No video

VLANs, pt.2: vlan-filtering and management VLAN

  Рет қаралды 34,569

MikroTik

MikroTik

Күн бұрын

Пікірлер: 85
@OstJoker
@OstJoker Жыл бұрын
To say truth, after 10+ years working in IT, this configuration method still blows my head :-)
@Aviatorpaal
@Aviatorpaal 10 ай бұрын
I agree. The user friendliness could improve, some explanations would go a long way
@gmas
@gmas 7 ай бұрын
it's madness
@vogonjelc
@vogonjelc Ай бұрын
Yep, but try wan balancing. My head just jumped and run away.
@cybertechug7900
@cybertechug7900 18 күн бұрын
😂😂😂😂 thought was alone
@mirmigois
@mirmigois Жыл бұрын
I love this video as well as every video you have made. I think it would be even more helpful to see every CLI command you write in an adjacent window at the same time as the result in a GUI. In complex videos like the one with VLANs, we have to do them in the lab and see the result in a GUI to be sure that we understood. You do a great job with the videos and we learn new tricks.
@jonpinkley2844
@jonpinkley2844 Жыл бұрын
You should create a topic on the MikroTik forum to cover the VLAN mini-series, and post exports of the sample configurations for reference. I also think an additional video where you configure the hAP ac2 with a trunk link to the CRS326 would be useful. Then the hAP ac2 should be configured to do inter-vlan routing, as well as provide dhcp server, internet access and firewall configured on the hAP ac2. Then demonstrate how devices connected to the different vlans can communicate with each other via the hAP ac2. Possibly configure a "guest vlan" that can not establish a connection to a "trusted" vlan, but the trusted vlan can connect to a device on the guest vlan, the return traffic being allowed by an established/related rule in the forwarding chain. Then configure a vlan-filtered bridge on the L009 with access ports for each vlan. This should then act as another vlan-aware switch, with a management connection on vlan 99, but no other vlan interfaces. Then show that the access ports on the L009 can communicate with the the access ports on the CRS326 and CRS112, and as long as they are in the same vlan, that no (significant) CPU resources are used. A bonus would be configuring wifi on the hAP ac2 with different SSIDs, and how the access ports associated with each vlan/SSID can communicate.
@crapAllBusy
@crapAllBusy Жыл бұрын
wow! you have done a great job, thank you! add that "bridge ports = ingress, bridge vlan= egress" to the wiki
@zacharysmith2371
@zacharysmith2371 7 ай бұрын
This is a great overview and tutorial for how VLANs work on RouterOS. I feel like I understand it all much better now. Thanks especially for including the MGMT configuration and demonstrating HW offload + CPU access works with a practical example.
@francescocuscito6353
@francescocuscito6353 Жыл бұрын
I want to clarify that your work is very much appreciated by me
@user-lx6ki2nx4l
@user-lx6ki2nx4l Жыл бұрын
One of the best explanations for begginers that get to see. In my work field we use this exact settings in action in a very poppulared hotel Well done saving me hours of explanation from my superior that i couldn't undestand without trainning
@cryozap
@cryozap Жыл бұрын
Nice video, exactly what I have looking for quite some time. I manage a broad variety of devices and always got stock with vlans. Now I do inderstand the, better. Thanks a lot.
@MrHacross
@MrHacross 11 ай бұрын
Thank you so much! I was struggling to get a hAP ax2 to trunk on an interface and have the two different WiFi interfaces on different VLANs, etc. This video and your showing the configuration as you built it helped me to understand *where* in the GUI (Winbox) I needed to set the VLANs and what options vlan-filtering and ingress-filtering. There are just too many ways to go wrong in the GUI. I think in the future, I'll be using the CLI to manage my hAP.
@mikrotik
@mikrotik 11 ай бұрын
You're welcome! Subscribe for more tips in the future.
@cyrilpinto418
@cyrilpinto418 2 ай бұрын
Clear as mud; moved from a Hex to a Tplink Smart Switch and setup in 5 mins.
@drunkbear889
@drunkbear889 Жыл бұрын
QinQ or VXLAN or VPLS video IMO
@javierhorrillo7343
@javierhorrillo7343 Жыл бұрын
Pretty useful, specially for the non bridge vlan filtering method (CRS1xx, CRS2xx with HW), that is most of the times missed in examples.
@HiltonT69
@HiltonT69 Жыл бұрын
Nice, detailed video. I run similar setups, but this is a very clear description of the CRS configurations.
@mjsun42
@mjsun42 Жыл бұрын
Thanks for the great video ! would be nice to see how to config a wifiwave2 AP with vlans, i.e Router (CAPsMAN) + Switch + wifiwave2 AP.
@drumaddict89
@drumaddict89 Жыл бұрын
thanks for a great video on a topic which bugged me for some years where i could have used that video to save me a lot of mind-lock-ups xD i had to figure it out mostly with the old docs and by trail and error :) great for beginners and users new to VLANs in ROS!
@giuliano581
@giuliano581 Жыл бұрын
Thanks! Please, can you make a video about vlans , qos and multiple ssid ? It might be useful to separate lan access, iot devices, media devices, etc
@katsurokurosaki7230
@katsurokurosaki7230 Жыл бұрын
I second this, bonus points: With capsman!
@oliver1121
@oliver1121 Жыл бұрын
QinQ in the next video would be great thanks. If you could explain what happens when a Mikrotik Switch receives a QinQ frame as well that would be great. If I have the L3 QinQ interfaces on a Mikrotik Router and I just want my Mikrotik Switch to receive/forward the QinQ frames to the Router how would you do this (No VLAN stripping or anything like that just a trunk forward).
@DickyChengHK
@DickyChengHK Жыл бұрын
Thanks for the detail video to let us know different approach vlan setup in Mikrotik device
@vhaelanvhaelan8417
@vhaelanvhaelan8417 9 ай бұрын
Thanks so much for this video, it did clarify a lot or questions I had about VLAN setup in Mikrotik
@lisovik
@lisovik 6 ай бұрын
Thank you! Everything quick and clear.
@nlsqrs1
@nlsqrs1 Жыл бұрын
Loved this video and it explained more than I could understand from the manuals. For future videos I would love it if you build on this to cover wireless vlan's using Capsman and a management network? It may be a bit long for some.
@arebacollins
@arebacollins 5 ай бұрын
This is very useful, after struggling with ROMON in a 700 plus device network. :-(
@alexn4976
@alexn4976 Жыл бұрын
Great video! Keep going like that Mikro!
@ameador01
@ameador01 Жыл бұрын
I like the comments below. I also turn on Subtitles when listening and the commands you are discussing are behind the subtitles. I am somewhat struggling with VLANs in general - besides the multiple ways they are implemented in Mikrotik OSs. I would also love to see diagrams or animations - showing what is happening with the data packets as they are travelling the network, though the ports and bridges to get a better understanding of what tags are seen where. I know this is more complicated to ask but would be very helpful.
@RB01-lite
@RB01-lite Жыл бұрын
You can move the subtitles with your mouse :)
@ameador01
@ameador01 Жыл бұрын
@@RB01-lite HA! I never knew that! Thanks!
@dimitris470
@dimitris470 Жыл бұрын
Nice video series, but it's too dense, even if incomplete. First of all, all those options are not suitable for every device. You need to check the support pages for VLAN switching to see what's best for your device and its hardware. Also configuring the bridges differently than your physical chips can lead to weird routing and bottlenecks. In my opinion the videos should have been structured differently. Something like, first video should talk about Vlans in general. Without mentioning anything about hardware technicalities or mikrotik specifics. Second should be a general presentation of how routeros and winbox abstract the various vlan details into the various entities like bridges, interfaces etc. And then, it should be separate videos about each router generation, device type (like APs) or even specific models that requires special attention to optimize things like hardware offloading.
@SimonJMudd
@SimonJMudd Жыл бұрын
Would be good to share final configuration as text so it's easier to copy and adjust for similar setups.
@nick9323
@nick9323 Жыл бұрын
Should rb5009 vlans be configured in the same manner as crs112 ? Would be nice to see "tagged vlans over wifi ssid"
@vhaelanvhaelan8417
@vhaelanvhaelan8417 9 ай бұрын
No, the 5009 has a switch chip, so should be configured as the crs3xx series
@zekisanli2747
@zekisanli2747 3 ай бұрын
Really good examples. Is there a code output of what is described? May I ask?
@kresimirpecar4925
@kresimirpecar4925 Жыл бұрын
Excellent video as always 😊
@CheekyMiner
@CheekyMiner 15 күн бұрын
How do you get multiple ports to be able to communicate with each other on the same vlan? I can't any type of ping from them.
@XtrAMassivE
@XtrAMassivE 6 ай бұрын
So if you want to make multiple VLANs, with DHCP, etc, you need to also make an interface VLAN for every VLAN? Does every other switch also require a interface VLAN for every VLAN or just he management VLAN?
@mochouinard
@mochouinard Жыл бұрын
Some video graphics error at 3:33 for example.
@cgolebio
@cgolebio Жыл бұрын
Should the bridge only have 1 trunk or are multiple trunks acceptable? Does master and slave port configuration apply anywhere? Last video you mentioned STP and RSTP. How is this config safe to use with these protocols or are there other considerations? I think going over wireless access points where you have multiple SSIDs which each corresponds to different VLANs plus management VLAN would be great. Also how to properly handle mdns between vlans and prevent flooding.
@m-electronics5977
@m-electronics5977 3 ай бұрын
15:38 why that is so? Why the software can't do it at the same way like on the bigger switches?
@Anim4000
@Anim4000 5 ай бұрын
for Internet Tagged VLAN (PPPoE) using this method do improve performance for 2Gbps internet plan?
@dhiaahmed5420
@dhiaahmed5420 Жыл бұрын
Please make a video about the firewall managle marking and how the packets get marked and when the mark is replaced. Thnx
@m-electronics5977
@m-electronics5977 3 ай бұрын
10:01 but when we add an IP address to the network port itself on the laptop then it should work?
@mannins79
@mannins79 Жыл бұрын
Idea for the next video: Advanced capsman configuration please!
@UPPERKEES
@UPPERKEES 5 ай бұрын
I don't get why the term bridge is used. Isn't that an outdated network device to just bridge 2 networks?
@martinskupcis2375
@martinskupcis2375 5 ай бұрын
CapMan + Vlan {possible vlan configuration from capman?} + quest and internal wifi ?
@azurtem-com
@azurtem-com Жыл бұрын
Another clear and well constructed presentation, thanks Druvis.
@MustaMT
@MustaMT Жыл бұрын
Yes all is clear. However work was on L2 only. Third video should discuss L3 and how to isolate on that level please. All possible isolation options not just simple drop rules.
@m-electronics5977
@m-electronics5977 3 ай бұрын
8:15 I learned sth. new. You don't have to put the access ports for some VLAN into the bridge VLAN menu as untagged.
@andikadioey4680
@andikadioey4680 Жыл бұрын
we need a new thread for this in forum, just for basic one not advanced one, maybe with winbox config step by step, cli command is nigtmare for beginner 😁😁😁
@crash939burn
@crash939burn Жыл бұрын
vlan is very simple, just match the numbers, vlan numbers and bridge it, the the bridge counts as the actual interface
@isoplayer
@isoplayer Жыл бұрын
can we set a trunk port to allow all vlans , while set other ports in hyprid configuration for example in voip scenarios ?
@spyrule
@spyrule Ай бұрын
My only complaint about this is how you do it all _only_ from the CLI. You have a UI, Show how to do the same steps in the UI, AS WELL as the CLI.... :argh:
@okoeroo
@okoeroo Жыл бұрын
Yes. Very helpful
@Aviatorpaal
@Aviatorpaal 10 ай бұрын
This is too difficult. After 50+ configuration attempts of a hybrid port against a bridge I am lost in the rabbit hole
@michalpavlikpb
@michalpavlikpb Жыл бұрын
HI, what OS do you using ? THX for answer
@RB01-lite
@RB01-lite Жыл бұрын
Its EndeavourOS which is basically arch linux + kde plasma
@mirmigois
@mirmigois Жыл бұрын
@@RB01-lite What you did and 2.5 protocol works on linux and you using mac-address to connect through winbox. I installed winbox along wine on ubuntu but i can not use 2.5 protocol. If there is a trick could you do a video about 2.5 protocol on linux
@RB01-lite
@RB01-lite Жыл бұрын
@@mirmigois What exactly are you trying to do? And what goes wrong?
@mirmigois
@mirmigois Жыл бұрын
@@RB01-lite when i use linux and want to connect with winbox to a mikrotik that has IP 0.0.0.0 (reset without any config, default or by user) i can't connect by selecting mikrotik's mac address. I have to switch to windows to login to mikrtotik
@RB01-lite
@RB01-lite Жыл бұрын
@@mirmigois Did you disable DHCP client and add an IP to the interface in linux?
@shaker9756
@shaker9756 9 ай бұрын
Thank you so much for this detailed video and all the explaination. I have 3 routers behind each other and started a trunk from the first to the last. The devices I have in use are RB5009, CRS328 and hAP ax². I tried the complete same settings with all 3 devices to route the trunk and the VLANS through. It all worked with CRS328 and hAP ax². But after hours I am not able to bring also the RB5009 in the row. In the video you decribed the topic with different settings for CRS1xx/CRS2xx. Is there something similar with my RB5009 or should it work like you showed in the video until 14:24?
@shaker9756
@shaker9756 9 ай бұрын
Ok I fixed it, after I found another very good video. It seems the issue was, that I configured more than one bridge, due to this config was in parallel free ports on my running router, with another network. The information from that video was, that more than 1 bridge is not a good idea, due to the router has only 1 switch chip on it. Since I changed it over my productive bridge, the connection is working.
@mikrotik
@mikrotik 9 ай бұрын
When adding multiple bridges it will not be possible to hardware offload all of them, but vlan-filtering should still work in the confines of a single bridge. It is not possible, however, to do inter-bridge vlan-filtering.
@railwireorbit7401
@railwireorbit7401 7 ай бұрын
I am amazed only by vlan configuration on linux OS. Can you tell me which OS is this?
@mikrotik
@mikrotik 7 ай бұрын
It's an Arch based distro using KDE Plasma desktop environment and NetworkManager. Most Linux distros will use NetworkManager, but might have a different GUI.
@railwireorbit7401
@railwireorbit7401 7 ай бұрын
@@mikrotik Thank You So Much for your response.
@TheLateral18
@TheLateral18 10 ай бұрын
is it silly to set up vlans on a home switch , one vlan for a firestick , one vlan for the PC and another one for the ps5
@mikrotik
@mikrotik 10 ай бұрын
Don’t forget IoT 😀 that adds at least 20
@francescocuscito6353
@francescocuscito6353 Жыл бұрын
I am strongly, interested, because I just have to configure my LGH LTE18 RouterOs Kit, but your illustration is useless to me, following your illustration (even if it helped me with Google Translation) it is only in English. Although I have made every effort to simulcast your explanation. It was all in vain. Is there an alternative? Thank you.
@mikrotik
@mikrotik Жыл бұрын
It is not feasible to translate illustrations. If you are referring to the one breaking down the ethernet frame, than you can just look that up on wikipedia. Other then that, the one showing CPU and Switch chip was just used to explain how a bridge interface with hardware offloading (HW=yes) will move processing from CPU to the Swtich chip, so if you need a management interface you have to ensure CPU can communicate through the Switch chip.
@rudypieplenbosch6752
@rudypieplenbosch6752 8 ай бұрын
I just received the crs510, there is already a bridge configured for management, is this bridge HW offloaded? Or do i need to create a 2nd bridge which is hardware offloaded ? Also, my trunc will be a 100Gbit port, do i need to add vlans to each of the 4 25Gbit ports that make up the 100Gbit connection, or do i only need todo the settings on the first qfsp28-1-1 port ?
@mikrotik
@mikrotik 8 ай бұрын
All bridges are offloaded by default when created, but other settings might prevent them from being offloaded. The easiest way to know is to just check the bridge port section - letter H indicates whether a particular port is offloaded or not. When it comes to the 25Gbit ports, you need to configure them just like any other interface.
@rudypieplenbosch6752
@rudypieplenbosch6752 8 ай бұрын
@@mikrotik Thanks for the information, so for a 100Gbit trunk, i need to add the same vlan table to each of the 4 port members.
@Rob_Turner_UK
@Rob_Turner_UK Жыл бұрын
brave taking this topic on....
@msdelfin
@msdelfin Жыл бұрын
Druvis, what linux distribution you are using?
@RB01-lite
@RB01-lite Жыл бұрын
At work EndeavourOS. At home arch btw
@raulallue
@raulallue Жыл бұрын
Good vídeo, spanish version? 😅😅
@jtmuzix
@jtmuzix Жыл бұрын
You are an amazing teacher! Please create more highly technical videos. Why not tackle hardware off-loading and utilizing the best of a switch and a router. Each with different types of supported hardware off-loading. :) I write that because I have a crs326-24g switch and a ccr2004 passive cooled router. I find that you can use the switch as a router and vice versa but the switch has l3-hw-offloading where the router does not and I do not understand the hardware offloading the router does exactly.
@mikrotik
@mikrotik 11 ай бұрын
It all depends on the switch chip, some info can be found in the following links: help.mikrotik.com/docs/display/ROS/Switch+Chip+Features#SwitchChipFeatures-Introduction help.mikrotik.com/docs/display/ROS/Bridging+and+Switching#BridgingandSwitching-BridgeHardwareOffloading
VLANs, pt.3: QinQ and the L2MTU mystery
16:55
MikroTik
Рет қаралды 15 М.
What are VLANs and how to configure them (pt.1)
13:01
MikroTik
Рет қаралды 48 М.
Ik Heb Aardbeien Gemaakt Van Kip🍓🐔😋
00:41
Cool Tool SHORTS Netherlands
Рет қаралды 9 МЛН
Кадр сыртындағы қызықтар | Келінжан
00:16
WORLD'S SHORTEST WOMAN
00:58
Stokes Twins
Рет қаралды 202 МЛН
ISSEI & yellow girl 💛
00:33
ISSEI / いっせい
Рет қаралды 22 МЛН
VLAN в Mikrotik
21:20
Mikrotik Training
Рет қаралды 56 М.
MikroTips: How to firewall
21:56
MikroTik
Рет қаралды 145 М.
How to Create a Management VLAN | CCST | CCNA | CCNP
7:56
CISCONET Training Solutions
Рет қаралды 28 М.
О работе VLAN (802.1q) на оборудовании Mikrotik
1:12:34
Mikrotik Training
Рет қаралды 131 М.
VLANs: How to Protect Your Wifi and LAN
17:28
Dave's Garage
Рет қаралды 396 М.
VLANs Made Easy: Learn This Today!
41:08
Crosstalk Solutions
Рет қаралды 259 М.
Sieci VLAN
44:19
Remigiusz Pyrek
Рет қаралды 15 М.
Ik Heb Aardbeien Gemaakt Van Kip🍓🐔😋
00:41
Cool Tool SHORTS Netherlands
Рет қаралды 9 МЛН