Mikrotik CRS226. How to configure routing between VLANs and distribute the Internet?

A

Alexey Getun2016-11-29 16:42:42

Computer networks

Alexey Getun, 2016-11-29 16:42:42

Mikrotik CRS226-24G-2S
The task is defined in this way. Combine 2 ports in 10 networks, isolate from each other, DHCP for each network (if possible) and provide Internet access.
External DHCP xx10.1 issues the Internet to the address xx10.11
ether1-master - receives the Internet xx10.11
ether2-control - control, xx10.12
ether3-22 ports for the network must be divided according to the principle:
ether3, ether4 = xx101.0/ 24 - without Internet access
ether5, ether6 = xx102.0/24 - with Internet access
ether7, ether8 = xx103.0/24 - with Internet access
all subsequent networks with access to
...
ether23, ether24 - I think to organize a trunk on a similar device, but this topic is a separate article.
This is my first acquaintance with Mikrotik devices, according to online manuals I constantly run into two problems: lack of Internet in networks, CPU load.
I read quite a few manuals, please tell me where to look, how to file.
PS. don't even ask why it's like this - it's a legacy)

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

D

Dmitry Shitskov, 2016-11-29
@Zarom

You have CRS - it will be a little easier with them. Just combine all ports in pairs into "virtual switches", you can even do without VLANs, if their presence is not critical. Hang up on each "virtual switch" the DHCP.
On routing between subnets, you will run into the CPU - there's nothing you can do, this is an L2 switch with a router, in fact. Not the most powerful router. It remains to be hoped that there will not be so much traffic between subnets. You can try to stir up a little wiki.mikrotik.com/index.php?title=Manual:IP/Fasttr...
The absence of the Internet, I think, is due to the lack of configured NAT, DNS... whatever. You need to understand what is configured in order to say what is not configured.

A

Alexander Romanov, 2016-12-05
@moneron89

If I were you, I wouldn't do it all only on 226, but buy, for example, hEX. On 226, I just sorted out the vlans by ports, and on the router I would already set up routing and dhcp servers. Look at this solution, the new hEX r3 is inexpensive and quite good in terms of performance. 226, after all, a switch with all the consequences

W

Wexter, 2016-12-08
@Wexter

crs226 is not a router, it's an l3 switch and the firewall loads it very heavily, the ideal option would be access ports on crs226 and trunk to something more powerful, at least rb750 (G) r2 / r3.
The Mikrotik wiki has a fairly clear instruction for setting up vlan, it is better to read in English, it will be clearer
wiki.mikrotik.com/wiki/Manual:CRS_examples#VLAN

A

Alexey Getun, 2016-12-19
@atomcorp

everything has been set up and played for a couple of weeks now
, the main load of networks is the Internet, in terms of networks, internal high-load traffic
is a bundle of RB2011 (separation into two networks + nat for both) + 2x CRS226 (Switch Vlan 22pcs) option 1
Vlan = e1,e3,e4 / e1 ,e5,e6 / ...
- the minimum load on the box, an excellent option to share
one DHCP cabinets, networks do not see each other directly, the Internet is direct, Nat
2 Switch Vlan = e1 / e3,e4 / e5,e6 / ...
- the load is below average, the option of dividing offices
on each network has its own DHCP, networks do not see each other directly, the Internet via Nat, Nat
Vlan + Bridge = tried different docking options
- with a load of more than 5 networks and 3-5 devices in each, coupled with the main network, it already causes inconvenience, many
thanks to Dmitry Shitskov for the links and advice