mikrotikvlanswitching

Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

Link zu dieser Vergleichsansicht

Beide Seiten der vorigen Revision Vorhergehende Überarbeitung
Nächste Überarbeitung		 Vorhergehende Überarbeitung
mikrotikvlanswitching [2021/08/17 08:26] Fabian Horstmikrotikvlanswitching [2021/08/17 12:52] (aktuell) Fabian Horst
Zeile 4: Zeile 4:
  
 https://wiki.mikrotik.com/wiki/File:Basic_vlan_switching.png https://wiki.mikrotik.com/wiki/File:Basic_vlan_switching.png
- 
 From: https://wiki.mikrotik.com/wiki/Manual:Basic_VLAN_switching From: https://wiki.mikrotik.com/wiki/Manual:Basic_VLAN_switching
  
-===== 2011 etc. =====+===== Einführung =====
  
 +Many MikroTik devices come with a built-in switch chips that usually have an option to do VLAN switching on a hardware level, this means that you can achieve wire-speed performance using VLANs if a proper configuration method is used. The configuration method changes across different models, this guide will focus on setting up a basic trunk/access port setup with a management port from the trunk port using different devices with the right configuration to achieve best performance and to fully utilize the available hardware components. 
  
-Warning: Not all devices with a switch chip are capable of VLAN switching on a hardware level, check the supported features for each switch chip, the compatibility table can be found HereIf a device has VLAN table support, then it is capable of VLAN switching using the built-in switch chipYou can check the device's switch chip either in the provided link or by using <code>/interface ethernet switch print</code>+Viele MikroTik Geräte kommen mit einem eingebauten Switch Chip der VLAN Switchting auf Hardware Ebene beherschtDamit ist es möglich auch mit VLANs eine Geschwindigkeit wie auf dem Kabel direkt zu erreichenFür die Konfiguration gibt es verschiedene Optionen. Diese Anleitung wird den Fokus auf die Trunk/Access Port Konfiguration inkl. Management auf dem Trunk Port haben und dabei bei verschiedenen Geräten die beste Leistung zu erzielen.
  
 +===== Other devices with built-in switch chip =====
 +
 +
 +Warning: Not all devices with a switch chip are capable of VLAN switching on a hardware level, check the supported features for each switch chip, the compatibility table can be found Here. If a device has VLAN table support, then it is capable of VLAN switching using the built-in switch chip. You can check the device's switch chip either in the provided link or by using: <code>/interface ethernet switch print</code>
 +
 +Achtung: Nicht alle Geräte mit einem Switch Chip unterstützten VLAN-Switching auf Hardware Ebene! Prüfe bei jedem Gerät die kompatibilität! Wenn ein Gerät eine VLAN-Switchin Tabelle hat ist es unterstützt. Du kannst die Funktion bei einem MikroTik mit folgendem Befehl prüfen: <code>/interface ethernet switch print</code>
 +
 +Hier ein Beispiel eines RB2011LS(mipsbe)
 +<code>
 +[admin@MikroTik] > /interface ethernet switch print
 +Flags: I - invalid 
 + #   NAME     TYPE             MIRROR-SOURCE    MIRROR-TARGET    SWITCH-ALL-PORTS
 +   switch1  Atheros-8327     none             none            
 +   switch2  Atheros-8227     none             none           
 +</code>
 +
 +
 +==== 2011,RB750 etc. Musterkonfiguration ====
  
 <code> <code>
Zeile 33: Zeile 51:
 set ether3 vlan-mode=secure vlan-header=always-strip default-vlan-id=30 set ether3 vlan-mode=secure vlan-header=always-strip default-vlan-id=30
 set switch1-cpu vlan-header=leave-as-is vlan-mode=secure set switch1-cpu vlan-header=leave-as-is vlan-mode=secure
 +</code>
 +
 +<code>
 +bridge -> vlan filtering an!</code>
 +
 +More detailed examples can be found here. https://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features#Setup_Examples
 +
 +Note: This type of configuration should be used on RouterBOARD series devices, this includes RB4xx, RB9xx, RB2011, RB3011, hAP, hEX, cAP and other devices. 
 +
 +Note: By default, the bridge interface is configured with protocol-mode set to rstp. For some devices, this can disable hardware offloading because specific switch chips do not support this feature. See the Bridge Hardware Offloading section with supported features. https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#Bridge_Hardware_Offloading
 +
 +Note: For devices that have multiple switch chips (for example, RB2011, RB3011, RB1100), each switch chip is only able to switch VLAN traffic between ports that are on the same switch chip, VLAN filtering will not work on a hardware level between ports that are on different switch chips, this means you should not add all ports to a single bridge if you are intending to use VLAN filtering using the switch chip, VLANs between switch chips will not get filtered. You can connect a single cable between both switch chips to work around this hardware limitation, another option is to use Bridge VLAN Filtering, but it disables hardware offloading (and lowers the total throughput).  https://wiki.mikrotik.com/wiki/Manual:Basic_VLAN_switching#Other_devices_without_a_built-in_switch_chip
 +
 +==== Other devices without a built-in switch chip ====
 +It is possible to do VLAN filtering using the CPU, there are multiple ways to do it, but it is highly recommended by using bridge VLAN filtering. 
 +<code>
 +/interface bridge
 +add name=bridge1
 +/interface bridge port
 +add bridge=bridge1 interface=ether1 hw=no
 +add bridge=bridge1 interface=ether2 hw=no pvid=20
 +add bridge=bridge1 interface=ether3 hw=no pvid=30
 +/interface bridge vlan
 +add bridge=bridge1 tagged=ether1 untagged=ether2 vlan-ids=20
 +add bridge=bridge1 tagged=ether1 untagged=ether3 vlan-ids=30
 +add bridge=bridge1 tagged=ether1,bridge1 vlan-ids=99
 +/interface vlan
 +add interface=bridge1 vlan-id=99 name=MGMT
 +/ip address
 +add address=192.168.99.1/24 interface=MGMT
 +/interface bridge
 +set bridge1 vlan-filtering=yes
 +</code>
 +
 +More detailed examples can be found here:
 +https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#Bridge_VLAN_Filtering
 +
 +=== Bad Config ===
 +
 +<code>
 +/interface bridge
 +add name=bridge
 +add name=bridge10
 +add name=bridge20
 +add name=bridge30
 +/interface wireless
 +set [ find default-name=wlan1 ] ssid=MikroTik
 +/interface ethernet
 +set [ find default-name=ether1 ] name=ether1-RPI-TRUNK
 +set [ find default-name=ether2 ] name=ether2-ISP1-10
 +set [ find default-name=ether3 ] name=ether3-ISP2-20
 +set [ find default-name=ether4 ] name=ether4-ISP3-30
 +set [ find default-name=ether5 ] name=ether5-LAN
 +/interface vlan
 +add interface=bridge name=ether1-vlan10 vlan-id=10
 +add interface=bridge name=ether1-vlan20 vlan-id=20
 +add interface=bridge name=ether1-vlan30 vlan-id=30
 +/interface wireless security-profiles
 +set [ find default=yes ] supplicant-identity=MikroTik
 +/interface bridge port
 +add bridge=bridge interface=ether5-LAN
 +add bridge=bridge interface=ether1-RPI-TRUNK
 +add bridge=bridge10 interface=ether2-ISP1-10
 +add bridge=bridge10 interface=ether1-vlan10
 +add bridge=bridge20 interface=ether1-vlan20
 +add bridge=bridge20 interface=ether3-ISP2-20
 +add bridge=bridge30 interface=ether4-ISP3-30
 +add bridge=bridge30 interface=ether1-vlan30
 +/ip dhcp-client
 +add disabled=no interface=bridge
 +/ip dns
 +set servers=8.8.8.8,8.8.4.4
 +/system clock
 +set time-zone-name=Europe/Berlin
 +/system identity
 +set name=MPTCP-SWITCH
 +/system ntp client
 +set enabled=yes server-dns-names=de.pool.ntp.org
 </code> </code>
  • mikrotikvlanswitching.1629181564.txt.gz
  • Zuletzt geändert: 2021/08/17 08:26
  • von Fabian Horst