VLANs, pt.2: vlan-filtering and management VLAN

To say truth, after 10+ years working in IT, this configuration method still blows my head :-)

OstJoker

I love this video as well as every video you have made. I think it would be even more helpful to see every CLI command you write in an adjacent window at the same time as the result in a GUI. In complex videos like the one with VLANs, we have to do them in the lab and see the result in a GUI to be sure that we understood. You do a great job with the videos and we learn new tricks.

mirmigois

Hello, I've never before seen such complicated routers to handle things like VLAN trunking and inter-VLAN routing. That "bridge" concept and the docs are blowing my mind. On the other side, I must admit this video adds a bit of sense to it, and your way of explaining it are really helping people like me that were about to give up 😂
Thank you❤

jeremylemans

This is a great overview and tutorial for how VLANs work on RouterOS. I feel like I understand it all much better now. Thanks especially for including the MGMT configuration and demonstrating HW offload + CPU access works with a practical example.

zacharysmith

You should create a topic on the MikroTik forum to cover the VLAN mini-series, and post exports of the sample configurations for reference.

I also think an additional video where you configure the hAP ac2 with a trunk link to the CRS326 would be useful. Then the hAP ac2 should be configured to do inter-vlan routing, as well as provide dhcp server, internet access and firewall configured on the hAP ac2. Then demonstrate how devices connected to the different vlans can communicate with each other via the hAP ac2. Possibly configure a "guest vlan" that can not establish a connection to a "trusted" vlan, but the trusted vlan can connect to a device on the guest vlan, the return traffic being allowed by an established/related rule in the forwarding chain.

Then configure a vlan-filtered bridge on the L009 with access ports for each vlan. This should then act as another vlan-aware switch, with a management connection on vlan 99, but no other vlan interfaces.

Then show that the access ports on the L009 can communicate with the the access ports on the CRS326 and CRS112, and as long as they are in the same vlan, that no (significant) CPU resources are used.

A bonus would be configuring wifi on the hAP ac2 with different SSIDs, and how the access ports associated with each vlan/SSID can communicate.

jonpinkley

wow! you have done a great job, thank you! add that "bridge ports = ingress, bridge vlan= egress" to the wiki

crapAllBusy

One of the best explanations for begginers that get to see. In my work field we use this exact settings in action in a very poppulared hotel

Well done saving me hours of explanation from my superior that i couldn't undestand without trainning

ΔημητρηςΧαριτακης-υη

I want to clarify that your work is very much appreciated by me

francescocuscito

Thank you so much! I was struggling to get a hAP ax2 to trunk on an interface and have the two different WiFi interfaces on different VLANs, etc. This video and your showing the configuration as you built it helped me to understand *where* in the GUI (Winbox) I needed to set the VLANs and what options vlan-filtering and ingress-filtering. There are just too many ways to go wrong in the GUI. I think in the future, I'll be using the CLI to manage my hAP.

MrHacross

Very well done. It solves completely my basic problem of trunking two devices throough a fiber connectin. Very professional.

giovannifranza

Nice video, exactly what I have looking for quite some time. I manage a broad variety of devices and always got stock with vlans. Now I do inderstand the, better. Thanks a lot.

cryozap

I would like to add (after 3 hours of looking everywhere in my router and firewall config) that in order to reach the switch on the management ip from another network (routed), you need to add a default route for the management vlan interface in the switch. So 0.0.0.0/0 -> gateway of management network. Or use masquerade on the management vlan interface of the router to simulate being in the same network.
The default route can be automatically added when using dhcp client for the assignment of the management ip, but not for statically assigned ones.

loudnessjero

thanks for a great video on a topic which bugged me for some years where i could have used that video to save me a lot of mind-lock-ups xD
i had to figure it out mostly with the old docs and by trail and error :)

great for beginners and users new to VLANs in ROS!

drumaddict

Thanks! Please, can you make a video about vlans, qos and multiple ssid ? It might be useful to separate lan access, iot devices, media devices, etc

giuliano

Nice, detailed video. I run similar setups, but this is a very clear description of the CRS configurations.

HiltonT

Thanks so much for this video, it did clarify a lot or questions I had about VLAN setup in Mikrotik

vhaelanvhaelan

Pretty useful, specially for the non bridge vlan filtering method (CRS1xx, CRS2xx with HW), that is most of the times missed in examples.

javierhorrillo

Thanks for the great video ! would be nice to see how to config a wifiwave2 AP with vlans, i.e Router (CAPsMAN) + Switch + wifiwave2 AP.

mjsun

15:38 why that is so? Why the software can't do it at the same way like on the bigger switches?

m-electronics

Hi,
that video helped a lot.
if i have a port to the internet i handle it like a trunk port on the bridge?

コトセキ