...
Each VLAN is treated as a separate subnet. It means that by default, a host in a specific VLAN cannot communicate with a host that is a member of another VLAN, although they are connected in to the same switch. So if you want inter-VLAN communication you need a router. RouterOS supports up to 4095 VLAN interfaces, each with a unique VLAN ID, per interface. VLAN priorities may also be used and manipulated.
...
| Property | Description |
|---|---|
| arp (disabled | enabled | local-proxy-arp | proxy-arp | reply-only; Default: enabled) | Address Resolution Protocol setting
|
| arp-timeout (auto | integer; Default: auto) | How long the ARP record is kept in the ARP table after no packets are received from IP. Value auto equals to the value of arp-timeout in IP/Settings, default is 30s. |
| disabled (yes | no; Default: no) | Changes whether the bridge is disabled. |
| interface (name; Default: ) | Name of the interface on top of which VLAN will work |
| mvrp (yes | no; Default: no) | Specifies whether this VLAN should declare its attributes through Multiple VLAN Registration Protocol (MVRP) as an applicant. It can be used to register the VLAN with connected bridges that support MVRP. This property only has an effect whenuse-service-tag is disabled. |
| mtu (integer; Default: 1500) | Layer3 Maximum transmission unit |
| name (string; Default: ) | Interface name |
| use-service-tag (yes | no; Default: ) | IEEE 802.1ad compatible Service Tag |
| vlan-id (integer: 4095; Default: 1) | Virtual LAN identifier or tag that is used to distinguish VLANs. Must be equal for all computers that belong to the same VLAN. |
...
There are multiple possible configurations that you can use, but each configuration type is designed for a special set of devices since some configuration methods will give you the benefits of the built-in switch chip and gain larger throughput. Check the Basic VLAN switching guide to see which configuration to use for each type of device to gain maximum possible throughput and compatibility, the guide shows how to setup set up a very basic VLAN trunk/access port configuration.
There are some other ways to setup set up VLAN tagging or VLAN switching, but the recommended way is to use Bridge VLAN Filtering. Make sure you have not used any known Layer2 misconfigurations.
...
| Code Block | ||
|---|---|---|
| ||
[admin@MikroTik] ip address> add address=10.10.10.5/24 interface=VLAN2 [admin@MikroTik] ip address> print Flags: X - disabled, I - invalid, D - dynamic # ADDRESS NETWORK BROADCAST INTERFACE 0 10.0.1.5/24 10.0.1.0 10.0.1.255 ether1 1 10.30.0.1/24 10.30.0.0 10.30.0.255 pc2 2 10.10.10.5/24 10.10.10.0 10.10.10.255 vlan2 [admin@MikroTik] ip address> |
At this point, it should be possible to ping router R4 from router R2 and vice versa:
...
If separate VLANs are implemented on a switch, then a router is required to provide communication between VLANs. A switch works at OSI layer 2 so it uses only the Ethernet header to forward and does not check the IP header. For this reason, we must use the router that is working as a gateway for each VLAN. Without a router, a host is unable to communicate outside of its own VLAN. The routing process between VLANs described above is called inter-VLAN communication.
...
Each VLAN has its own separate subnet (broadcast domain) as we see in the figure above:
- VLAN 2 – 10.10.20.0/24;
- VLAN 3 – 10.10.30.0/24;
- VLAN 4 – 10.10.40.0./24.
VLAN configuration on most switches is straightforward, basically, we need to define which ports are members of the VLANs and define a 'trunk' port that can carry tagged frames between the switch and the router.
...