vlan configuration in mikrotik router using bridge

vlan configuration in mikrotik router using bridge
VLANs are logical segregation of subnet networks for separating Broadcast Domains in layer 2. For this, we need to understand the OSI model. These enhance the network traffic management from security aspects and Better networking device optimization. VLANS configuration in Mikrotik router using Bridge is one of the approaches to create VLANS which uses a Software based VLAN processing.
Before diving directly into vlan configuration in MikroTik router using bridge, we need to understand the scenario.

Working Scenario

I am using the RB951u-2hnd model Mikrotik router. Here I have created two VLANs respectively for Ethernet ports interfaces and WLAN interfaces i.e., VLAN 10 and VLAN 20 respectivelyVLANS have been created using Bridge. To create Vlans, we need to properly understand it

How does a bridge work? What is the Bridge interface?
What are access ports and Trunk ports? why it is necessary?
Need to clear this concept first, as I have been CCNA trained so I created a picture of Vlans in the CCNA router and switch. It helped me clarify the concept for me as unlike the CCNA switch we are not configuring VLANs and trunk ports in dedicated switches, here we are configuring in the Mikrotik router.
Here the switch is logically built using Bridge and we create an interface in Bridge just as Switch interfaces. We need to picture the concept properly before implementing and imitating others’ configurations. For the long term, the concept will certainly keep your head clear and make it less hectic to implement in scenarios.
Proper documentation is much needed as always step by step for  vlan configuration in mikrotik router using bridge:

Clear the concept of bridge

Bridge in Mikrotik has multiple purposes:
Interconnecting different technologies for instance WLAN and ethernet interfaces at one network where they could share the same DHCP server, DNS, and gateway making it simpler to coordinate.
The bridge acts as a logical switch binding them together and now the Bridge interface acts as a common interface for them. If we configure any IP, Gateway, Trunk, or anything then the ports inside the Bridge and interfaces are also synchronized with it. Also in configuring VLANS, we use the Bridge interface for Tagging the VLAN ID to the ethernet frame. As a scenario, we have created Bridge LAN and for Wlan we have not created any Bridge but could be created as per the requirement.
vlan configuration in mikrotik router using bridge
Bridge LAN
vlan configuration in mikrotik router using bridge
Bridge ports

Creating two VLANs on WLAN interface and ethernet interfaces respectively

   We will be creating VLAN 10 on the WLAN interface and VLAN 20 on the bridge LAN respectively so they stay on separate Broadcast Domains. This helps manage the traffic properly in a large network. The ARP request stays within their VLANs if requested to help mitigate broadcast traffic. These help routers optimize efficiently while performing their functions. We have created VLANs accordingly under Bridge LAN as we have connected all the ethernet ports under the bridge and WLAN interfaces assigned the VLANs interfaces their IP address and set up the DHCP server as well for connected clients.
vlan configuration in mikrotik router using bridge
VLAN Interfaces
vlan configuration in mikrotik router using bridge
The IP address for VLAN interface
vlan configuration in mikrotik router using bridge
DHCP Server Setup in VLAN

Implementing Trunk and VLAN access

 VLAN tagging adds extra byte information between the Mac address and ethernet frames to identify and separate network traffic in a network to indicate which VLAN the frame belongs to. Here we are creating bridge interfaces for the “trunk” ports that receive the tagged traffic. But the untagged traffic we are creating on VLAN access ports and it doesn’t understand it. Computers, printers and devices. It assumes that all traffic received on that port belongs to a single VLAN and will forward it accordingly as the VLAN trunk already distinguished it.
vlan configuration in mikrotik router using bridge
Tagged and untagged for LAN interfaces
vlan configuration in mikrotik router using bridge
Tagged and untagged for WLAN Interface using VLAN mode and VLAN ID

Assigning the PVID to each Bridge port

It’s important to note that if a port is configured as an access port (carrying only untagged frames), it should have the PVID and VLAN ID set to the same value in WLAN  with PVID of 20 and interface of their Bridge LAN respectively from ethernet 2 to ethernet 5 with same PVID of 10 (VLAN ID) respectively.

vlan configuration in mikrotik router using bridge
PVID selections inside Bridge Port of WLAN
vlan configuration in mikrotik router using bridge
PVID selection of Ethernet Interfaces under Bridge LAN

 

Bridge VLAN Filtering

This is the last configuration that needs to be done after all the completion.  In this method, you create a bridge interface and assign VLANs to it. Each VLAN is associated with a bridge port, and you enable VLAN filtering on the bridge. By enabling bridge VLAN filtering, you establish a mechanism to segregate network traffic into different VLANs, allowing for better network management, security, and performance. With VLAN filtering enabled, the bridge will only forward traffic between the VLAN interfaces and ports that are associated with the same VLAN. Traffic between different VLANs will be blocked by default

When you assign VLAN 10 to all the Ethernet ports inside a bridge, here’s how it works:

  1. VLAN Tagging: Each Ethernet port associated with the bridge will add a VLAN tag with the ID of VLAN 10 to outgoing frames. This VLAN tag identifies the frames as belonging to VLAN 10.
  2. VLAN Separation: When incoming frames are received on the Ethernet ports, the bridge will examine the VLAN tags. If the VLAN tag matches VLAN 10, the frame is forwarded within the bridge. Frames without a VLAN tag or with a different VLAN tag will be dropped by default.
  3. VLAN Interface: The bridge will have a VLAN interface configured for VLAN 10. This VLAN interface will handle the incoming and outgoing traffic for VLAN 10.
  4. VLAN Filtering: With VLAN filtering enabled on the bridge, the bridge will only allow traffic between the VLAN interface and the Ethernet ports associated with VLAN 10. This ensures that only VLAN 10 traffic can pass through the bridge.
  5. VLAN Isolation: Traffic from one VLAN (e.g., VLAN 10) will be isolated from traffic in other VLANs. This means that devices in VLAN 10 will not be able to directly communicate with devices in other VLANs unless specific rules or configurations are in place to allow such communication.
vlan configuration in mikrotik router using bridge
VLAN filtering on Bridge LAN

After the complete configuration, we could even check the WLAN-connected clients to see if it is VLAN 20 or not. so lets see by connecting and checking through Torch here.

vlan configuration in mikrotik router using bridge
Torch to analyze the WLAN interface

Read also: GOOGLE CLASSROOM VS SATURN APP: WHICH ONE IS RIGHT FOR STUDENTS?

 

Just for a Better grasp of the concept

A VLAN interface acts as a gateway or routing interface for the corresponding VLAN, allowing traffic to flow between different VLANs or to the router itself. It provides a logical separation and routing capability for each VLAN within the router.
It allows you to configure network settings, such as IP address, subnet mask, gateway, and other parameters, specifically for a particular VLAN.
The conceptual scenario and ideas to better understand the technical aspect of it could be better understood once you go through the steps above.

 

Conclusion

The same VLAN could be configured using a different approach as well. Switch Chip is another reliable way that uses a hardware approach for VLAN processing. It means no use of CPU like Bridge VLAN filtration.  The concept needs to be understood thoroughly before even applying it ourselves.  It must be properly documented step by step.  Mikrotik Router provides valuable services for its price. I highly recommend Network Enthusiast use one to test its functionality.  It operated on many levels from the Firewall,  Hotspot server, and Radius Server to normal routing.

 

If you’re not sure what certification to do, the Cisco CCNA is a great best place to get started. It’s by far the most in-demand networking cert in the job market, and it also gives you core skills required for any cloud or data center role.

Here’s the average base salary for a CCNA network engineer (as shown on glassdoor.com):

You can take the highest-rated CCNA course online here. It has an average rating of 4.7 out of 5 from over 10,000 public student reviews, and it gives you an easy-to-understand, step-by-step path to pass the exam in 6 weeks.

And best of all, it’s on special offer.

 

PS Getting the CCNA is easier than you probably imagine:

Click here to enroll in the CCNA Gold Bootcamp.

 

P.S.  I make a small commission on courses I personally recommend, at no additional cost to you. I only recommend the highest quality resources which I use myself and know will grow your career.

Leave a Comment

Your email address will not be published. Required fields are marked *