Yes! I use CRS317, CRS305. I also use CCR2004, CCR1009 and RB760iGS (hex S). I also use some settings like Frame Types and Ingress Filtering. For blokcing the router the way it not route User Networks to Management VLAN it is possible to filter forward traffic going out through interface vlan-99, dropping it, and also add a rule to drop traffic incomming from interface that is not vlan-99 but is trying to go out via vlan-99? I think that whay if I forgot some user network, it will also work, is it right?
I used this config you teach on a mAP,RB433,RB2011 and a RB1200 (sort home network testlab) no firewall setup yet just want to get all under the belt first. Loved the vid helps alot
One of the best and clearest tutorials I saw at the Internet. I am system administrator of a network with a 500+ wired devices + 2000+ wireless devices. I have almost every mikrotik model in my network, from hap lite to a CRS317 (95 routers totally). VLANS on mikrotik devices are a really pain in the ass, to say truth. So many different ways to configure on different devices, its just blows my head.
Just WOW! So simple explanation how to deal with Mikrotik VLANs, bridge and a specially adjusting inter-VLAN communication with firewall. EXCELLENT JOB! Thanks!
Excellent tutorial for Vlan setups using MikroTik equiptment. I have searched and watch many hours of tutorials on the subject from the web. I just couldn't get it but now because of your amazing video, I got it all working exactacly the way I want. I learned so much , thank you!!!
After many hours of watching youtube videos and reading tutorials about VLAN's and bridges, this is the first video that I was able to follow and make it all work. Thank you for the clearness of the explanation and the right pace for it. Thank you!
Thanks for posting this; very useful for getting my head around a different vendor implementation. One gotcha I discovered - in case it's useful for others - is that at 13:24 if you add the bridge interface as untagged for the management vlan instead of tagged, the IP address you assign to the Interfaces/Vlan interface is not reachable and when you then turn on vlan-filtering on the bridge, you lose all access to the device and (unless you have a serial cable) have to factory reset it by holding down the reset button until the "user" light flashes while turning on the box. If you assign an IP to a physical interface, it gives you a backup way to access it while you're testing this. You can remove it once you know the proper IP is accessible.
Your scenario can work but you are missing a step. The same as settings an access port, if you set a port as untagged, you must also put a PVID on it. On the bridge itself, where you turn on VLAN Filtering, you can also set a PVID on the bridge itself.
Hi Gareth, thank you for your comment. I've just checked the video but actually, the bridge is under the tagged section: ua-cam.com/video/YLtGQAQ8iS0/v-deo.html Completely agree with you about having one physical interface out of the bridge to avoid the risk of being locked out.
Extremely useful, thank you so much for having shared this. I was searching around how to configure my Mikrotek (CRS-305) for several VLAN switch for hours and hours until I found your explanation... crystal clear. Now everything works as intended, solving a problem running for months. I followed your explanations, step by step et voila! If you want to play safe, detach the management interface (eth1 on CRS-305) from the bridge. After that, whatever mistake you do, you are not disconnected. Leave all 10G on the bridge.
I"m also a Cisco guy, and purchased the CRS328 series a few years back. This is a complete and excellent guide for configuring VLANS on the Mikrotik CRS3XX. I'm using Port aggregation as well, and if you can create another video about that, I'm sure others besides myself would be ecstatic. Thank you for the informative guide. Job well done!
Thank you taking the time to explain how the Mikrotik 300 series works been scratching my head now for couple days trying to grasp concepts around how this switch handles VLANS, been watching variety of different videos which doesn't on this particular switch thanks once again.
13:40 is a very important detail. Add the bridge itself to the management vlan. The lack of this step was driving me crazy as the switch was acting very erratic. Thanks for this video.
Thanks, Mr. Wilmer Almazan you literally saved me my job. This video really helped me get my network up and running. I remember your 5 steps really well. Thanks alot.
Sir, you have ended my search for the ultimate guide on how to configure my new RB4011 and CRS328 with VLANs!!! Subscribed and looking forward to all new material - after I watch all your other videos. Can't thank you enough. Greetings from Oz.
@@firefly2472 I wish I could say I have been totally successful. To date, still don't have Vlans running. Still get caught up with the Management Lan settings because all network items already have an IP and are all operational.
Just a quick point - if your device has a switch chip, you should be creating your VLANs there instead for full hardware speed. It is pretty easy to tell if you do, there is an extra menu item in the sidebar 'Switch', usually between 'PPP' and 'Mesh'.
Muchas gracias por el video. Me salvó la tanda. NO sabía que había diferencia entre tener 1 o varios bridge, y tenía un uso de CPU de 100%. Siguiendo estas instrucciones pasé a 20% de uso CPU. Un tico por acá. Gracias mae!
For the CRS part starting at minute 8:00 and filling in the /bridge port values, this is the time to enter in frame types admit priority and untagged and also to check ingress filtering.
This was totally amazing. I have watched many vlan videos and this was the best. One question, I am struggling with the concept of what a bridge is and why we need it.
thank thank you very much, it's a big advantage for us to know this technics about vlan, for future expansion of our network i will apply this method .....thank you very much and more power😊😊😊😊👍👍👍👍👍👍
Extending my thanks for explaining VLAN configurations this makes sense tried many other tutorials from youtube this one works the best everyone all other are complete jokes.
Hey All, I loved this guide, it was truly the best, but its missing some context. The issue they wasn't obvious is that he is using native VLAN 1 in his VLAN filtering. This caused me a huge issue. The default VLAN wasn't allowed on router where I had the CRS310 ethernet 1 port plugged into. VLAN1 is the default on the MikroTik and was causing the switch to respond on the management port only, but not allow communication to any other device. I noticed some of the VLAN IDs were excluded, but I ended up tagging my bridge port that was trunking VLANs to the PVID I needed. Thank you Wilmer for your expertise, I wouldn't have had a clue where to start.
To clarify 8:30: It's not just inefficient, but rather it disable hardware offloading. (inefficient is absolutely the correct word, but native English speakers use it much more casually) Also: Using the CLI makes this absolute cake.
Mr. Almazan, I know you turned on filtering for the two switches after configuring and testing. But what about the router, should it have it's filtering turned on or leave it off? Thank you, again for such a great step-by-step vlan tutorial using the MikroTiks GUI.
Best tutorial ever ! I shall add info on improvement with this config (since now been using separate bridges and vlan interfaces - but crs326-24s-2q+ made maximum 320 mbit/s throughput till 100% cpu) i need to achieve at least 0,9 gbit/s throughput via vian/1gbit/s sfp
Hello! If the trunk interfaces have the PIV=1, it will be added dynamically to the table. If you need a different ID, you can change it on the trunk interfaces.
Sir, I must say that this is the best of the best tutorial of Mikrotik VLAN I have ever seen. Using same scenario Could you please also let us know how we can assign an IP address to all the vlans on a CRS (not the management vlan) ?
I just started watching and I really like your approach. You clearly stating what the plan is and doing it on the actual hardware. Subscribed and hoping you have more content
buenos días maestro , muchas gracias por la información avanzada y explicaciones respecto del uso de vlans en mikrotik, hace un tiempo se me presenta un problema con los crs 317 , que se enlazan entre si con trunk de fibra a 10Gb, en el mismo switch tengo modulos sfp de cobre de 10Gb y de 1 Gb , al funcionar enambos extremos con swos , presentan link paused interrumpiendo las conexiones, a que puede deberse este problema? existe alguna limitacion conocida respecto al buffer cuando se utilizan modulos de diferente tipo 10G y 1G? gracias
Nice presentation. What I cant get though is the 4 step at 14:53. Why to add management vlans and copnfigure Ips and Gateway, etc... since that has already be done on the router. Probably there lies my problem too. I have pfsense for router and Microtik for switch. After all the procedure done I can get the device to take an ip from the vlan's segment but it doesn t have access to the internet and can t ping it's gateway. Basically it does nothing else except from assigning an ip address to it. PS Does anything (meaning services / protocls .. etc) needs to be disabled when someone is using a Microtik device as a switch only with RouterOS ?
Just got here looking to properly understand VLANs the Mikrotik way, your channel is impressive! Do you have a video on how to configure VLANs in devices without a switch chip?
Thanks for the great tutorial. It would be great to talk about loopback protection and other steps that are used in practice when configuring access switches.
Hola Wilmer, excelente tutorial, funciona perfectamente, solamente tuve un detalle al querer conectar dos switches (1 CRS328 y 1 CSS326) funcionan bien sobre puertos ethernet, pero no así en SFP+ (jumper, hay alguna configuración extra para poder hacer que funcionen sobre SFP+, saludos y gracias por los tutoriales que verdaderamente funcionan.
Hola Wilmer, escelente informacion muchas gracias por compartir. quisiera preguntarte, si estoy usando el PVID=1 del Bridge como vlan de administracion desde un Router, el proceso de configuracion en el CRS1XX cambia algo??
Hola! No está en español en estos momentos. En español solo tengo un curso completo de Switching que cubre esto y mucho más. Mi plataforma es aprenderedes.online
Been playing a few hours today with a 4011 and a crs326. Got this working now. Now lets do all the other things :p (Lots of hours this take to learn :)
Great video that explains the complete setup process. Do you have a video about configuring a RB2011 with the 2 switch chips, and connecting router to vlans and connecting the vlans between the 2 switch chips? I cannot find a good video on how properly configure with the switch chips, CPU for ip access and cross chip vlan communication.
Great video, very helpful as new to Mikrotik ~ with if your tagging above MGT, but i also need a vlan tagged and untagged, does that additional vlan tag need to point to Bridge as well, obvious to the interface?
@@TheNetworkTrip Interesting , so in my case, using vlan 99 like u for managment. But i also use vlan 50 for Internet that will be tagged out same port as management but untagged out another port. your saying for my vlan 50 i do Not need to tag the bridge as well as "uplink" tagged port?
If you are simply sending the VLAN 50 through the switch, you don't need to include the bridge interface. That would be required only if the routing will be performed by the switch (layer 3 switch).
Hi, great tutorial. I have a question, to your right you have painting tab to overlay painting in the schema. Can you tell me the name of the software are you using. ?thx
Hello! Yes, it’s possible. On RouterOS 7, CRs3XX and CRS5XX switches support L3 hardware offloading. We can have intervlan routing and still use the switch chip! I’m working on that topic for my next video!
It's a very good explanation and gives an excellent way to configure VLANs. I'm in the process of testing this in the case of a trunk (uplink or downlink from another switch) when there is a bonding interface of two ethernet ports. I hope this same schema works with bonding.
@@TheNetworkTrip I did the lab yesterday and worked just fine. I simply put the bonding interface in the bridge instead of the ethernet interfaces forming the bonding. Thank you again for your explanation.
Great Video, thank you sir. Was able to create 2 SSID's on mikrotik ap and assign vlan to both using same config as what you have shown in switch configuration. Much appreciated.
This is a very good tutorial on VLANs on Mikrotik CR3XXX series. If you can help me please, I want to configure CRS3XXX switch so that its not Router-on-a-stick rather Inter VLAN routing in switch itself.
Outstanding explanation. I coming from pFsense but I would like to move to Mikrotik CRS326-24. My main concern is if it can manage over 200 devices, 4 so and VPN clients. Also does RouterOS can manage block list like pihole and pfblocker?
Hi, The CRS326 is designed for switching, no routing. I would recommend to use any CCR instead. Unfortunately, there are several advanced firewall features not available in RouterOS. In summary, Mikrotik is a router with firewall features. PfSense is a firewall with routing features. They can co-exist in our networks.
I have a somewhat simple task, setup 3 ports on the same VLAN and be able to establish communication. I tried following your steps where I would need them but I cannot for the life of me get a ping to any device between the 3 ports. So if I have 3 PCs plugged in, they can't see each other. hmm..Basically setting up a failover for WAN connection, 2 firewalls and one modem(ISP).
Thanks for reaching out! To troubleshoot, ensure the three ports are in the same VLAN and subnet, and that VLAN tagging or untagging is configured properly. Check that all ports are added to a bridge if necessary, with correct VLAN filtering, and verify that no firewall rules are blocking local traffic.
Hello, your videos are very good. I would like to ask how you could add a Unifi AP, which requires several VLANs with their corresponding SSIDs and each VLAN with its IP range to one side of the switch.
Hi, Been following Your videos for some times and your explanation is great , Need some help Please Have three ISP lines with 60 MB each and I have 4 Mikrotiks (RB2011-Routerboard-AX2-AC3 Which is best to do Bonding or Vlans in Bond ? tried bonding but didnr get a good result . Im sure You know a good way of implemnting the right way to do it
My recommendation would be PCC. You can follow the example here: help.mikrotik.com/docs/display/ROS/Per+connection+classifier#Perconnectionclassifier-ConfigurationExample I’ll create a video about it in the future.
So I have a NetGate 6100, that connect to the CRS 328 which is just acting as a Switch. Would I folllow the same step for the 326 Switch part for this to work ? Thanks,
Hello Michael, By default, the CRS328 will act as a transparent switch, which means that the Vlans on the Netgate will be available in all the ports. The approach shown in the video applies if you wish to filter the VLANs and have some trunk and access ports.
This is no different from how I setup the hex router as solely a switch, except I use ingress filtering and frame type delineations on the bridge ports.
Have you configure VLANs on Mikrotik devices? Which switch models have you used?
Do you provide consultant services?
@@carloscardoso8796 Hi Carlos, you can contact me from here: mikrotiktraining.ca/
Yes! I use CRS317, CRS305. I also use CCR2004, CCR1009 and RB760iGS (hex S). I also use some settings like Frame Types and Ingress Filtering. For blokcing the router the way it not route User Networks to Management VLAN it is possible to filter forward traffic going out through interface vlan-99, dropping it, and also add a rule to drop traffic incomming from interface that is not vlan-99 but is trying to go out via vlan-99? I think that whay if I forgot some user network, it will also work, is it right?
I used this config you teach on a mAP,RB433,RB2011 and a RB1200 (sort home network testlab) no firewall setup yet just want to get all under the belt first. Loved the vid helps alot
can you please make a follow up video enabling for ipv6 as well? thanks
In 30 minutes, I understood more than after watching a bunch of hours of training videos. thank you
Great to hear!
I have exactly the same. Simple explanation how to do it well!
One of the best and clearest tutorials I saw at the Internet. I am system administrator of a network with a 500+ wired devices + 2000+ wireless devices. I have almost every mikrotik model in my network, from hap lite to a CRS317 (95 routers totally).
VLANS on mikrotik devices are a really pain in the ass, to say truth. So many different ways to configure on different devices, its just blows my head.
Where the heck has this been all of my life?! Seriously this has cleared up so many things about how to actually DO this on Mikrotik gear!
Thanks, Sam! 😄 Glad it helped clear things up for you!
This is the clearest explanation of VLANS I have seen. Thank you for taking the time to do such a thorough job!
This is the best
Just WOW! So simple explanation how to deal with Mikrotik VLANs, bridge and a specially adjusting inter-VLAN communication with firewall. EXCELLENT JOB! Thanks!
You are the greatest Mikrotik trainer I have come across in the past 15 years of using Mikrotik keep it up.
The best and most useful tutorial we are going to need for years to come !!!!
Glad it was helpful!
Excellent tutorial for Vlan setups using MikroTik equiptment. I have searched and watch many hours of tutorials on the subject from the web. I just couldn't get it but now because of your amazing video, I got it all working exactacly the way I want. I learned so much , thank you!!!
Thanks a lot! 🙌 I'm glad the tutorial helped you get everything working perfectly.
After many hours of watching youtube videos and reading tutorials about VLAN's and bridges, this is the first video that I was able to follow and make it all work. Thank you for the clearness of the explanation and the right pace for it. Thank you!
Thank you Jose!
I’m happy to hear that
I looked for how to set up VLAN on Mikrotik devices, and this is in my opinion best guide ever. Explained step by step how to reach the goal.
Thanks for posting this; very useful for getting my head around a different vendor implementation. One gotcha I discovered - in case it's useful for others - is that at 13:24 if you add the bridge interface as untagged for the management vlan instead of tagged, the IP address you assign to the Interfaces/Vlan interface is not reachable and when you then turn on vlan-filtering on the bridge, you lose all access to the device and (unless you have a serial cable) have to factory reset it by holding down the reset button until the "user" light flashes while turning on the box.
If you assign an IP to a physical interface, it gives you a backup way to access it while you're testing this. You can remove it once you know the proper IP is accessible.
You can still MAC telnet in that scenario: wiki.mikrotik.com/wiki/MAC_access
@@nicramtimzs6245 Thanks, that's really helpful to know. Looks like WinBox can connect similarly - as long as MAC Winbox Server hasn't been disabled.
Your scenario can work but you are missing a step. The same as settings an access port, if you set a port as untagged, you must also put a PVID on it. On the bridge itself, where you turn on VLAN Filtering, you can also set a PVID on the bridge itself.
Hi Gareth, thank you for your comment.
I've just checked the video but actually, the bridge is under the tagged section: ua-cam.com/video/YLtGQAQ8iS0/v-deo.html
Completely agree with you about having one physical interface out of the bridge to avoid the risk of being locked out.
@@TheNetworkTrip Sorry, didn't mean it to sound like I was saying that you'd done it wrong, just that *I* missed that step and locked myself out.
Extremely useful, thank you so much for having shared this. I was searching around how to configure my Mikrotek (CRS-305) for several VLAN switch for hours and hours until I found your explanation... crystal clear. Now everything works as intended, solving a problem running for months. I followed your explanations, step by step et voila! If you want to play safe, detach the management interface (eth1 on CRS-305) from the bridge. After that, whatever mistake you do, you are not disconnected. Leave all 10G on the bridge.
Thank you!
Needed a quick refresher. You were #1 rated video. Gave me what I needed, thank you!
Glad it was helpful!
this is the best Mikrotik VLan tutorial out there so far. Wish you would make more mikrotik video tutorials. Great stuff.
Thanks, more to come!
I"m also a Cisco guy, and purchased the CRS328 series a few years back. This is a complete and excellent guide for configuring VLANS on the Mikrotik CRS3XX. I'm using Port aggregation as well, and if you can create another video about that, I'm sure others besides myself would be ecstatic. Thank you for the informative guide. Job well done!
You're welcome! Thank you for the suggestion, I will add a video about port aggregation!
Great tutorial. The implementation of VLANs on Mikrotik have always confused me. this by far the clearest explanation I have found thus far.
Thanks
Thank you taking the time to explain how the Mikrotik 300 series works been scratching my head now for couple days trying to grasp concepts around how this switch handles VLANS, been watching variety of different videos which doesn't on this particular switch thanks once again.
Glad to help!
13:40 is a very important detail. Add the bridge itself to the management vlan. The lack of this step was driving me crazy as the switch was acting very erratic. Thanks for this video.
Great! That’s a critical step
Thanks, Mr. Wilmer Almazan you literally saved me my job. This video really helped me get my network up and running. I remember your 5 steps really well. Thanks alot.
Glad it helped
Easily the best tutorial for configuring VLANs on Mikrotik switches. I wish I'd found this video weeks ago.
Glad you enjoyed it!
I´ve watched this tutorial everytime I setup a CRS now, each times helps to fresh up my memmory! Thanks :)
Great to hear!
Thank you for your clear explanation about how MK works with inter-VLAN routing.
Glad it was helpful!
Your video is the most complete and accurate guide on this topic in youtube. I hope you publish more videos on related topics.
Thank you, I will
Sir, you have ended my search for the ultimate guide on how to configure my new RB4011 and CRS328 with VLANs!!!
Subscribed and looking forward to all new material - after I watch all your other videos.
Can't thank you enough.
Greetings from Oz.
Awesome, thank you!
I have the same setup, lets see if i can do it to :)
@@firefly2472 I wish I could say I have been totally successful.
To date, still don't have Vlans running.
Still get caught up with the Management Lan settings because all network items already have an IP and are all operational.
@@Dreamwoodinternational . Got them up and running... well kinda. Got everything on my desk to test, learn and do it again :)
@@firefly2472 Safest way to do it.
Just a quick point - if your device has a switch chip, you should be creating your VLANs there instead for full hardware speed. It is pretty easy to tell if you do, there is an extra menu item in the sidebar 'Switch', usually between 'PPP' and 'Mesh'.
That’s correct. Most RBs have at least one switch chip, and we can use the switch menu as you mentioned before. Thank you!
Muchas gracias por el video.
Me salvó la tanda. NO sabía que había diferencia entre tener 1 o varios bridge, y tenía un uso de CPU de 100%.
Siguiendo estas instrucciones pasé a 20% de uso CPU.
Un tico por acá. Gracias mae!
For the CRS part starting at minute 8:00 and filling in the /bridge port values, this is the time to enter in frame types admit priority and untagged and also to check ingress filtering.
Hello, thank you. That’s correct 👍🏻
Thank you for a fantastic guide! I would have given you 10 bucks for this video if I could.
Thank you! It’s a pleasure
Great and easy to follow and understand video on VLANs in the Mikrotik world.
Glad it was helpful!
This is most useful knowledge that I was looking for, I wish I can like it 1000 times. Thank you so much for this content.❤
This was totally amazing. I have watched many vlan videos and this was the best. One question, I am struggling with the concept of what a bridge is and why we need it.
Thanks!
The bridge interface itself is used to manage the switch (it provides access to the CPU).
Great explanation of VLANs I would like to see more!
Hi Eric, more content coming soon
thank thank you very much, it's a big advantage for us to know this technics about vlan, for future expansion of our network i will apply this method .....thank you very much and more power😊😊😊😊👍👍👍👍👍👍
Thank you!
Extending my thanks for explaining VLAN configurations this makes sense tried many other tutorials from youtube this one works the best everyone all other are complete jokes.
Glad it helped!
Hey All, I loved this guide, it was truly the best, but its missing some context. The issue they wasn't obvious is that he is using native VLAN 1 in his VLAN filtering. This caused me a huge issue. The default VLAN wasn't allowed on router where I had the CRS310 ethernet 1 port plugged into. VLAN1 is the default on the MikroTik and was causing the switch to respond on the management port only, but not allow communication to any other device. I noticed some of the VLAN IDs were excluded, but I ended up tagging my bridge port that was trunking VLANs to the PVID I needed.
Thank you Wilmer for your expertise, I wouldn't have had a clue where to start.
To clarify 8:30: It's not just inefficient, but rather it disable hardware offloading.
(inefficient is absolutely the correct word, but native English speakers use it much more casually)
Also: Using the CLI makes this absolute cake.
Thank you!!
Best, amazing and only one Who taught something that really worked for what i need
Thank you, I'm glad it helped!!
Great work Wilmer! very clear explanation. Thank you very much!
Mr. Almazan, I know you turned on filtering for the two switches after configuring and testing. But what about the router, should it have it's filtering turned on or leave it off? Thank you, again for such a great step-by-step vlan tutorial using the MikroTiks GUI.
Hello! Thank you.
There is no need to enable it on the router because there is only one interface with VLAN sub-interfaces.
Best tutorial ever ! I shall add info on improvement with this config (since now been using separate bridges and vlan interfaces - but crs326-24s-2q+ made maximum 320 mbit/s throughput till 100% cpu) i need to achieve at least 0,9 gbit/s throughput via vian/1gbit/s sfp
Danke!
Thank you very much
What about the native vlan (untagged) on the trunk port? how do you pass it to the other untagged ports?
Hello!
If the trunk interfaces have the PIV=1, it will be added dynamically to the table.
If you need a different ID, you can change it on the trunk interfaces.
Sir, I must say that this is the best of the best tutorial of Mikrotik VLAN I have ever seen.
Using same scenario Could you please also let us know how we can assign an IP address to all the vlans on a CRS (not the management vlan) ?
Thank you. If you want to perform routing, you can follow this tutorial:
ua-cam.com/video/c2sAA6jMjCY/v-deo.html
I just started watching and I really like your approach. You clearly stating what the plan is and doing it on the actual hardware.
Subscribed and hoping you have more content
Buen trabajo Wilmer, es un orgullo tener trainers hispanos que apuesten por el mercado inglés también. 👍👍🇵🇦
Muchas gracias, saludos, un placer
buenos días maestro , muchas gracias por la información avanzada y explicaciones respecto del uso de vlans en mikrotik, hace un tiempo se me presenta un problema con los crs 317 , que se enlazan entre si con trunk de fibra a 10Gb, en el mismo switch tengo modulos sfp de cobre de 10Gb y de 1 Gb , al funcionar enambos extremos con swos , presentan link paused interrumpiendo las conexiones, a que puede deberse este problema? existe alguna limitacion conocida respecto al buffer cuando se utilizan modulos de diferente tipo 10G y 1G? gracias
Hola!
Lo ideal es que coloque la velocidad manualmente (1Gbps Full Duplex) y asi evita problemas de negociacion e interrupciones de trafico.
congratulations for the clarity of the toturial
Thank you, glad to hear that
Nice presentation. What I cant get though is the 4 step at 14:53. Why to add management vlans and copnfigure Ips and Gateway, etc... since that has already be done on the router. Probably there lies my problem too. I have pfsense for router and Microtik for switch. After all the procedure done I can get the device to take an ip from the vlan's segment but it doesn t have access to the internet and can t ping it's gateway. Basically it does nothing else except from assigning an ip address to it.
PS Does anything (meaning services / protocls .. etc) needs to be disabled when someone is using a Microtik device as a switch only with RouterOS ?
Hello!
That’s for management purposes only. We will be able to configure the device by using the management IP from remote networks.
Thank you a lot! This video helped me to understand how make trunk ports from webfig/winbox on my crs310s.
Glad it helped!
You are very proficient in your field.thank you for sharing.this helps a lot especially for people like me.
Glad to help
Just got here looking to properly understand VLANs the Mikrotik way, your channel is impressive! Do you have a video on how to configure VLANs in devices without a switch chip?
Thanks for the great tutorial. It would be great to talk about loopback protection and other steps that are used in practice when configuring access switches.
Hola Wilmer, excelente tutorial, funciona perfectamente, solamente tuve un detalle al querer conectar dos switches (1 CRS328 y 1 CSS326) funcionan bien sobre puertos ethernet, pero no así en SFP+ (jumper, hay alguna configuración extra para poder hacer que funcionen sobre SFP+, saludos y gracias por los tutoriales que verdaderamente funcionan.
VERY elucidative and straightforward tutorial.
Thank you Alex!
Hola Wilmer, escelente informacion muchas gracias por compartir. quisiera preguntarte, si estoy usando el PVID=1 del Bridge como vlan de administracion desde un Router, el proceso de configuracion en el CRS1XX cambia algo??
this is it! straight to the point, thank you for your explanations. It works like a charm
Thank you!!
Great job! Everything is very very clear now!
Thanks! That’s great 😃
Thank you so much! Mikrotik is soooo hard and counter-intuitive compared to OpenWRT's "switch" table :)
Happy to help!
Wilmer, disculpa pero tendras este video en español?
Muchas gracias!
Hola! No está en español en estos momentos. En español solo tengo un curso completo de Switching que cubre esto y mucho más. Mi plataforma es aprenderedes.online
Omg.. I think I got it 😅 best explanation on UA-cam
Great!
best VLAN video on mikrotik
Thank you!
Been playing a few hours today with a 4011 and a crs326. Got this working now. Now lets do all the other things :p
(Lots of hours this take to learn :)
Thanks for the video, I finally understood how to properly configure management vlan.
Perfect explanation.
But question, what would Ingress Filtering in the bridge interface do? Would it just improve security a bit more?
Master or the universe!!! Very good explain
Wow, thanks!
Thank you so much for your tutorial. The BEST!!
23:08 and isn't just a bridge enough?
Hi!
We need ether1 because it is the trunk interface. If that is not included, we won’t have access to the switch
Great video that explains the complete setup process. Do you have a video about configuring a RB2011 with the 2 switch chips, and connecting router to vlans and connecting the vlans between the 2 switch chips? I cannot find a good video on how properly configure with the switch chips, CPU for ip access and cross chip vlan communication.
Hi Mike, I will upload one video soon related to your suggestion
I have really struggled with this one for quite sometime. Looking forward to that video
Great video, very helpful as new to Mikrotik ~ with if your tagging above MGT, but i also need a vlan tagged and untagged, does that additional vlan tag need to point to Bridge as well, obvious to the interface?
Hello Chris,
Only the management vlan must point to the bridge interface.
@@TheNetworkTrip Interesting , so in my case, using vlan 99 like u for managment. But i also use vlan 50 for Internet that will be tagged out same port as management but untagged out another port.
your saying for my vlan 50 i do Not need to tag the bridge as well as "uplink" tagged port?
If you are simply sending the VLAN 50 through the switch, you don't need to include the bridge interface. That would be required only if the routing will be performed by the switch (layer 3 switch).
@@TheNetworkTrip Thank you
the best video on youtube found so far!
Glad you enjoyed it
Hi, great tutorial. I have a question, to your right you have painting tab to overlay painting in the schema. Can you tell me the name of the software are you using. ?thx
Hi Norman, thank you. I'm using IPEVO Annotator, it's free.
@@TheNetworkTrip Cool thx :)
@@normankraft3306 what are you using to write/scribble? your mouse or a digital pen?
Hello, is it possible to have all the configuration on a single CRS device? without using a router?
Hi! Yes, you can use the CRS as a router. I have a video about it: Layer 3 Hardware Offloading Mikrotik
ua-cam.com/video/c2sAA6jMjCY/v-deo.html
wow good and clear explanation, thanks sir
Is it possible to run a router and a switch at the same time?
Hello!
Yes, it’s possible. On RouterOS 7, CRs3XX and CRS5XX switches support L3 hardware offloading. We can have intervlan routing and still use the switch chip!
I’m working on that topic for my next video!
Que software usas para probar la configuracion de la topologia de red?
Great video! But how to access devices from another vlan? etc printers?
Hi!
As shown on the video, the access by IP es enabled by default. If you want to block it, then you will use the IP firewall.
It's a very good explanation and gives an excellent way to configure VLANs. I'm in the process of testing this in the case of a trunk (uplink or downlink from another switch) when there is a bonding interface of two ethernet ports. I hope this same schema works with bonding.
Hi Guillermo, you can apply the same approach. Good luck!
@@TheNetworkTrip I did the lab yesterday and worked just fine. I simply put the bonding interface in the bridge instead of the ethernet interfaces forming the bonding.
Thank you again for your explanation.
Really easy to follow and good explanation of your process !1 Good work !! Love it !
Thank you very much!
Great Video, thank you sir.
Was able to create 2 SSID's on mikrotik ap and assign vlan to both using same config as what you have shown in switch configuration. Much appreciated.
Nice work!
This is a very good tutorial on VLANs on Mikrotik CR3XXX series. If you can help me please, I want to configure CRS3XXX switch so that its not Router-on-a-stick rather Inter VLAN routing in switch itself.
Hello!
You can follow this video where I explain how to use it as a layer 3 device
ua-cam.com/video/c2sAA6jMjCY/v-deo.html
Good work, good explanation. Thanks a lot.
Glad you liked it
Good video - I have linked to this from one of my own Mikrotik videos.
Hello. Great video. I noticed the latency was quite high(above 1ms) when pinging to the router from switch. Any reason why?
Hi Jason,
This is running on a PC in a virtualized environment. Physical devices will have better performance.
Outstanding explanation. I coming from pFsense but I would like to move to Mikrotik CRS326-24. My main concern is if it can manage over 200 devices, 4 so and VPN clients. Also does RouterOS can manage block list like pihole and pfblocker?
AP
Hi,
The CRS326 is designed for switching, no routing. I would recommend to use any CCR instead. Unfortunately, there are several advanced firewall features not available in RouterOS.
In summary, Mikrotik is a router with firewall features. PfSense is a firewall with routing features. They can co-exist in our networks.
@@TheNetworkTrip Thank you! Im really thinking moving to Microtik, their power consumption are amazing compared with a pfsense on a desktop
Hello, any chance you could do a tutorial on implementing CGNAT (or the closest way one can implement this) on Tin?
I have a somewhat simple task, setup 3 ports on the same VLAN and be able to establish communication. I tried following your steps where I would need them but I cannot for the life of me get a ping to any device between the 3 ports. So if I have 3 PCs plugged in, they can't see each other. hmm..Basically setting up a failover for WAN connection, 2 firewalls and one modem(ISP).
Thanks for reaching out!
To troubleshoot, ensure the three ports are in the same VLAN and subnet, and that VLAN tagging or untagging is configured properly. Check that all ports are added to a bridge if necessary, with correct VLAN filtering, and verify that no firewall rules are blocking local traffic.
Hello, your videos are very good. I would like to ask how you could add a Unifi AP, which requires several VLANs with their corresponding SSIDs and each VLAN with its IP range to one side of the switch.
Hi, Been following Your videos for some times and your explanation is great , Need some help Please Have three ISP lines with 60 MB each and I have 4 Mikrotiks (RB2011-Routerboard-AX2-AC3 Which is best to do Bonding or Vlans in Bond ? tried bonding but didnr get a good result . Im sure You know a good way of implemnting the right way to do it
My recommendation would be PCC. You can follow the example here: help.mikrotik.com/docs/display/ROS/Per+connection+classifier#Perconnectionclassifier-ConfigurationExample
I’ll create a video about it in the future.
So I have a NetGate 6100, that connect to the CRS 328 which is just acting as a Switch. Would I folllow the same step for the 326 Switch part for this to work ?
Thanks,
Hello Michael,
By default, the CRS328 will act as a transparent switch, which means that the Vlans on the Netgate will be available in all the ports. The approach shown in the video applies if you wish to filter the VLANs and have some trunk and access ports.
Superb stuff man thank you this is exactly what I needed
excellent video. What software are you using to simulate or test the network?
Hello! I’m using the Web GUI available on GNS3 VM
Great tutorial. Please include the cli commands in summary.
That would be perfect. Can also put them in description or link them somewhere for ease in copy pasting
Whats different about this config when using ROS7 ?
Hello,
The process is similar on RouterOS 7.
buenas amigo wilmer al colocar otro valor en PVID se elimina la vlan 1 cierto?
Very well explained sir! I would like to request OSPF+Vlan.. hope to include this in your videos
Thanks Erza, OSPF coming soon.
@@TheNetworkTrip Still waiting:)
@@TheNetworkTrip Still waiting:) x2
This is no different from how I setup the hex router as solely a switch, except I use ingress filtering and frame type delineations on the bridge ports.
Hi!
This method works with any RouterOS debice BUT hardware offloading will be supported only on CRS3XX, CRS5xx and CCR2XXX
@@TheNetworkTrip Thanks for the clarification. Just got a 310 to play with.
Thank you very much. I needed it very much! Excellent explanation!
Great to hear!
Thank you for your great tutorial. Can you ping
from the Lan in to a Vlan? I can only ping from a Vlan.
Hello can you tell me how to configure a voice vlan?
Hello!
I'll create a video about.