. That’s correct 👍🏻
Great Guide, thank you!
Thank you
Great tutorial. Please include the cli commands in summary.
That would be perfect. Can also put them in description or link them somewhere for ease in copy pasting
Good video - I have linked to this from one of my own Mikrotik videos.
Really easy to follow and good explanation of your process !1 Good work !! Love it !
Thank you very much!
Perfect explanation.
But question, what would Ingress Filtering in the bridge interface do? Would it just improve security a bit more?
sweet presentation
Thank you
I just loved your way of explanation.. please do a lab on BGP Routing with multiple routing
Very well explained sir! I would like to request OSPF+Vlan.. hope to include this in your videos
Thanks Erza, OSPF coming soon.
@@TheNetworkTrip Still waiting:)
@@TheNetworkTrip Still waiting:) x2
Hello, your videos are very good. I would like to ask how you could add a Unifi AP, which requires several VLANs with their corresponding SSIDs and each VLAN with its IP range to one side of the switch.
After receiving my CRS510, i was a bit overwhelmed when reading the RouterOS manual, glad i found your tutorial. One question, a 100GBit connection, consists of 4 25Gbit interfaces, do i need to add the vlans to each interface when setting up a 100Gbit trunk connection, or do i only need to setup the first interface of the set of 4?
buenos días maestro , muchas gracias por la información avanzada y explicaciones respecto del uso de vlans en mikrotik, hace un tiempo se me presenta un problema con los crs 317 , que se enlazan entre si con trunk de fibra a 10Gb, en el mismo switch tengo modulos sfp de cobre de 10Gb y de 1 Gb , al funcionar enambos extremos con swos , presentan link paused interrumpiendo las conexiones, a que puede deberse este problema? existe alguna limitacion conocida respecto al buffer cuando se utilizan modulos de diferente tipo 10G y 1G? gracias
I have a somewhat simple task, setup 3 ports on the same VLAN and be able to establish communication. I tried following your steps where I would need them but I cannot for the life of me get a ping to any device between the 3 ports. So if I have 3 PCs plugged in, they can't see each other. hmm..Basically setting up a failover for WAN connection, 2 firewalls and one modem(ISP).
Respect...You are good teacher ;)
Thank you! 😃
crystal clear! thanks.
Great video, I followed your instructions with 2x CRS317 and set up MLAG, several VLANs and bonded interfaces. I ran into a problem, MTU greater than 1500 does not work, although I set MTU 9000 and L2MTU 10218 on all interfaces. Do you have any advice, since I have no more ideas?
Great video that explains the complete setup process. Do you have a video about configuring a RB2011 with the 2 switch chips, and connecting router to vlans and connecting the vlans between the 2 switch chips? I cannot find a good video on how properly configure with the switch chips, CPU for ip access and cross chip vlan communication.
Hi Mike, I will upload one video soon related to your suggestion
I have really struggled with this one for quite sometime. Looking forward to that video
To clarify 8:30: It's not just inefficient, but rather it disable hardware offloading.
(inefficient is absolutely the correct word, but native English speakers use it much more casually)
Also: Using the CLI makes this absolute cake.
Thank you!!
Thank you very much. I needed it very much! Excellent explanation!
Great to hear!
Brilliant video, well done. Please may you do a Video on Capsman and Vlans, and another on Router Vlan configuration
Great suggestion!
Superb stuff man thank you this is exactly what I needed
Great tutorial. Mikrotik has a bit of a ...different workflow.
Thank you, totally agree!
Hello, any chance you could do a tutorial on implementing CGNAT (or the closest way one can implement this) on Tin?
de lo mejor q vi. Gracias
Very good explaination video
Thanks a lot
Very useful video
Thank you for this video!
Hola Wilmer, escelente informacion muchas gracias por compartir. quisiera preguntarte, si estoy usando el PVID=1 del Bridge como vlan de administracion desde un Router, el proceso de configuracion en el CRS1XX cambia algo??
Excellent and well explained
Hello Mr Wilmar..!
Hope you are very well ..!
so why you disable all unused ports here..? by doing this what is the refection on the mikrotik CRS..?
well done, this is great info and it has help. thanks and keep it up.
Thanks, will do!
Hi, Been following Your videos for some times and your explanation is great , Need some help Please Have three ISP lines with 60 MB each and I have 4 Mikrotiks (RB2011-Routerboard-AX2-AC3 Which is best to do Bonding or Vlans in Bond ? tried bonding but didnr get a good result . Im sure You know a good way of implemnting the right way to do it
My recommendation would be PCC. You can follow the example here: help.mikrotik.com/docs/display/ROS/Per+connection+classifier#Perconnectionclassifier-ConfigurationExample
I’ll create a video about it in the future.
Potentially dumb question. I have a CRS310 that I'm at least at first primarily using as a layer2 device with vlan functionality. It connects back to a Pfsense router that already has the vlans and IP address ranges defined and acts as the DHCP server. Question:
1. Do I still need to define IP address ranges and give the vlans IP addresses on the CRS switch?
2. In this type of setup would it still be most efficient to add all the switchports to one bridge then assign tagged and untagged interfaces for each vlan from there?