Working Scenario
I am using the RB951u-2hnd model Mikrotik router. Here I have created two VLANs respectively for Ethernet ports interfaces and WLAN interfaces i.e., VLAN 10 and VLAN 20 respectivelyVLANS have been created using Bridge. To create Vlans, we need to properly understand it
Clear the concept of bridge
Creating two VLANs on WLAN interface and ethernet interfaces respectively
Implementing Trunk and VLAN access
Assigning the PVID to each Bridge port
It’s important to note that if a port is configured as an access port (carrying only untagged frames), it should have the PVID and VLAN ID set to the same value in WLAN with PVID of 20 and interface of their Bridge LAN respectively from ethernet 2 to ethernet 5 with same PVID of 10 (VLAN ID) respectively.
Bridge VLAN Filtering
This is the last configuration that needs to be done after all the completion. In this method, you create a bridge interface and assign VLANs to it. Each VLAN is associated with a bridge port, and you enable VLAN filtering on the bridge. By enabling bridge VLAN filtering, you establish a mechanism to segregate network traffic into different VLANs, allowing for better network management, security, and performance. With VLAN filtering enabled, the bridge will only forward traffic between the VLAN interfaces and ports that are associated with the same VLAN. Traffic between different VLANs will be blocked by default
When you assign VLAN 10 to all the Ethernet ports inside a bridge, here’s how it works:
- VLAN Tagging: Each Ethernet port associated with the bridge will add a VLAN tag with the ID of VLAN 10 to outgoing frames. This VLAN tag identifies the frames as belonging to VLAN 10.
- VLAN Separation: When incoming frames are received on the Ethernet ports, the bridge will examine the VLAN tags. If the VLAN tag matches VLAN 10, the frame is forwarded within the bridge. Frames without a VLAN tag or with a different VLAN tag will be dropped by default.
- VLAN Interface: The bridge will have a VLAN interface configured for VLAN 10. This VLAN interface will handle the incoming and outgoing traffic for VLAN 10.
- VLAN Filtering: With VLAN filtering enabled on the bridge, the bridge will only allow traffic between the VLAN interface and the Ethernet ports associated with VLAN 10. This ensures that only VLAN 10 traffic can pass through the bridge.
- VLAN Isolation: Traffic from one VLAN (e.g., VLAN 10) will be isolated from traffic in other VLANs. This means that devices in VLAN 10 will not be able to directly communicate with devices in other VLANs unless specific rules or configurations are in place to allow such communication.
After the complete configuration, we could even check the WLAN-connected clients to see if it is VLAN 20 or not. so lets see by connecting and checking through Torch here.
Read also: GOOGLE CLASSROOM VS SATURN APP: WHICH ONE IS RIGHT FOR STUDENTS?
Just for a Better grasp of the concept
Conclusion
The same VLAN could be configured using a different approach as well. Switch Chip is another reliable way that uses a hardware approach for VLAN processing. It means no use of CPU like Bridge VLAN filtration. The concept needs to be understood thoroughly before even applying it ourselves. It must be properly documented step by step. Mikrotik Router provides valuable services for its price. I highly recommend Network Enthusiast use one to test its functionality. It operated on many levels from the Firewall, Hotspot server, and Radius Server to normal routing.
If you’re not sure what certification to do, the Cisco CCNA is a great best place to get started. It’s by far the most in-demand networking cert in the job market, and it also gives you core skills required for any cloud or data center role.
Here’s the average base salary for a CCNA network engineer (as shown on glassdoor.com):
You can take the highest-rated CCNA course online here. It has an average rating of 4.7 out of 5 from over 10,000 public student reviews, and it gives you an easy-to-understand, step-by-step path to pass the exam in 6 weeks.
And best of all, it’s on special offer.
PS Getting the CCNA is easier than you probably imagine:
Click here to enroll in the CCNA Gold Bootcamp.
P.S. I make a small commission on courses I personally recommend, at no additional cost to you. I only recommend the highest quality resources which I use myself and know will grow your career.