20160908vlanonmikrotik 160908193455

VLAN on Mikrotik
GLC webinar, 8 september 2016

Achmad Mardiansyah
achmad@glcnetworks.com
GLC Networks, Indonesia
www.glcnetworks.com
Agenda
Introduction
VLAN
VLAN on mikrotik
Demo
Q&A
www.glcnetworks.com
What is GLC?
Garda Lintas Cakrawala (www.glcnetworks.com)

An Indonesian company
Located in Bandung
Areas: Training, IT Consulting
Mikrotik Certified Training Partner
Mikrotik Certified Consultant
Mikrotik distributor
www.glcnetworks.com
Trainer Introduction
Name: Achmad Mardiansyah

Base: bandung, Indonesia
Linux user since 99
Certified Trainer (MTCNA/RE/WE/UME/INE/TCE)
Mikrotik Certified Consultant
Work: Telco engineer, Sysadmin, PHP programmer,
and Lecturer
Personal website: http://achmad.glcnetworks.com
More info:
http://au.linkedin.com/in/achmadmardiansyah
www.glcnetworks.com
Please introduce yourself
Your name
Your company/university?
Your networking experience?
Your mikrotik experience?
Your expectation from this course?
www.glcnetworks.com
What is Mikrotik?
Name of a company
A brand
A program (e.g. mikrotik academy)
Headquarter: Riga, Latvia
www.glcnetworks.com
What are mikrotik products?

Router OS
The OS. Specialized for networking
Website: www.mikrotik.com/download
RouterBoard
The hardware
RouterOS installed
Website: www.routerboard.com
www.glcnetworks.com
What Router OS can do?

Go to www.mikrotik.com
Download: what_is_routeros.pdf
Download: product catalog
Download: newsletter
www.glcnetworks.com
What are Mikrotik training & certifications?
Certificate validity is 3 years
www.glcnetworks.com
VLAN (Virtual LAN)
www.glcnetworks.com
Typical network, no internet
All computers just connect to one switch (concentrator)

One network segment
SITE A
www.glcnetworks.com
Typical network, more switches, no internet
Network segment is extended

Still one network segment, single broadcast domain
SITE A
www.glcnetworks.com
SITE B
Typical network, with internet
Need a router to connect to other network (internet is a collection of networks)

ISP
SITE A
www.glcnetworks.com
SITE B
Typical network, with segmentation and internet
A router is used to connect

between networks
SITE A
ISP
www.glcnetworks.com
SITE B
What VLAN offers?
VLAN: a feature on layer 2 device (switch) which offers virtual segmentation

on physical switch
The segmentation can be extended to other switch using trunk link.
Borrowed from telco terms trunk, a link to connects 2 telco exchanges
Port type:
Access port -> to connect to end-devices

Trunk port -> to connect to other VLAN switch
trunk
port
trunk
port
access
port
VLAN 10
VLAN 20
SITE A
trunk
line
www.glcnetworks.com
VLAN 20
VLAN 10
SITE B
Without and with VLAN
trunk
link
VLAN 10
SITE A
VLAN 20
VLAN 10
VLAN 20
www.glcnetworks.com
SITE B
How the trunk works?
Layer-2-header of outgoing packets at trunk port will be modified

The switch will add VLAN tag on the header
trunk
port
trunk
port
access
port
VLAN 10
SITE A
VLAN 20
VLAN 10
VLAN 20
www.glcnetworks.com
SITE B
Inter-VLAN communication
1 VLAN = 1 network segment = 1 network ID = 1 broadcast domain

Meaning: we need a router to route packets between VLAN
IP address on routers interfaces will become the gateway
access
port
access
port
trunk
port
access
port
VLAN 10
trunk
port
SITE A
VLAN 20
VLAN 10
VLAN 20
www.glcnetworks.com
SITE B
What If the router supports VLAN tag (trunk)?
VLAN routing can be done using only 1 port (1 cable)

We need to assign IP address on VLAN interface at the router
trunk port:
VLAN 10, 20
trunk
port
trunk
port
access
port
VLAN 10
SITE A
VLAN 20
VLAN 10
VLAN 20
www.glcnetworks.com
SITE B
What if the switch is a layer-3 switch?
Meaning: we dont need router to do inter-VLAN routing

Routing function can be done internally on switch. Meaning: the switch is a
router.
Layer-3 switch is more expensive -> note this!!
trunk
port
trunk
port
access
port
VLAN 10
SITE A
VLAN 20
VLAN 10
VLAN 20
www.glcnetworks.com
SITE B
A (very funny) story...
A client using layer-3-switches to build their internal network, and use

Mikrotik router to do inter-VLAN routing. whoops!!
Question: why do you buy a layer-3 switches then?
Congratulations to sales team ;-) well done..!!
trunk
port
trunk
port
access
port
VLAN 10
SITE A
VLAN 20
VLAN 10
VLAN 20
www.glcnetworks.com
SITE B
VLAN on Mikrotik
www.glcnetworks.com
VLAN on Mikrotik router
By default configuration, mikrotik is

a router (layer 3 device)
Mikrotik can do inter-VLAN routing
Without trunk
With trunk
Mikrotik can be configured to

become a layer 2 devices
There is a vlan facility on interface
menu for trunk port
www.glcnetworks.com
VLAN on Clour Router Switch (CRS)
Fully compatible with IEEE802.1Q and IEEE802.1ad VLAN

4k active VLANs
From any to any VLAN translation and swapping
1:1 VLAN switching - VLAN to port mapping
VLAN filtering
Flexible VLAN assignment:
Port based VLAN

Protocol based VLAN
MAC based VLAN
www.glcnetworks.com
Demo
www.glcnetworks.com
VLAN on Mikrotik router

Ether5 is used to route vlan 10 and 20:
/interface vlan add name=vlan10 vlan-id=10 interface=ether5

/interface vlan add name=vlan20 vlan-id=20 interface=ether5
www.glcnetworks.com
VLAN on CRS (port based vlan)

Configuration
Ether1: access port vlan10 -> slave port
Ether2: access port vlan20 -> slave port
Ether3: trunk port that allows vlan 10 and 20 -> master port
#setup VLAN group
/interface ethernet set ether1 master-port=ether3
/interface ethernet set ether2 master-port=ether3
#setup access port
/interface ethernet switch ingress-vlan-translation add ports=ether1 new-customer-vid=10 sa-learning=yes
/interface ethernet switch ingress-vlan-translation add ports=ether2 new-customer-vid=20 sa-learning=yes
#setup trunk port
/interface ethernet switch egress-vlan-tag add tagged-ports=ether3 vlan-id=10
/interface ethernet switch egress-vlan-tag add tagged-ports=ether3 vlan-id=20
#setup VLAN membership
/interface ethernet switch vlan add ports=ether3,ether1 vlan-id=10 learn=yes
/interface ethernet switch vlan add ports=ether3,ether2 vlan-id=20 learn=yes
www.glcnetworks.com
VLAN on CRS
www.glcnetworks.com
QA
www.glcnetworks.com
End of slides
Thank you for your attention

Please submit your feedback: http://bit.ly/glcfeedback
Like our facebook page: GLC networks
Stay tune with our schedule
www.glcnetworks.com

20160908vlanonmikrotik 160908193455

Diunggah oleh

Informasi Dokumen

Judul Asli

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

20160908vlanonmikrotik 160908193455

Diunggah oleh

Hak Cipta:

Format Tersedia

VLAN on Mikrotik

GLC webinar, 8 september 2016

Garda Lintas Cakrawala (www.glcnetworks.com)

Name: Achmad Mardiansyah

Please introduce yourself

What are mikrotik products?

What Router OS can do?

What are Mikrotik training & certifications?

Certificate validity is 3 years

VLAN (Virtual LAN)

Typical network, no internet

All computers just connect to one switch (concentrator)

Typical network, more switches, no internet

Network segment is extended

Typical network, with internet

Need a router to connect to other network (internet is a collection of networks)

Typical network, with segmentation and internet

A router is used to connect

What VLAN offers?

VLAN: a feature on layer 2 device (switch) which offers virtual segmentation

Access port -> to connect to end-devices

Without and with VLAN

How the trunk works?

Layer-2-header of outgoing packets at trunk port will be modified

1 VLAN = 1 network segment = 1 network ID = 1 broadcast domain

What If the router supports VLAN tag (trunk)?

VLAN routing can be done using only 1 port (1 cable)

What if the switch is a layer-3 switch?

Meaning: we dont need router to do inter-VLAN routing

A (very funny) story...

A client using layer-3-switches to build their internal network, and use

VLAN on Mikrotik router

By default configuration, mikrotik is

Mikrotik can be configured to

VLAN on Clour Router Switch (CRS)

Fully compatible with IEEE802.1Q and IEEE802.1ad VLAN

Port based VLAN

VLAN on Mikrotik router

/interface vlan add name=vlan10 vlan-id=10 interface=ether5

VLAN on CRS (port based vlan)

Thank you for your attention

Anda mungkin juga menyukai