Sei sulla pagina 1di 30

VLAN on Mikrotik

GLC webinar, 8 september 2016

Achmad Mardiansyah achmad@glcnetworks.com GLC Networks, Indonesia

GLC webinar, 8 september 2016 Achmad Mardiansyah achmad@glcnetworks.com GLC Networks, Indonesia www.glcnetworks.com

Agenda

● Introduction

● VLAN

● VLAN on mikrotik

● Demo

● Q & A

What is GLC?

● Garda Lintas Cakrawala (www.glcnetworks.com)

● An Indonesian company

● Located in Bandung

● Areas: Training, IT Consulting

● Mikrotik Certified Training Partner

● Mikrotik Certified Consultant

● Mikrotik distributor

Mikrotik Certified Training Partner ● Mikrotik Certified Consultant ● Mikrotik distributor www.glcnetworks.com 3
Mikrotik Certified Training Partner ● Mikrotik Certified Consultant ● Mikrotik distributor www.glcnetworks.com 3
3
3
Trainer Introduction

Trainer Introduction

Trainer Introduction ● Name: Achmad Mardiansyah ● Base: bandung, Indonesia ● Linux user since ’99 ●

● Name: Achmad Mardiansyah

● Base: bandung, Indonesia

● Linux user since ’99

● Certified Trainer (MTCNA/RE/WE/UME/INE/TCE)

● Mikrotik Certified Consultant

● Work: Telco engineer, Sysadmin, PHP programmer, and Lecturer

● Personal website: http://achmad.glcnetworks.com

● More info:

http://achmad.glcnetworks.com ● More info: http://au.linkedin.com/in/achmadmardiansyah www.glcnetworks.com 4
http://achmad.glcnetworks.com ● More info: http://au.linkedin.com/in/achmadmardiansyah www.glcnetworks.com 4
4
4

Please introduce yourself

● Your name

● Your company/university?

● Your networking experience?

● Your mikrotik experience?

● Your expectation from this course?

Your networking experience? ● Your mikrotik experience? ● Your expectation from this course? www.glcnetworks.com 5
Your networking experience? ● Your mikrotik experience? ● Your expectation from this course? www.glcnetworks.com 5
5
5

What is Mikrotik?

● Name of a company

● A brand

● A program (e.g. mikrotik academy)

● Headquarter: Riga, Latvia

● Name of a company ● A brand ● A program (e.g. mikrotik academy) ● Headquarter:
of a company ● A brand ● A program (e.g. mikrotik academy) ● Headquarter: Riga, Latvia
of a company ● A brand ● A program (e.g. mikrotik academy) ● Headquarter: Riga, Latvia
6
6

What are mikrotik products?

● Router OS

○ The OS. Specialized for networking

● RouterBoard

○ The hardware

○ RouterOS installed

○ Website: www.routerboard.com

● RouterBoard ○ The hardware ○ RouterOS installed ○ Website: www.routerboard.com www.glcnetworks.com 7
● RouterBoard ○ The hardware ○ RouterOS installed ○ Website: www.routerboard.com www.glcnetworks.com 7
7
7

What Router OS can do?

● Go to www.mikrotik.com

○ Download: what_is_routeros.pdf

○ Download: product catalog

○ Download: newsletter

● Go to www.mikrotik.com ○ Download: what_is_routeros.pdf ○ Download: product catalog ○ Download: newsletter
○ Download: what_is_routeros.pdf ○ Download: product catalog ○ Download: newsletter www.glcnetworks.com 8
○ Download: what_is_routeros.pdf ○ Download: product catalog ○ Download: newsletter www.glcnetworks.com 8
○ Download: what_is_routeros.pdf ○ Download: product catalog ○ Download: newsletter www.glcnetworks.com 8

8

○ Download: what_is_routeros.pdf ○ Download: product catalog ○ Download: newsletter www.glcnetworks.com 8

What are Mikrotik training & certifications?

Certificate validity is 3 years
Certificate validity is 3 years
What are Mikrotik training & certifications? Certificate validity is 3 years www.glcnetworks.com 9
What are Mikrotik training & certifications? Certificate validity is 3 years www.glcnetworks.com 9
What are Mikrotik training & certifications? Certificate validity is 3 years www.glcnetworks.com 9
9
9

VLAN (Virtual LAN)

VLAN (Virtual LAN) www.glcnetworks.com

Typical network, no internet

● All computers just connect to one switch (concentrator)

● One network segment

internet ● All computers just connect to one switch (concentrator) ● One network segment SITE A
internet ● All computers just connect to one switch (concentrator) ● One network segment SITE A

SITE A

Typical network, more switches, no internet

● Network segment is extended

● Still one network segment, single broadcast domain

● Network segment is extended ● Still one network segment, single broadcast domain SITE A www.glcnetworks.com
● Network segment is extended ● Still one network segment, single broadcast domain SITE A www.glcnetworks.com

SITE A

SITE B

Typical network, with internet

● Need a router to connect to other network (internet is a collection of networks)

ISP

Need a router to connect to other network (internet is a collection of networks) ISP SITE

SITE A

SITE B

Typical network, with segmentation and internet

● A router is used to connect between networks

ISP

with segmentation and internet ● A router is used to connect between networks ISP SITE A
with segmentation and internet ● A router is used to connect between networks ISP SITE A
with segmentation and internet ● A router is used to connect between networks ISP SITE A

SITE A

SITE B

What VLAN offers?

VLAN: a feature on layer 2 device (switch) which offers virtual segmentation on physical switch

● The segmentation can be extended to other switch using “trunk” link. Borrowed from telco terms “trunk”, a link to connects 2 telco exchanges

● Port type: ○ Access port -> to connect to end-devices ○ Trunk port ->
● Port type:
○ Access port -> to connect to end-devices
○ Trunk port -> to connect to other VLAN switch
trunk
trunk
port
port
access
port
trunk
VLAN 10
VLAN 20
VLAN 10
VLAN 20
line
trunk trunk port port access port trunk VLAN 10 VLAN 20 VLAN 10 VLAN 20 line

SITE A

SITE B

Without and with VLAN

Without and with VLAN trunk link VLAN 10 VLAN 20 VLAN 10 VLAN 20 SITE A
Without and with VLAN trunk link VLAN 10 VLAN 20 VLAN 10 VLAN 20 SITE A
Without and with VLAN trunk link VLAN 10 VLAN 20 VLAN 10 VLAN 20 SITE A
Without and with VLAN trunk link VLAN 10 VLAN 20 VLAN 10 VLAN 20 SITE A
Without and with VLAN trunk link VLAN 10 VLAN 20 VLAN 10 VLAN 20 SITE A

trunk

link

Without and with VLAN trunk link VLAN 10 VLAN 20 VLAN 10 VLAN 20 SITE A
Without and with VLAN trunk link VLAN 10 VLAN 20 VLAN 10 VLAN 20 SITE A

VLAN 10

Without and with VLAN trunk link VLAN 10 VLAN 20 VLAN 10 VLAN 20 SITE A

VLAN 20

VLAN 10

VLAN 20

Without and with VLAN trunk link VLAN 10 VLAN 20 VLAN 10 VLAN 20 SITE A
Without and with VLAN trunk link VLAN 10 VLAN 20 VLAN 10 VLAN 20 SITE A

SITE A

SITE B

How the trunk works?

● Layer-2-header of outgoing packets at trunk port will be modified ● The switch will
● Layer-2-header of outgoing packets at trunk port will be modified
● The switch will add VLAN tag on the header
trunk
trunk
port
port
access
port
VLAN 20
VLAN 10
VLAN 20
VLAN 10

SITE A

SITE B

Inter-VLAN communication

● 1 VLAN = 1 network segment = 1 network ID = 1 broadcast domain
● 1 VLAN = 1 network segment = 1 network ID = 1 broadcast domain
● Meaning: we need a router to route packets between VLAN
● IP address on router’s interfaces will become the gateway
access
port
access
port
trunk
trunk
port
port
access
port
VLAN 20
VLAN 10
VLAN 20
VLAN 10

SITE A

SITE B

What If the router supports VLAN tag (trunk)?

● VLAN routing can be done using only 1 port (1 cable)

● We need to assign IP address on VLAN interface at the router

trunk port: VLAN 10, 20 trunk trunk port port access port VLAN 10 VLAN 20
trunk port:
VLAN 10, 20
trunk
trunk
port
port
access
port
VLAN 10
VLAN 20
VLAN 10
VLAN 20

SITE A

SITE B

What if the switch is a layer-3 switch?

● Meaning: we dont need router to do inter-VLAN routing

● Routing function can be done internally on switch. Meaning: the switch is a router.

● Layer-3 switch is more expensive -> note this!! trunk trunk port port access port
● Layer-3 switch is more expensive -> note this!!
trunk
trunk
port
port
access
port
VLAN 10
VLAN 20
VLAN 10
VLAN 20
note this!! trunk trunk port port access port VLAN 10 VLAN 20 VLAN 10 VLAN 20

SITE A

SITE B

A (very funny) story

● A client using layer-3-switches to build their internal network, and use Mikrotik router to
● A client using layer-3-switches to build their internal network, and use
Mikrotik router to do inter-VLAN routing. whoops…!!
● Question: why do you buy a layer-3 switches then?
Congratulations to sales team… ;-) well done !!
trunk
trunk
port
port
access
port
VLAN 20
VLAN 10
VLAN 20
VLAN 10

SITE A

SITE B

VLAN on Mikrotik

VLAN on Mikrotik www.glcnetworks.com

VLAN on Mikrotik router

● By default configuration, mikrotik is a router (layer 3 device)

● Mikrotik can do inter-VLAN routing

○ Without trunk

○ With trunk

● Mikrotik can be configured to become a layer 2 devices

● There is a vlan facility on interface menu for trunk port

configured to become a layer 2 devices ● There is a vlan facility on interface menu

VLAN on Clour Router Switch (CRS)

● Fully compatible with IEEE802.1Q and IEEE802.1ad VLAN

● 4k active VLANs

● From any to any VLAN translation and swapping

● 1:1 VLAN switching - VLAN to port mapping

● VLAN filtering

● Flexible VLAN assignment:

○ Port based VLAN

○ Protocol based VLAN

○ MAC based VLAN

filtering ● Flexible VLAN assignment: ○ Port based VLAN ○ Protocol based VLAN ○ MAC based

VLAN on Mikrotik router

Ether5 is used to route vlan 10 and 20:

● /interface vlan add name=vlan10 vlan-id=10 interface=ether5

● /interface vlan add name=vlan20 vlan-id=20 interface=ether5

vlan-id=10 interface=ether5 ● /interface vlan add name=vlan20 vlan-id=20 interface=ether5 www.glcnetworks.com
vlan-id=10 interface=ether5 ● /interface vlan add name=vlan20 vlan-id=20 interface=ether5 www.glcnetworks.com

VLAN on CRS (port based vlan)

Configuration Ether1: access port vlan10 -> slave port Ether2: access port vlan20 -> slave port Ether3: trunk port that allows vlan 10 and 20 -> master port

#setup VLAN group /interface ethernet set ether1 master-port=ether3 /interface ethernet set ether2 master-port=ether3

#setup access port /interface ethernet switch ingress-vlan-translation add ports=ether1 new-customer-vid=10 sa-learning=yes /interface ethernet switch ingress-vlan-translation add ports=ether2 new-customer-vid=20 sa-learning=yes

#setup trunk port /interface ethernet switch egress-vlan-tag add tagged-ports=ether3 vlan-id=10 /interface ethernet switch egress-vlan-tag add tagged-ports=ether3 vlan-id=20

#setup VLAN membership /interface ethernet switch vlan add ports=ether3,ether1 vlan-id=10 learn=yes /interface ethernet switch vlan add ports=ether3,ether2 vlan-id=20 learn=yes

VLAN on CRS

VLAN on CRS www.glcnetworks.com

End of slides

● Thank you for your attention

● Please submit your feedback: http://bit.ly/glcfeedback

● Like our facebook page: “GLC networks”

● Stay tune with our schedule