Video tutorials about networking, cloud computing, and network security. One new video every week. Covering configuration on Cisco, Fortinet, Mikrotik, Ubiquiti and much more.
Great video 👍. I am doing BGP vpn4 with a route reflector going to edge routers. Cust1 site 1 and site 2. How do you redistribute default route to VRFs in Rosv7? In Rosv6 i just reference the main RT but it does not work in v7.
@@TheNetworkTrip So, can you set it on, say, a hap ac2 [I use it just as a switch at home too, and let a firewall doing routing and being a gateway to internet ]? By the way, what is the proper protocol for redundancy on switches? Thanks
Thanks for this video! If I were to add a second router, you mentioned I have to repeat the process for that one. But since we now have a 2x2 connection between 4 devices, does that mean that we need both MLAG and LACP on each system? I tried setting this up, but it fails because the interfaces are then already part of a bond.
MVRP is a standard protocol used to dynamically register and propagate VLANs across switches automatically. When a device connects, MVRP registers the necessary VLANs on the relevant ports, making VLAN management more dynamic and flexible in multi-vendor networks. In contrast, VTP is Cisco-only and relies on a centralized server to push VLAN configurations across the network. MVRP simplifies VLAN registration, while VTP centralizes it.
Absolutely! As long as the client has IP connectivity to the MikroTik VPN server, you can successfully set up and test an L2TP/IPsec VPN using private IP addresses. Just ensure all configurations, including firewall settings and user credentials, are correctly set up for a smooth connection.
Hello! That’s possible but the dynamic access port would be created via 802.1x, then, MVRP will help with the trunk links. I’ll make a video about that, that’s an interesting topic.
I have 2 sw(sw1 ------peer----- sw2) mlag setup to core sw. Now i need to add my new aggregation layer with 2 new switches. So my question is... Can I connect another mlag domain new Sw10---peer----Sw11 and setup new mlag to core sw. Sw10,11 will be aggregqtion level and all sw will be connected via mlag lacp connection. Can I do like that or loop will be created? Thx Same network
Hello! Yes, you can set up the MLAG between SW10 and SW11 to the core via LACP without creating loops, as long as MLAG and LACP are correctly configured.
thank you very much for your response. The thing is that only by enabling that option can my local IP addresses access my web server, but I don't understand why? I would like to know how that option behaves. I would like to understand it, but if it is something that requires consulting and payment, how can we do it?
I configure bridge filter with vlans and as well L3 Hardware Offloading But no internet output from vlans till I disable L3 Hardware Offloading. Do you have an idea what is the issue Router Ccr2116-12g-4s Note : all vlans and Ethernet are under the bridge port. Thank you
If that device is performing NAT, the outside interface must be outside of the bridge. You can enable FastTrack and L3 hardware offloading on the firewall to offload the NATted traffic.
I am using hotspot services as a small ISP. NAT must be there, so I dont think that L3 Hardware Offloading is compitable with hotspot since it's working with NAT. Fasttruck will disable the limit of data usage of users, it mean,hotspot users will have UNLIMITED data.
Hello! This protocol is used if you have multiple switches and VLANs. MVRP helps to configura the trunk interfaces dynamically instead of doing it manually.
@@TheNetworkTrip ok, but do I have to make the vlan number as access on the port myself? if I have to have vlan number 30 on port 4, will it be the same on every SW?
Yes, we must configure the access ports manually. That's a desicion of the network admin, which vlan will be available at every access port. If we have dozens of switches, we can use automation (Python, Ansible) to send the commands to every device via the management IP.
Mr. Almazan, I know you turned on filtering for the two switches after configuring and testing. But what about the router, should it have it's filtering turned on or leave it off? Thank you, again for such a great step-by-step vlan tutorial using the MikroTiks GUI.
Hello! Everything in the video is valid for RouterOS 7 (I’m actually using v7 in my demo). Please review the video and logic again. If you have any specific questions, feel free to let me know.
is it possible to somehow propagate those mac adresses to other devices? i mean say i have router that does dhcp but users are connected through big switch, those who didn't get ip from dhcp will not be able to communicate with router but still they will be allowed by the switch, and will be able to connect/attack to other users. is it possible for a router to send to a switch his mac table to make security tighter?
So, is there possible to run 2 dhcp-server? Keep the first one, setting this way showed in the video and another dhcp to lease to a guest just to using internet with route rules settings. This video open the mind to improve. The only drawback is that is need to add a new device manually on arp table to keep them on LAN. Good video, thanks !!!!
What's your go-to strategy for securing your network? Have you tried using DHCP and ARP on MikroTik devices to prevent intrusions? Let me know in the comments!
MTCNA MTCRE MTCSE MTCTCE. Now i want to get Switching and second level routing )) After learning Mikrotik, network devices separated into 2 categories. Mikrotiks and other staff )) By the way thank you very much for your videos
That's an impressive MikroTik cert collection! MTCNA, MTCRE, MTCSE, MTCTCE - you're practically a MikroTik maestro! I can totally relate to that feeling of MikroTik being in a league of its own. It's such a versatile and powerful platform. Best of luck on your Switching and advanced routing journey! And thank you for the kind words about the videos - that means the world! 🙏
Hey everyone! Static ARP can boost security, but don't rely on it alone! Let's discuss static ARP's pros, cons, and how to use it with other features like port security and firewall rules for a truly secure network!
thanks so much for sharing the knowdge........ I have ccr2116 and as you kno that every 4 ports are connected into one pin to switch chip , can I put 8 ports under one bridge..? Thanks in advance
Hello! The CCR2116 has all ports, except ether 13, connected to the switch chip, as shown here: cdn.mikrotik.com/web-assets/product_files/CCR2116-12G-4S_240122.png You can safely add all those ports to the same bridge and use either L2 or L3 hardware offloading. I have a video on L3 hardware offloading where I demonstrate the actual configuration process.