Mikrotik VLAN forwarding?

S

SterhXXX2019-03-03 17:57:04

Mikrotik

SterhXXX, 2019-03-03 17:57:04

Hello colleagues.
Please tell the Padawan how to set up the equipment to separate the local network from the hotspot.
The task is this. There is an Internet static. There is a hotspot cloud provider (guest network by law). Main router Mikrotik RB1100x4. It comes with 2 optics. Network of 3 segments. 1st - administration, where the router itself is located; 2nd - cottages, HS there, 3rd - hotel with LAN and HS. The third is connected wholesale. At the end is a managed switch RB260GS. He will go from one port to LAN, to the remaining HS.
To organize all this, as I understand it, you need to configure VLANs. Here I drew a network diagram.

Help, please, with setup. Or post links to read. Don't leave your padawan

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

W

Wundarshular, 2019-03-06
@Wundarshular

If I understand you correctly, then on the RB260GS in the vlan section you should set the following values:
for sfp: here you exchange traffic with the RB1100x, so it should already be tagged
vlan mode = enabled,
vlan recieve = only tagged (if you plan to receive not only tagged traffic - set any)
default vlan id = 1
vlan header = leave as is
for eth1-4:
vlan mode = enabled (also try strict)
vlan reiceve = only untagged
default vlan id = 4
vlan header = always strip
for eth5:
vlan mode = enabled (also try strict)
vlan reiceve = only untagged
default vlan id = 5
vlan header = always strip
In the vlan s section , set:
vlan4:
spf - leave as is
eth1-4 add if missing (inaccurate)
eth5 - not a member
vlan5:
spf - leave as is
eth1-4 - not a member
eth5 - add if missing(inaccurate)
What you will eventually get, if I correctly understood the documentation for the switch: ports 1-4 will receive untagged traffic, give 4 vlan tags and send them to switching, port 5 will do the same for vlan 5, and sfp will pass all tagged traffic through itself traffic. I have some suspicions about frame switching, but I did not find anything about this in the wikia.
For RB1100x (which I understand is managed by RouterOS) move to the /interface ethernet switch port section:
set 2 vlan-mode = fallback
set 3 vlan-mode = fallback
set 4 vlan-mode = fallback
set 5 vlan-mode = fallback
In this mode, all specified rb1100x ports will simply forward tagged traffic without making changes. As I understand it, you continue to have vlans on ports 2,3 and 5. If untagged traffic also comes from there, then
set X vlan-mode=secure default-vlan-id=Y vlan-header=always-strip, where X and Y are the port number and vlan tag, respectively. Thus, incoming traffic will be tagged, and tags will be removed from outgoing traffic.
Under /interface ethernet switch vlan:
add vlan-id=4 ports=p2,p3,p4,switchX, switch=switchX
add vlan-id=5 ports=p5,p4,switchX, switch=switchX
Here you set "forwarding" vlans through the switch. Translating into Russian: now vlan4 will be able to go to ports 2,3,4 through the switchX switching chip and the same for vlan5. Note that switchX is not exactly the name of your switch chip as contained in RouterOS notation.
I hope the answer at least points you in the right direction.