Mooo.com

Mikrotik

How to make 2 vlan in mikrotik

Here is a very basic exemple on the hEXs with 2 vlans
Network A vlan111 10.10.111.0/24
Network B vlan222 10.10.222.0/24

Step 1: Create bridge

Code: Select all
/interface bridge
add name=bridge1

Step 2: Create VLAN’S

Code: Select all
/interface vlan
add interface=bridge1 name=vlan111 vlan-id=111
add interface=bridge1 name=vlan222 vlan-id=222

Step 3: Assign IP-Address

Code: Select all
/ip address
add address=10.10.111.1/24 interface=vlan111 network=10.10.111.0
add address=10.10.222.1/24 interface=vlan222 network=10.10.222.0

Step 4: Create DHCP-Server

Code: Select all
/ip pool
add name=dhcp_pool1 ranges=10.10.111.100-10.10.111.199
add name=dhcp_pool2 ranges=10.10.222.100-10.10.222.199
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=vlan111 name=dhcp1
add address-pool=dhcp_pool2 disabled=no interface=vlan222 name=dhcp2
/ip dhcp-server network
add address=10.10.111.0/24 dns-server=10.10.111.1 gateway=10.10.111.1
add address=10.10.222.0/24 dns-server=10.10.222.1 gateway=10.10.222.1

Step 5: Allow DNS-Request

Code: Select all
/ip dns
set allow-remote-requests=yes

Step 6: Assign Bridge vlan
This is the “tricky” part and work in connection with Step 7 (pvid)

Code: Select all
/interface bridge vlan
add bridge=bridge1 tagged=bridge1,ether5 untagged=ether2 vlan-ids=111
add bridge=bridge1 tagged=bridge1,ether5 untagged=ether3,ether4 vlan-ids=222

Step 7: Assign Interfaces to bridge

Code: Select all
/interface bridge port
add bridge=bridge1 interface=ether2 pvid=111
add bridge=bridge1 interface=ether3 pvid=222
add bridge=bridge1 interface=ether4 pvid=222
add bridge=bridge1 interface=ether5

Step 8: Activate vlan-Filtering

Code: Select all
/interface bridge set bridge1 vlan-filtering=yes

et voila !!

In the following exemple
-> If you plug in your PC in port ether2 you will be in vlan111 and get an IP of 10.10.111.X
-> if you plug in your PC in port ether3 or 4 you will be in vlan222 and get an IP of 10.10.222.X
-> if you plug in your PC in port ether5 you won’t obtain any IP, except if you manually set a VLAN-Tag (111 or 222)
-> Ether5 is more of a typical configured for a Switch or an Wireless-Anntenna.
-> ether2,3 and 4 is more of a typical Access-point (PC and co..)

Related Post

Mikrotik Tutorial

Redirect Port di Mikrotik

Tinggalkan Balasan

Alamat email Anda tidak akan dipublikasikan. Ruas yang wajib ditandai *