yostnet
asked on
MIKRO TIK ROUTERS CISCO 2960
I have a MT 450G and a CISCO 2960
I have been using WINBOX to manage the MT
I would like to create about 20 VLANS and route them out to internet.
So far I have the VLANS created but do not see how to assign network schemes to each vlans and how to trunk them.
Any experience with the MT please chime in.
I have been using WINBOX to manage the MT
I would like to create about 20 VLANS and route them out to internet.
So far I have the VLANS created but do not see how to assign network schemes to each vlans and how to trunk them.
Any experience with the MT please chime in.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Yes you need to create the VLANs on your switch but you don't configure an IP address on the VLANs on the switch, you do that on the Mikrotik router instead. On the port where the Mikrotik router connects you should configure it as a trunk and allow the VLANs.
On the Mikrotik, add an interface and choose VLAN, then set it to use the relevant physical port. In IP -> Addresses, add the IP addresses and attach them to the appropriate VLAN instead of the physical port.
On the Mikrotik, add an interface and choose VLAN, then set it to use the relevant physical port. In IP -> Addresses, add the IP addresses and attach them to the appropriate VLAN instead of the physical port.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
ok - I have found where in winbox to add the ip's for the VLANS |
where can I find the trunk and allow VPN option(s)?
thanks
where can I find the trunk and allow VPN option(s)?
thanks
Adding VLANs to an interface created the trunk for you. You can't allow or block VLANs on the Mikrotik like you do on the 2960 - if you add a VLAN to the interface it's allowed, otherwise it's blocked.
VPN is configured in either the IPSec and/or Interface menu (depending on which you want).
VPN is configured in either the IPSec and/or Interface menu (depending on which you want).
ASKER
sounds good |
A couple more questions -
I guess port 1 will be my egress point to the router. Is there something I need to do to turn NAT on for that?
Is there a that I can limit each vlan just to its own vlan and not be able to see other vlan IP addresses?
A couple more questions -
I guess port 1 will be my egress point to the router. Is there something I need to do to turn NAT on for that?
Is there a that I can limit each vlan just to its own vlan and not be able to see other vlan IP addresses?
To NAT, simply use the IP Firewall and create a SRC-NAT for outbound NAT. You can also limit each VLAN in the IP Firewall tab by creating a rule in the forward chain.
ASKER
thx to all
ASKER
Either I was missing something, but could not figure out where to add/update the IP addresses.
In typical CISCO setup, I have a L3 switch, configure the VLANS, trunk the relevant ports and away I go.
In this case, do I need to create the VLANS on switch as well, or should the VLAN setup on the MT be pushed to the switch.
If you guys would not mind grabbing a few screen shots of one (if you have one) then that may help.
thanks