Professional Documents
Culture Documents
June 2, 2015
Filed under: Cisco Related, Mikrotik Related Tags: 3750, cisco vlan, isolate, mikrotik vlan, vlan Syed
Jahanzaib / Pinochio~:) @ 3:16 PM
i
12 Votes
1 of 17 31/03/2017 13:20
Mikrotik with Cisco VLAN made easy | Syed Jahanzaib Personal Blog to ... https://aacable.wordpress.com/2015/06/02/mikrotik-with-cisco-vlan-mad...
5 + - 5 + - are a solution to allow you to separate users into individual network segments for
security and other reasons. 5 + - membership can be congured through software instead of physically
relocating devices or connections. 5 + - allow you to break up devices on your network regardless of
their location.
Broadcast Control
2 of 17 31/03/2017 13:20
Mikrotik with Cisco VLAN made easy | Syed Jahanzaib Personal Blog to ... https://aacable.wordpress.com/2015/06/02/mikrotik-with-cisco-vlan-mad...
It is very useful for any network including large/small oces, ISPs, Cable.Internet services providers etc.
The main problem of any large network is broadcast and specially for network operators when any single
user swap his wan router LAN cable to wan cable thus broadcast his router DHCP to operator network,
or single user eected with virus/trojans broadcast to whole network. VLAN can help you in many
situations like these or others.
TASK:
To avoid broadcasting/ooding and above all for be?er be?er management +security and monitoring, we
want to break the network in smaller segments.
Scenario:
We have Mikrotik Router which is acting as a DHCP and PPPoE Server as well. and we want to isolate the
dierent network areas by breaking them in smaller segments. Each area will get dierent IP series from
the mikrotik dhcp server.
1. Mikrotik RB2011
2. Cisco 3750-E Series
3. Two Laptops for testing
3 of 17 31/03/2017 13:20
Mikrotik with Cisco VLAN made easy | Syed Jahanzaib Personal Blog to ... https://aacable.wordpress.com/2015/06/02/mikrotik-with-cisco-vlan-mad...
MIKROTIK CONFIG
4 of 17 31/03/2017 13:20
Mikrotik with Cisco VLAN made easy | Syed Jahanzaib Personal Blog to ... https://aacable.wordpress.com/2015/06/02/mikrotik-with-cisco-vlan-mad...
I assume that you have Cisco switch with any IP address for the management purposes.
telnet 192.168.0.1
5 of 17 31/03/2017 13:20
Mikrotik with Cisco VLAN made easy | Syed Jahanzaib Personal Blog to ... https://aacable.wordpress.com/2015/06/02/mikrotik-with-cisco-vlan-mad...
6 of 17 31/03/2017 13:20
Mikrotik with Cisco VLAN made easy | Syed Jahanzaib Personal Blog to ... https://aacable.wordpress.com/2015/06/02/mikrotik-with-cisco-vlan-mad...
7 of 17 31/03/2017 13:20
Mikrotik with Cisco VLAN made easy | Syed Jahanzaib Personal Blog to ... https://aacable.wordpress.com/2015/06/02/mikrotik-with-cisco-vlan-mad...
Done!
TEST!
Dealer-1 have receive series ip, exactly the one we congured in mikrotik.
Now try to ping any dealer-2 series and to the internet as well. You will see that you will be able to ping
the internet and mikrotik LAN ip, but not with dealer-2 subnet or likewise.
8 of 17 31/03/2017 13:20
Mikrotik with Cisco VLAN made easy | Syed Jahanzaib Personal Blog to ... https://aacable.wordpress.com/2015/06/02/mikrotik-with-cisco-vlan-mad...
- . 3 $For the client isolation / to block communication between all VLANs , you must createFILTER
rule as explained in TIPs n TRICK section below
TIPS n TRICKS
9 of 17 31/03/2017 13:20
Mikrotik with Cisco VLAN made easy | Syed Jahanzaib Personal Blog to ... https://aacable.wordpress.com/2015/06/02/mikrotik-with-cisco-vlan-mad...
It is usually required to block all communication between specic or all 5 + - subnets for security or
other reasons. By default mikrotik will allow communications between all vlan. You can block them by
creating %(+3 $1 rules. Example is we want that users of all vlans can access internet via 6 - interface
but should not be able to communicate with any other 5 + - subnet. use following as an example
- there are many other ways to achieve this either at switch level or mikrotik, i am showing just an
example only here.
10 of 17 31/03/2017 13:20
Mikrotik with Cisco VLAN made easy | Syed Jahanzaib Personal Blog to ... https://aacable.wordpress.com/2015/06/02/mikrotik-with-cisco-vlan-mad...
Pending work:
Regards
2 )
11 of 17 31/03/2017 13:20
Mikrotik with Cisco VLAN made easy | Syed Jahanzaib Personal Blog to ... https://aacable.wordpress.com/2015/06/02/mikrotik-with-cisco-vlan-mad...
Comments (25)
25 Comments
1. Dear Jahanzaib,
How can we make sure that on mikrotik side the port is in the trunking mode. Is there any specic
commands ? or is it by default that the ethernet interfaces on mikrotik are in the trunking mode ??
Reply
2. love it
Reply
3. But what about mikrotik to mikrotik foe example Rb2011 to Rb750 rb2011 have two networks pppoe
and hotspot going through 1 trunk and in remote area there is 750 from connections are distributed
although it is also possible to have both pppoe and hotspot on same lan but i am generating a scenario
a vice versa..
12 of 17 31/03/2017 13:20
Mikrotik with Cisco VLAN made easy | Syed Jahanzaib Personal Blog to ... https://aacable.wordpress.com/2015/06/02/mikrotik-with-cisco-vlan-mad...
Reply
4. How to Dial Multiple and more PPPOE Client Over Single WAN Interface in Mikrotik
Reply
5. dear sir , How to Dial Multiple PPPOE Client Over Single WAN Interface in Mikrotik?
Detail:
I got 2 ports on my mikrotik router
1xWAN & 1xLAN port
I need to dial 2 or more pppoe clients and load balance over the single wan port
How?
actually i create a multiple 1mbps pppoe clients in my mikrotik the both connections are showing
connected and
i use adeel uploaded load balancing se?ings in my mikrotik.when i check in speedtest its showing
sometimes 1mbps and sometimes 2mbps.
pls help me..
Reply
As far as i know, You cannot dial multiple PPPoE client over one interface. why not use
manageable switch with vlans to do the job ?
Reply
6. nice work >>> having on question i have rb 2011 with 1 switch cisco L3 and 3 rb 1100.in rb 2011
making 3 vlans and 3 user pppoe client >>in cisco also same 3 vlans RB 1100 each router taking one
user pppoe client how can separate between them meaning user 1 is working on rst router but not
working one other routers second and third router 1100 ?
Reply
perhaps a network diagram will help to understand the issue.
Reply
i upload simple diagram the idea is isolate users pppoe client on the same routermeaning
there is Main router ( cloud core ) having 2 user pppoe A and B and there is two routers (
Router 1 and Router 2 ) connected directly to main router ( cloud core ) i wanna user A is
connected only to Router 1 and not connected to Router 2 and user B connected to Router 2
and not connected to Router 1
13 of 17 31/03/2017 13:20
Mikrotik with Cisco VLAN made easy | Syed Jahanzaib Personal Blog to ... https://aacable.wordpress.com/2015/06/02/mikrotik-with-cisco-vlan-mad...
any idea?
7. dear you need to use policy based routing as far as destination end routing is concern , in which you
can congure for user A to user R1, and User B to R2.
Reply
how can i use that policy ?
Reply
use google to implement PBR in MT
8. Dear Mr.Jahanazib ,
Could you please tell me which cisco switch are able to tagged/trunked with mikrotik .My model is
1100 ahx2
Reply
In general all Cisco base manageable switch are capable of doing vlan.
I used Cisco 3750 giga bit switch at various places and found it very stable cisco 2960 or likewise
are also good choices. but it all depends on availability and budget as well.
Reply
9. Hello Brother Assalamu alikum,
This is Nahid from Bangladesh. I have a new problem at hand. Recently i add a new Cisco Catalyst
2960 TCS with my network, Using Mikrotik CCR-1016 for Routing, When I add This new switch with
mikrotik interface, ge?ing some packet loss, Like If i ping my gateway its showing Replay from 2ms or
sometime 30ms+, also miss 1 packet after 15-20 replay from gateway. I have another old Catalyst
2960TCL which is ok no ping loss from gateway, If i connect my new Catalyst 2960 with old Catalyst
2960TCL, then no packet loss also ge?ing ping from gateway <1ms-2ms.
From Mikrotik I connected to Giga Ethernet port to switch with Machine made Cable. In Mikrotik
Auto Port Negotiation is on also selected 100 full, 1000full, I changed MSS in rewall.
If i Reboot my Mikrotik or change port then there is no Ping loss or ge?ing good ping time for only 5
minute then again its starts to loss after every 20 replay.
Mikrotik Conguration: All user connect with DHCP, No Filter Rules, NAT set to Masquerade, In
mangle only rules for FTP servers,
Please Anyone solve this issue, Thanks in Advance
14 of 17 31/03/2017 13:20
Mikrotik with Cisco VLAN made easy | Syed Jahanzaib Personal Blog to ... https://aacable.wordpress.com/2015/06/02/mikrotik-with-cisco-vlan-mad...
Reply
10. Dear,
i have mikrotik working ok with cisco vlan congured and working ok.
now i want to use mikrotik in vmware but in vmware vlan not working. what to do now?
Reply
11. Dear Syed Jahanzaib,
i want to use vlans for Security / Client Isolation in the hostpot
i wnant to create 250 vlans each user tack one ip from dierent rang (dierent vlan)
is it passibal in mikrotik
Reply
12. Dear Syed Jahanzaib,
i want to use vlans for Security / Client Isolation in the hostpot
i wnant to create 250 vlans each user take one ip from dierent rang (dierent vlan)
is it passibal in mikrotik
Reply
13. Dear Syed Jahanzaib,
i want to use vlans for Security / Client Isolation in the hostpot
i wnant to create 250 vlans each user tack one ip from dierent rang (dierent vlan)
is it passibal in mikrotik
what are the process ??
Reply
14. Salam
What if want to createT TRUNK between Cisco 2960 switch and mikrotik crs125-24g-1s-2hnd-in,
Cisco 2960
#switchport mode trunk
#no shut
15 of 17 31/03/2017 13:20
Mikrotik with Cisco VLAN made easy | Syed Jahanzaib Personal Blog to ... https://aacable.wordpress.com/2015/06/02/mikrotik-with-cisco-vlan-mad...
mikrotik crs125-24g-1s-2hnd-in
Ether 24 trunk.
Ether 24 IP address 192.168.200.100/24 (I dont have any idea here)
default gateway 192.168.200.1
/interface ethernet
set ether1 master-port=ether24
set ether2 master-port=ether24
set ether3 master-port=ether24
set ether4 master-port=ether24
set ether5 master-port=ether24
set ether6 master-port=ether24
set ether7 master-port=ether24
set ether8 master-port=ether24
set ether9 master-port=ether24
set ether10 master-port=ether24
TRUNK PORT
/interface ethernet switch egress-vlan-tag add tagged-ports=ether24,switch1-cpu vlan-id=30 add
tagged-ports=ether24 vlan-id=126
ACCESS PORT
/interface ethernet switch ingress-vlan-translation add customer-vid=0 new-customer-vid=30 ports=\
ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,switch1-cpu \
sa-learning=yes
/interface ethernet switch ingress-vlan-translation add customer-vid=0 new-customer-vid=126 ports=\
ether1,switch1-cpu \
sa-learning=yes
NOTE:
Problem is i can access see access and trunk conguration is working perfectly.
but issue is i cant access 192.168.200.100 (mokrotik switch IP address) from cisco network .
Reply
15. Any Idea for mikrotik vlans with Rocket M2 and Nano M5 Vlans connect congration
Reply
16. hi
16 of 17 31/03/2017 13:20
Mikrotik with Cisco VLAN made easy | Syed Jahanzaib Personal Blog to ... https://aacable.wordpress.com/2015/06/02/mikrotik-with-cisco-vlan-mad...
to have the from the cisco trunk port that trac at ether 1 witch is vlan10
Reply
17. dear jahanzaib how can i add multiple pppoe clients in mikrotik to dial from 1 interface using vlan in
cisco i have created vlans and trunk port in cisco but i am confused in mikrotik side conguration
Reply
RSS (Really Simple Syndication) feed for comments on this post. TrackBack URI (Uniform Resource
Identier)
17 of 17 31/03/2017 13:20