The 1st type of VLAN that we have available on MikroTik Switches is Port-Based VLAN.
As its name mentions, the VLAN tag is added to the frame coming to the port of the switch using what we can “pvid”. This is exactly what we have seen up to now, when the frame comes to a port from an end device it will be tagged and when it leaves the port to an end device, it will be un-tagged.
Port-Based VLAN is one of the most common VLAN types used nowadays.
To configure Port-Based VLAN, it differs from one MikroTik Switch model to another. In this course, I will be focusing only on configuring MikroTik CRS3xx Switches.
MikroTik provides us with different ways to configure VLANs. However, the best way is to use the Bridge VLAN filter where all traffic will be hardware-offloaded which means that the traffic will not go to the CPU. However, to mention here, if you want that all your traffic to be hardware-offloaded, you should use only 1 bridge interface. In case you create 2 or more bridges, then interfaces that belong to the 2nd bridge will not be hardware offload but software ones, which means that the traffic will have to go to the CPU. Also, when using bridge VLAN filtering, we will profit from all other features that are available on the switch chip such as IGMP snooping, DHCP snooping, RSTP, MSTP, etc….
So now we understand what Port-Based VLAN is, let’s do a LAB so we can have more information on how to configure it on a CRS3xx series switch.
LAB: Port-Based VLAN
I have 2 CRS3xx series switches connected to each other on Ether1. On SW1 and SW2, Ether1 should be the trunk port and Ether2 and Ether3 should be the Access port in which Ether2 will be on VLAN20 and Ether3 on VLAN30.
Then I am going to create 2 DHCP servers on R1 on Ether2 and Ether3 and will see if Ether2 and Ether3 of R2 will receive IPs from the DHCP servers created on R1.
We will start by configuring the ports on SW1 and SW2 as Trunk and Access ports.
On both SW1, will create a bridge interface and put inside it Ether1, Ether2 and Ether3 (be sure that hardware offload is checked on all added interfaces)
Adding ports to the bridge interface on SW1
[mepr-show rules=”319″ unauth=”message”]
Adding ports to the bridge interface on SW2
Let’s start configuring VLAN’s on SW1 then we copy the same configuration to SW2.
I go to the bridge then to port Ether2 and I give it a pvid of 20
I will do the same on port Ether3 but will give it a pvid of 30
Now I need to tell the SW1 which port is Trunk and which port is accessed and on which VLAN. Remember Ether1 should be the trunk, and Ether2 should be accessed on VLAN 20 and Ether3 should be accessed on VLAN 30.
The last step is to enable VLAN filtering on the bridge. Be careful when you enable it to be sure that all your configuration is correctly done because you may lose connectivity to the Switch. Also, it is required that you always have a backup port on the switch which you can use to access it in case you lose connectivity to it from the VLAN filtering:
I am done on SW1. As the configuration is identical on SW1 and SW2, I will copy and paste the configure from SW1 to SW2 (you can re-do the same steps on SW2 as to what was done on SW1)
Now I have done the configuration for both SW1 and SW2. Let’s configure the DHCP server on R1 on interfaces Ether2 and Ether3, then see if R2 will receive the IP addresses correctly from it.
Let’s put an IP address on Ether2 of 10.20.20.1/24 and on Ether3 10.30.30.1/24
Now let’s configure the DHCP server on Ether2
Will do the same on Ether3.
The result will be:
Excellent!!!! Let’s see now if R2 will receive an IP address on Ether2 from the range of 10.20.20.x/24. To do this, we will need to enable the DHCP client on R2. Let’s do that:
Guess what? R2 has received an IP address on its interface Ether2 from the range that it should receive from which is 10.20.20.x/24. As you can see in the picture below:
What about Ether3? Let’s enable the DHCP client on it and see if it will receive an IP from the DHCP server on R1 from the range of 10.30.30.x/24
And the result? Indeed, it has received an IP from the DHCP server on range 10.30.30.x/24.
Excellent!!! So this is how you can configure Port-Based VLAN on CRS3xx switches.
As the Lab is still connected, I would like to explain and do a LAB in the upcoming lecture about Q-in-Q using the LAB that we have currently used for the Port-Based VLAN. Then after that, we can speak about the MAC-based VLAN.
[/mepr-show]
0 Comments