To say truth, after 10+ years working in IT, this configuration method still blows my head :-)

@Aviatorpaal

8 ай бұрын

I agree. The user friendliness could improve, some explanations would go a long way

@gmas

6 ай бұрын

it's madness

@vogonjelc

2 күн бұрын

Yep, but try wan balancing. My head just jumped and run away.

I love this video as well as every video you have made. I think it would be even more helpful to see every CLI command you write in an adjacent window at the same time as the result in a GUI. In complex videos like the one with VLANs, we have to do them in the lab and see the result in a GUI to be sure that we understood. You do a great job with the videos and we learn new tricks.

You should create a topic on the MikroTik forum to cover the VLAN mini-series, and post exports of the sample configurations for reference. I also think an additional video where you configure the hAP ac2 with a trunk link to the CRS326 would be useful. Then the hAP ac2 should be configured to do inter-vlan routing, as well as provide dhcp server, internet access and firewall configured on the hAP ac2. Then demonstrate how devices connected to the different vlans can communicate with each other via the hAP ac2. Possibly configure a "guest vlan" that can not establish a connection to a "trusted" vlan, but the trusted vlan can connect to a device on the guest vlan, the return traffic being allowed by an established/related rule in the forwarding chain. Then configure a vlan-filtered bridge on the L009 with access ports for each vlan. This should then act as another vlan-aware switch, with a management connection on vlan 99, but no other vlan interfaces. Then show that the access ports on the L009 can communicate with the the access ports on the CRS326 and CRS112, and as long as they are in the same vlan, that no (significant) CPU resources are used. A bonus would be configuring wifi on the hAP ac2 with different SSIDs, and how the access ports associated with each vlan/SSID can communicate.

wow! you have done a great job, thank you! add that "bridge ports = ingress, bridge vlan= egress" to the wiki

Clear as mud; moved from a Hex to a Tplink Smart Switch and setup in 5 mins.

This is a great overview and tutorial for how VLANs work on RouterOS. I feel like I understand it all much better now. Thanks especially for including the MGMT configuration and demonstrating HW offload + CPU access works with a practical example.

I want to clarify that your work is very much appreciated by me

Nice video, exactly what I have looking for quite some time. I manage a broad variety of devices and always got stock with vlans. Now I do inderstand the, better. Thanks a lot.

Nice, detailed video. I run similar setups, but this is a very clear description of the CRS configurations.

Thanks so much for this video, it did clarify a lot or questions I had about VLAN setup in Mikrotik

Thank you! Everything quick and clear.

thanks for a great video on a topic which bugged me for some years where i could have used that video to save me a lot of mind-lock-ups xD i had to figure it out mostly with the old docs and by trail and error :) great for beginners and users new to VLANs in ROS!

Excellent video as always 😊

One of the best explanations for begginers that get to see. In my work field we use this exact settings in action in a very poppulared hotel Well done saving me hours of explanation from my superior that i couldn't undestand without trainning

Thanks for the detail video to let us know different approach vlan setup in Mikrotik device

Thank you so much! I was struggling to get a hAP ax2 to trunk on an interface and have the two different WiFi interfaces on different VLANs, etc. This video and your showing the configuration as you built it helped me to understand *where* in the GUI (Winbox) I needed to set the VLANs and what options vlan-filtering and ingress-filtering. There are just too many ways to go wrong in the GUI. I think in the future, I'll be using the CLI to manage my hAP.

@mikrotik

9 ай бұрын

You're welcome! Subscribe for more tips in the future.

Pretty useful, specially for the non bridge vlan filtering method (CRS1xx, CRS2xx with HW), that is most of the times missed in examples.

This is very useful, after struggling with ROMON in a 700 plus device network. :-(

Yes. Very helpful

Thanks for the great video ! would be nice to see how to config a wifiwave2 AP with vlans, i.e Router (CAPsMAN) + Switch + wifiwave2 AP.

Loved this video and it explained more than I could understand from the manuals. For future videos I would love it if you build on this to cover wireless vlan's using Capsman and a management network? It may be a bit long for some.

QinQ in the next video would be great thanks. If you could explain what happens when a Mikrotik Switch receives a QinQ frame as well that would be great. If I have the L3 QinQ interfaces on a Mikrotik Router and I just want my Mikrotik Switch to receive/forward the QinQ frames to the Router how would you do this (No VLAN stripping or anything like that just a trunk forward).

for Internet Tagged VLAN (PPPoE) using this method do improve performance for 2Gbps internet plan?

Thanks! Please, can you make a video about vlans , qos and multiple ssid ? It might be useful to separate lan access, iot devices, media devices, etc

@katsurokurosaki7230

11 ай бұрын

I second this, bonus points: With capsman!

Really good examples. Is there a code output of what is described? May I ask?

QinQ or VXLAN or VPLS video IMO

So if you want to make multiple VLANs, with DHCP, etc, you need to also make an interface VLAN for every VLAN? Does every other switch also require a interface VLAN for every VLAN or just he management VLAN?

15:38 why that is so? Why the software can't do it at the same way like on the bigger switches?

Should the bridge only have 1 trunk or are multiple trunks acceptable? Does master and slave port configuration apply anywhere? Last video you mentioned STP and RSTP. How is this config safe to use with these protocols or are there other considerations? I think going over wireless access points where you have multiple SSIDs which each corresponds to different VLANs plus management VLAN would be great. Also how to properly handle mdns between vlans and prevent flooding.

10:01 but when we add an IP address to the network port itself on the laptop then it should work?

I like the comments below. I also turn on Subtitles when listening and the commands you are discussing are behind the subtitles. I am somewhat struggling with VLANs in general - besides the multiple ways they are implemented in Mikrotik OSs. I would also love to see diagrams or animations - showing what is happening with the data packets as they are travelling the network, though the ports and bridges to get a better understanding of what tags are seen where. I know this is more complicated to ask but would be very helpful.

@RB01-lite

11 ай бұрын

You can move the subtitles with your mouse :)

@ameador01

11 ай бұрын

@@RB01-lite HA! I never knew that! Thanks!

can we set a trunk port to allow all vlans , while set other ports in hyprid configuration for example in voip scenarios ?

CapMan + Vlan {possible vlan configuration from capman?} + quest and internal wifi ?

Some video graphics error at 3:33 for example.

I don't get why the term bridge is used. Isn't that an outdated network device to just bridge 2 networks?

Should rb5009 vlans be configured in the same manner as crs112 ? Would be nice to see "tagged vlans over wifi ssid"

@vhaelanvhaelan8417

7 ай бұрын

No, the 5009 has a switch chip, so should be configured as the crs3xx series

Another clear and well constructed presentation, thanks Druvis.

Would be good to share final configuration as text so it's easier to copy and adjust for similar setups.

Please make a video about the firewall managle marking and how the packets get marked and when the mark is replaced. Thnx

I just received the crs510, there is already a bridge configured for management, is this bridge HW offloaded? Or do i need to create a 2nd bridge which is hardware offloaded ? Also, my trunc will be a 100Gbit port, do i need to add vlans to each of the 4 25Gbit ports that make up the 100Gbit connection, or do i only need todo the settings on the first qfsp28-1-1 port ?

@mikrotik

7 ай бұрын

All bridges are offloaded by default when created, but other settings might prevent them from being offloaded. The easiest way to know is to just check the bridge port section - letter H indicates whether a particular port is offloaded or not. When it comes to the 25Gbit ports, you need to configure them just like any other interface.

@rudypieplenbosch6752

7 ай бұрын

@@mikrotik Thanks for the information, so for a 100Gbit trunk, i need to add the same vlan table to each of the 4 port members.

Thank you so much for this detailed video and all the explaination. I have 3 routers behind each other and started a trunk from the first to the last. The devices I have in use are RB5009, CRS328 and hAP ax². I tried the complete same settings with all 3 devices to route the trunk and the VLANS through. It all worked with CRS328 and hAP ax². But after hours I am not able to bring also the RB5009 in the row. In the video you decribed the topic with different settings for CRS1xx/CRS2xx. Is there something similar with my RB5009 or should it work like you showed in the video until 14:24?

@shaker9756

8 ай бұрын

Ok I fixed it, after I found another very good video. It seems the issue was, that I configured more than one bridge, due to this config was in parallel free ports on my running router, with another network. The information from that video was, that more than 1 bridge is not a good idea, due to the router has only 1 switch chip on it. Since I changed it over my productive bridge, the connection is working.

@mikrotik

8 ай бұрын

When adding multiple bridges it will not be possible to hardware offload all of them, but vlan-filtering should still work in the confines of a single bridge. It is not possible, however, to do inter-bridge vlan-filtering.

Idea for the next video: Advanced capsman configuration please!

Yes all is clear. However work was on L2 only. Third video should discuss L3 and how to isolate on that level please. All possible isolation options not just simple drop rules.

brave taking this topic on....

Druvis, what linux distribution you are using?

@RB01-lite

11 ай бұрын

At work EndeavourOS. At home arch btw

we need a new thread for this in forum, just for basic one not advanced one, maybe with winbox config step by step, cli command is nigtmare for beginner 😁😁😁

@crash939burn

11 ай бұрын

vlan is very simple, just match the numbers, vlan numbers and bridge it, the the bridge counts as the actual interface

is it silly to set up vlans on a home switch , one vlan for a firestick , one vlan for the PC and another one for the ps5

@mikrotik

9 ай бұрын

Don’t forget IoT 😀 that adds at least 20

8:15 I learned sth. new. You don't have to put the access ports for some VLAN into the bridge VLAN menu as untagged.

I am amazed only by vlan configuration on linux OS. Can you tell me which OS is this?

@mikrotik

6 ай бұрын

It's an Arch based distro using KDE Plasma desktop environment and NetworkManager. Most Linux distros will use NetworkManager, but might have a different GUI.

@railwireorbit7401

6 ай бұрын

@@mikrotik Thank You So Much for your response.

HI, what OS do you using ? THX for answer

@RB01-lite

11 ай бұрын

Its EndeavourOS which is basically arch linux + kde plasma

@mirmigois

11 ай бұрын

@@RB01-lite What you did and 2.5 protocol works on linux and you using mac-address to connect through winbox. I installed winbox along wine on ubuntu but i can not use 2.5 protocol. If there is a trick could you do a video about 2.5 protocol on linux

@RB01-lite

11 ай бұрын

@@mirmigois What exactly are you trying to do? And what goes wrong?

@mirmigois

11 ай бұрын

@@RB01-lite when i use linux and want to connect with winbox to a mikrotik that has IP 0.0.0.0 (reset without any config, default or by user) i can't connect by selecting mikrotik's mac address. I have to switch to windows to login to mikrtotik

@RB01-lite

10 ай бұрын

@@mirmigois Did you disable DHCP client and add an IP to the interface in linux?

I am strongly, interested, because I just have to configure my LGH LTE18 RouterOs Kit, but your illustration is useless to me, following your illustration (even if it helped me with Google Translation) it is only in English. Although I have made every effort to simulcast your explanation. It was all in vain. Is there an alternative? Thank you.

@mikrotik

11 ай бұрын

It is not feasible to translate illustrations. If you are referring to the one breaking down the ethernet frame, than you can just look that up on wikipedia. Other then that, the one showing CPU and Switch chip was just used to explain how a bridge interface with hardware offloading (HW=yes) will move processing from CPU to the Swtich chip, so if you need a management interface you have to ensure CPU can communicate through the Switch chip.

This is too difficult. After 50+ configuration attempts of a hybrid port against a bridge I am lost in the rabbit hole

Nice video series, but it's too dense, even if incomplete. First of all, all those options are not suitable for every device. You need to check the support pages for VLAN switching to see what's best for your device and its hardware. Also configuring the bridges differently than your physical chips can lead to weird routing and bottlenecks. In my opinion the videos should have been structured differently. Something like, first video should talk about Vlans in general. Without mentioning anything about hardware technicalities or mikrotik specifics. Second should be a general presentation of how routeros and winbox abstract the various vlan details into the various entities like bridges, interfaces etc. And then, it should be separate videos about each router generation, device type (like APs) or even specific models that requires special attention to optimize things like hardware offloading.

Good vídeo, spanish version? 😅😅

You are an amazing teacher! Please create more highly technical videos. Why not tackle hardware off-loading and utilizing the best of a switch and a router. Each with different types of supported hardware off-loading. :) I write that because I have a crs326-24g switch and a ccr2004 passive cooled router. I find that you can use the switch as a router and vice versa but the switch has l3-hw-offloading where the router does not and I do not understand the hardware offloading the router does exactly.

@mikrotik

10 ай бұрын

It all depends on the switch chip, some info can be found in the following links: help.mikrotik.com/docs/display/ROS/Switch+Chip+Features#SwitchChipFeatures-Introduction help.mikrotik.com/docs/display/ROS/Bridging+and+Switching#BridgingandSwitching-BridgeHardwareOffloading