====== Switche VLANy + Router ======
===== Wstęp i ogólne założenia =====
{{:mikrotik_vlans.png|}}
Do switchy podpinamy się za pomocą adresu MAC (program WinBox -> zakładka Neighbors). Należy mieć pod ręką kabel do konsoli, na wszelki wypadek. Ja podpinam się pod port eth9 do switchy w celu konfiguracji.
Na każdym switchu sprawdzamy ustawienia master portu na interfejsach:
/interface ethernet
set [ find default-name=ether1 ] name=ether1-master
set [ find default-name=ether2 ] master-port=ether1-master
set [ find default-name=ether3 ] master-port=ether1-master
set [ find default-name=ether4 ] master-port=ether1-master
set [ find default-name=ether5 ] master-port=ether1-master
set [ find default-name=ether6 ] master-port=ether1-master
set [ find default-name=ether7 ] master-port=ether1-master
set [ find default-name=ether8 ] master-port=ether1-master
set [ find default-name=ether9 ] master-port=ether1-master
set [ find default-name=ether10 ] master-port=ether1-master
set [ find default-name=ether11 ] master-port=ether1-master
set [ find default-name=ether12 ] master-port=ether1-master
set [ find default-name=ether13 ] master-port=ether1-master
set [ find default-name=ether14 ] master-port=ether1-master
set [ find default-name=ether15 ] master-port=ether1-master
set [ find default-name=ether16 ] master-port=ether1-master
set [ find default-name=ether17 ] master-port=ether1-master
set [ find default-name=ether18 ] master-port=ether1-master
set [ find default-name=ether19 ] master-port=ether1-master
set [ find default-name=ether20 ] master-port=ether1-master
set [ find default-name=ether21 ] master-port=ether1-master
set [ find default-name=ether22 ] master-port=ether1-master
set [ find default-name=ether23 ] master-port=ether1-master
set [ find default-name=ether24 ] master-port=ether1-master
set [ find default-name=sfp1 ] master-port=ether1-master
===== CRS125-24G-1S-RM =====
/interface ethernet switch
set drop-if-invalid-or-src-port-not-member-of-vlan-on-ports=ether24,ether23,ether22,ether21,ether20,ether19,ether18,ether17,ether16,ether15,ether14,ether13,ether1-master,ether2,ether3,ether4,ether5,ether6,ether7,ether8
/interface ethernet switch trunk
add member-ports=ether1-master,ether2,ether3,ether4 name=trunk-1-2-3-4
add member-ports=ether5,ether6 name=trunk-5-6
add member-ports=ether7,ether8 name=trunk-7-8
/interface ethernet switch egress-vlan-tag
add tagged-ports=trunk-1-2-3-4,trunk-5-6,trunk-7-8 vlan-id=1
add tagged-ports=trunk-1-2-3-4,trunk-5-6,trunk-7-8 vlan-id=2
add tagged-ports=trunk-1-2-3-4,trunk-5-6,trunk-7-8 vlan-id=3
add tagged-ports=trunk-1-2-3-4,trunk-5-6,trunk-7-8 vlan-id=4
/interface ethernet switch ingress-vlan-translation
add new-customer-vid=1 ports=ether13,ether14
add new-customer-vid=2 ports=ether15,ether16
add new-customer-vid=3 ports=ether17,ether18,ether19,ether20
add new-customer-vid=4 ports=ether21,ether22,ether23,ether24
/interface ethernet switch vlan
add ports=trunk-1-2-3-4,trunk-5-6,trunk-7-8,ether13,ether14 vlan-id=1
add ports=trunk-1-2-3-4,trunk-5-6,trunk-7-8,ether15,ether16 vlan-id=2
add ports=trunk-1-2-3-4,trunk-5-6,trunk-7-8,ether17,ether18,ether19,ether20 vlan-id=3
add ports=trunk-1-2-3-4,trunk-5-6,trunk-7-8,ether21,ether22,ether23,ether24 vlan-id=4
VLAN do zarządzania switchem:
/interface vlan
add name=vlan99 vlan-id=99 interface=ether1
/ip address
add address=192.168.101.2/24 interface=vlan99
/interface ethernet switch egress-vlan-tag
add tagged-ports=ether1,switch1-cpu vlan-id=99
/interface ethernet switch vlan
add ports=ether1,switch1-cpu vlan-id=99 learn=yes
===== CRS125-24G-1S-IN =====
/interface ethernet switch
set drop-if-invalid-or-src-port-not-member-of-vlan-on-ports=ether24,ether23,ether22,ether21,ether20,ether19,ether18,ether17,ether16,ether15,ether14,ether13,ether1-master,ether2,ether3,ether4,ether5,ether6,ether7,ether8
/interface ethernet switch trunk
add member-ports=ether1-master,ether2 name=trunk-1-2
/interface ethernet switch egress-vlan-tag
add tagged-ports=trunk-1-2 vlan-id=1
add tagged-ports=trunk-1-2 vlan-id=2
add tagged-ports=trunk-1-2 vlan-id=3
add tagged-ports=trunk-1-2 vlan-id=4
/interface ethernet switch ingress-vlan-translation
add new-customer-vid=1 ports=ether13,ether14
add new-customer-vid=2 ports=ether15,ether16
add new-customer-vid=3 ports=ether17,ether18,ether19,ether20
add new-customer-vid=4 ports=ether21,ether22,ether23,ether24
/interface ethernet switch vlan
add ports=trunk-1-2,ether13,ether14 vlan-id=1
add ports=trunk-1-2,ether15,ether16 vlan-id=2
add ports=trunk-1-2,ether17,ether18,ether19,ether20 vlan-id=3
add ports=trunk-1-2,ether21,ether22,ether23,ether24 vlan-id=4
VLAN do zarządzania switchem:
/interface vlan
add name=vlan99 vlan-id=99 interface=ether1
/ip address
add address=192.168.101.3/24 interface=vlan99
/interface ethernet switch egress-vlan-tag
add tagged-ports=ether1,switch1-cpu vlan-id=99
/interface ethernet switch vlan
add ports=ether1,switch1-cpu vlan-id=99 learn=yes
===== ROUTER =====
Interfejdy eth2-eth5 nie mogą być zgrupowane przed tworzeniem bondingu.
/interface bonding
add mode=balance-xor name=bonding1 slaves=ether5,ether2,ether3,ether4 transmit-hash-policy=layer-2-and-3
/interface vlan
add interface=bonding1 name=vlan1 vlan-id=1
add interface=bonding1 name=vlan2 vlan-id=2
add interface=bonding1 name=vlan3 vlan-id=3
add interface=bonding1 name=vlan4 vlan-id=4
/ip address
add address=192.168.99.1/24 interface=vlan1 network=192.168.99.0
add address=192.168.100.1/24 interface=vlan2 network=192.168.100.0
VLAN do zarządzania routerem:
/interface vlan
add name=vlan99 vlan-id=99 interface=bonding1
/ip address
add address=192.168.101.1/24 interface=vlan99