Learn to configure VLANS on Mikrotik CSR3XX step by step. The main VLAN setting is vlan-filtering which globally controls vlan-awareness and VLAN tag processing in the bridge. #MikrotikTutorial #MikrotikVLANs #ConfigureVLANsMikrotik
Yes! I use CRS317, CRS305. I also use CCR2004, CCR1009 and RB760iGS (hex S). I also use some settings like Frame Types and Ingress Filtering. For blokcing the router the way it not route User Networks to Management VLAN it is possible to filter forward traffic going out through interface vlan-99, dropping it, and also add a rule to drop traffic incomming from interface that is not vlan-99 but is trying to go out via vlan-99? I think that whay if I forgot some user network, it will also work, is it right?
I used this config you teach on a mAP,RB433,RB2011 and a RB1200 (sort home network testlab) no firewall setup yet just want to get all under the belt first. Loved the vid helps alot
One of the best and clearest tutorials I saw at the Internet. I am system administrator of a network with a 500+ wired devices + 2000+ wireless devices. I have almost every mikrotik model in my network, from hap lite to a CRS317 (95 routers totally). VLANS on mikrotik devices are a really pain in the ass, to say truth. So many different ways to configure on different devices, its just blows my head.
I"m also a Cisco guy, and purchased the CRS328 series a few years back. This is a complete and excellent guide for configuring VLANS on the Mikrotik CRS3XX. I'm using Port aggregation as well, and if you can create another video about that, I'm sure others besides myself would be ecstatic. Thank you for the informative guide. Job well done!
After many hours of watching youtube videos and reading tutorials about VLAN's and bridges, this is the first video that I was able to follow and make it all work. Thank you for the clearness of the explanation and the right pace for it. Thank you!
Thanks for the great tutorial. It would be great to talk about loopback protection and other steps that are used in practice when configuring access switches.
Just WOW! So simple explanation how to deal with Mikrotik VLANs, bridge and a specially adjusting inter-VLAN communication with firewall. EXCELLENT JOB! Thanks!
Thanks, Mr. Wilmer Almazan you literally saved me my job. This video really helped me get my network up and running. I remember your 5 steps really well. Thanks alot.
Extremely useful, thank you so much for having shared this. I was searching around how to configure my Mikrotek (CRS-305) for several VLAN switch for hours and hours until I found your explanation... crystal clear. Now everything works as intended, solving a problem running for months. I followed your explanations, step by step et voila! If you want to play safe, detach the management interface (eth1 on CRS-305) from the bridge. After that, whatever mistake you do, you are not disconnected. Leave all 10G on the bridge.
dude, this was very usefull and helps me a lot ! i switch my lab from cisco to mikrotik and your video was really awesome and exactely what i needed to know. :)
Thank you taking the time to explain how the Mikrotik 300 series works been scratching my head now for couple days trying to grasp concepts around how this switch handles VLANS, been watching variety of different videos which doesn't on this particular switch thanks once again.
13:40 is a very important detail. Add the bridge itself to the management vlan. The lack of this step was driving me crazy as the switch was acting very erratic. Thanks for this video.
Muchas gracias por el video. Me salvó la tanda. NO sabía que había diferencia entre tener 1 o varios bridge, y tenía un uso de CPU de 100%. Siguiendo estas instrucciones pasé a 20% de uso CPU. Un tico por acá. Gracias mae!
I just started watching and I really like your approach. You clearly stating what the plan is and doing it on the actual hardware. Subscribed and hoping you have more content
Best tutorial ever ! I shall add info on improvement with this config (since now been using separate bridges and vlan interfaces - but crs326-24s-2q+ made maximum 320 mbit/s throughput till 100% cpu) i need to achieve at least 0,9 gbit/s throughput via vian/1gbit/s sfp
thank thank you very much, it's a big advantage for us to know this technics about vlan, for future expansion of our network i will apply this method .....thank you very much and more power😊😊😊😊👍👍👍👍👍👍
Great Video, thank you sir. Was able to create 2 SSID's on mikrotik ap and assign vlan to both using same config as what you have shown in switch configuration. Much appreciated.
This was totally amazing. I have watched many vlan videos and this was the best. One question, I am struggling with the concept of what a bridge is and why we need it.
Sir, you have ended my search for the ultimate guide on how to configure my new RB4011 and CRS328 with VLANs!!! Subscribed and looking forward to all new material - after I watch all your other videos. Can't thank you enough. Greetings from Oz.
@@firefly2472 I wish I could say I have been totally successful. To date, still don't have Vlans running. Still get caught up with the Management Lan settings because all network items already have an IP and are all operational.
It's a very good explanation and gives an excellent way to configure VLANs. I'm in the process of testing this in the case of a trunk (uplink or downlink from another switch) when there is a bonding interface of two ethernet ports. I hope this same schema works with bonding.
@@TheNetworkTrip I did the lab yesterday and worked just fine. I simply put the bonding interface in the bridge instead of the ethernet interfaces forming the bonding. Thank you again for your explanation.
Thanks for posting this; very useful for getting my head around a different vendor implementation. One gotcha I discovered - in case it's useful for others - is that at 13:24 if you add the bridge interface as untagged for the management vlan instead of tagged, the IP address you assign to the Interfaces/Vlan interface is not reachable and when you then turn on vlan-filtering on the bridge, you lose all access to the device and (unless you have a serial cable) have to factory reset it by holding down the reset button until the "user" light flashes while turning on the box. If you assign an IP to a physical interface, it gives you a backup way to access it while you're testing this. You can remove it once you know the proper IP is accessible.
Your scenario can work but you are missing a step. The same as settings an access port, if you set a port as untagged, you must also put a PVID on it. On the bridge itself, where you turn on VLAN Filtering, you can also set a PVID on the bridge itself.
Hi Gareth, thank you for your comment. I've just checked the video but actually, the bridge is under the tagged section: ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-YLtGQAQ8iS0.html Completely agree with you about having one physical interface out of the bridge to avoid the risk of being locked out.
Hey All, I loved this guide, it was truly the best, but its missing some context. The issue they wasn't obvious is that he is using native VLAN 1 in his VLAN filtering. This caused me a huge issue. The default VLAN wasn't allowed on router where I had the CRS310 ethernet 1 port plugged into. VLAN1 is the default on the MikroTik and was causing the switch to respond on the management port only, but not allow communication to any other device. I noticed some of the VLAN IDs were excluded, but I ended up tagging my bridge port that was trunking VLANs to the PVID I needed. Thank you Wilmer for your expertise, I wouldn't have had a clue where to start.
Extending my thanks for explaining VLAN configurations this makes sense tried many other tutorials from youtube this one works the best everyone all other are complete jokes.
Just a quick point - if your device has a switch chip, you should be creating your VLANs there instead for full hardware speed. It is pretty easy to tell if you do, there is an extra menu item in the sidebar 'Switch', usually between 'PPP' and 'Mesh'.
Just got here looking to properly understand VLANs the Mikrotik way, your channel is impressive! Do you have a video on how to configure VLANs in devices without a switch chip?
Sir, I must say that this is the best of the best tutorial of Mikrotik VLAN I have ever seen. Using same scenario Could you please also let us know how we can assign an IP address to all the vlans on a CRS (not the management vlan) ?
Been playing a few hours today with a 4011 and a crs326. Got this working now. Now lets do all the other things :p (Lots of hours this take to learn :)
Qué modelo de laptop utilizas para virtualizar o que modelo recomendarías? Escritorio o laptop? Cual recomiendas utilizar SwitchOS o RouterOS cuál consideras más estable? En mi opinión RouterOS es más estable que SwitchOS. Buen video 👌 buena idea hacer este tipo de tutoriales ya que Mikrotik se complica mucho para configurar vlan a diferencia de otros fabricantes.
Hola Wilmer, excelente tutorial, funciona perfectamente, solamente tuve un detalle al querer conectar dos switches (1 CRS328 y 1 CSS326) funcionan bien sobre puertos ethernet, pero no así en SFP+ (jumper, hay alguna configuración extra para poder hacer que funcionen sobre SFP+, saludos y gracias por los tutoriales que verdaderamente funcionan.
Great explanation Sir, could you add a bit more example, if CCR port ether2 connect to other CRS-3, ether3 connect to RB2011(working as switch and cap)
Hola Wilmer, escelente informacion muchas gracias por compartir. quisiera preguntarte, si estoy usando el PVID=1 del Bridge como vlan de administracion desde un Router, el proceso de configuracion en el CRS1XX cambia algo??
Hi, first and foremost - thanks for this great video - as lots of the other comments state, this is high quality content. As I need to rework and dig a bit deeper in my local network I need to get an overview, so I need some tool to draw a map. Is the tool you used free? And what's the name? Besides that, are you planning on creating a tutorial on port forwarding AND hairpin NAT, so that ports published to the internet are also properly reachable from the internal network?
Hi! Congrats for the clarity & the professionalism of this video. Maybe a stupid question: is it possible to make "CRS326-1" perform the "Router" tasks (so merging those 2 devices)? At first sight, it is difficult since a vlan interface must be dedicated to a single port so it could be limitative...
HI Alexandre, thank you. The CRS can be use for routing if the traffic is below 400Mbps. I won't recommend a CRS device in an environment with hundreds of users and high throughput. You can get an idea about the performance in the tests shown here: mikrotik.com/product/crs326_24s_2q_rm#fndtn-testresults
