VLANWorkshop.

Presenter:
PaulEriksson

VLANWorkshop2009RoamingNetSweden(www.roamingnet.com)

Aboutthispresentation

AseedfromtheforumbyRandy(Graham)?:
http://forum.mikrotik.com/viewtopic.php?f=2&t=24352

ThisWorkshopcouldlastforhours...,
butthereisonly45min.

VLANWorkshop2009RoamingNetSweden(www.roamingnet.com)

Aboutthecompany

RoamingNetSweden.

HelpsorganizationstoincreasetheROIin
networking.

Designinganddeploymentofwiredandwireless
networks.

Networkanalysisandproblemsolving.

Projectmanaging.

Worldwidesupportfordifferentclientsindifferent
countries.CooperateswithRoamingwireInc.
VLANWorkshop2009RoamingNetSweden(www.roamingnet.com)

Aboutme

HaveatechnicaldegreeasaElectricEngineer

Beeninnetworkingsince1989.

Seniornetworkingconsultant

CertifiedMikroTiknetworkconsultant.
(MTCZ0016).
CertifiedMikroTikTrainer.(TR0027).

VLANWorkshop2009RoamingNetSweden(www.roamingnet.com)

Topics

WhyVLANs.?

BriefEthernetfundamentals.

BriefVLANfundamentals

Switchconfigurations.

HowVLANsarebuiltinMikroTikRouterOS.

VLANWorkshop2009RoamingNetSweden(www.roamingnet.com)

Topics

HowVLANsarebuiltinawirelessenvironment.

Demosystem.

Summary.

Questions.

VLANWorkshop2009RoamingNetSweden(www.roamingnet.com)

WhyVLANs

Segmenttraffic,TripplePlay

Limitingbroadcastdomains

Provideuniquetrafficshapingopportunities
(firewall,QoS,etc.)
Securethenetwork
Provideremotemaintenancewithoutinterfering
withtherunningnetwork.
VLANWorkshop2009RoamingNetSweden(www.roamingnet.com)

WhyVLANs

ProvidingasingleHotSpotmodel

VLANWorkshop2009RoamingNetSweden(www.roamingnet.com)

Ethernetfundamentals

ThetwotypesofEthernetframesusedin
networkingaresimilar.TheDIXV2.0frame,
frequentlyreferredtoastheEthernetIIframe,
andtheIEEE802.3frame.
BothprovidingOSIlevel3withtheneededdata
field.Thisfieldisalsosometimesreferredtoas
theMTUsizeofthepacket.
VLANWorkshop2009RoamingNetSweden(www.roamingnet.com)

VLANfundamentals

VLANWorkshop2009RoamingNetSweden(www.roamingnet.com)

10

VLANfundamentals

802.1QworkinggroupprovidedaVLANstandard
thatinsertsafourbytetagintoastandardEthernet
frame.Since802.1Qarrivedmorethen20years
aftertheinventionofEthernet,thereareplentyof
VLANunawaredevices.TherestillarelotsofNICs
thatdonotsupportthe4byteextrafield.These
devicesarenotsuitableforVLANtaggingbecause
theMTU(layer3packet)sizeneedstobelimited.

VLANWorkshop2009RoamingNetSweden(www.roamingnet.com)

11

Switchconfigurations
Therearetwodifferenttypesofswitchports.

Edgeports:(Untagged,Cisco:AccessPort)
AswitchportisconfiguredtobepartofaVLAN
withoutsendingthe4bytetag.UsedwithVLAN
unawaredevicesi.eclientcomputer,printer.

Coreport:(Tagged,Cisco:TrunkPort)
Aswitchportisconfiguredtosendoutthe4byte
tag.UsedwithVLANawaredevicesi.eswitches,
routersandservers.
VLANWorkshop2009RoamingNetSweden(www.roamingnet.com)

12

Switchconfigurations

Coreswitches
interconnectwithother
switches.
Edgeswitches
connectstothecore
andtoclient
computers,printersand
othernonVLANaware
devices.
VLANWorkshop2009RoamingNetSweden(www.roamingnet.com)

13

HowVLANsarebuiltinRouterOS

Commands:

/interfacebridgeaddname=br2

/interfacebridgeportaddbridge=br2interface=ether2

/interfacebridgeportaddbridge=br2interface=ether3

/interfacevlanaddname=br2vl2interface=br2vlanid=2disabled=no

Butnowwecannotuseuntaggedinterfacesin
theVLAN
VLANWorkshop2009RoamingNetSweden(www.roamingnet.com)

14

HowVLANsarebuiltinawireless
environment.

Wlan2

Wlan1

Ether1

Wlan1

Wlan2

CreateaWDSinterfaceon
bothends.
AddtheWDSinterfaceinto
thebridge.

Ether1

VLANWorkshop2009RoamingNetSweden(www.roamingnet.com)

15

HowVLANsarebuiltinawireless
environment.

Commands:

/interfacewirelesswdsaddname=wdsmt2masterinterface=wlan1wds
address=01:02:03:04:05:06disabled=no

/interfacebridgeportaddbridge=br2interface=wdsrtrnet02

VLANWorkshop2009RoamingNetSweden(www.roamingnet.com)

16

STPandRSTP

Theproblemswithmultiplebridgeand
STP/RSTPseemtocausedofunmaturelinux
kernel2.6software.
Theconfigurationworkswell,buttheRSTP
PVST(PVST=PerVLANSpanningTree),
meaningPerBridgeSpanningTreeinROS
functionwouldbegreat.SupportforMST
802.1sMultipleSpanningTreeareneeded.
VLANWorkshop2009RoamingNetSweden(www.roamingnet.com)

17

Demonetwork

Thenetworkarebuiltwith:
2RouterBoard532A
1CiscoCatalyst2950(SWRNET01)
1HPProcurve2512(SWRNET02)
Thereisonemainswitchnetwork(SWSWGE)
andtreeredundantnetworks(SWSWFE),(RT
RTCable)and(RTRTWDS)
TesttrafficfromLAPRNET01toLAPRNET02
VLANWorkshop2009RoamingNetSweden(www.roamingnet.com)

18

Demonetwork

VLANWorkshop2009RoamingNetSweden(www.roamingnet.com)

19

VLANWorkshop2009RoamingNetSweden(www.roamingnet.com)

20

VLANWorkshop2009RoamingNetSweden(www.roamingnet.com)

21

SWSWGEcabledisconnected

VLANWorkshop2009RoamingNetSweden(www.roamingnet.com)

22

SWSWFEdisconnected

VLANWorkshop2009RoamingNetSweden(www.roamingnet.com)

23

RTRTCabledisconnected

VLANWorkshop2009RoamingNetSweden(www.roamingnet.com)

24

ConfigurationofRTRNET01
#ScriptforconfiguringtheMikrotiktohaveonesinglebridgeandcreatetheVLANontopofthatbridge.
/sysidsetname=RTRNET01
#Setupwireless
/intwiresetwlan1modeapcountry="czechrepublic"band=5ghzhideyeswdsmodestaticdisabledno
/intwirewdsaddmasterwlan1name=wdsrtrnet02wdsaddress=00:0C:42:05:AA:B5
/intwireaccaddauthyesforwyesintwlan1mac=00:0C:42:05:AA:B5
#Addingthebridges
/intbraddnamebr2protrstppri0xffff
#Addinginterfacestothebridges
/intbrpoaddbridgebr2intether2path10000
/intbrpoaddbridgebr2intether3path30000
/intbrpoaddbridgebr2intwdsrtrnet02path40000
#AddingtheVLANinterfaces
/intvlanaddnamebr2vl2intbr2vlan2disno
/intvlanaddnamebr2vl5intbr2vlan5disno
/intvlanaddnamebr2vl10intbr2vlan10disno
#AddinganmgmtIP
/ipaddraddadd172.30.99.1/24intbr2vl2
#SetupSNMP
/snmpsetcontact=noc@roamingnet.comenabled=yeslocation="PragMuM2009"

VLANWorkshop2009RoamingNetSweden(www.roamingnet.com)

25

ConfigurationofRTRNET02
#ScriptforconfiguringtheMikrotiktohaveonesinglebridgeandcreatetheVLANontopofthatbridge.
/sysidsetname=RTRNET02
#Setupwireless
/intwiresetwlan1modeapcountry="czechrepublic"band=5ghzhideyeswdsmodestaticdisabledno
/intwirewdsaddmasterwlan1name=wdsrtrnet01wdsaddress=00:0C:42:05:AA:B0disabledno
/intwireaccaddauthyesforwyesintwlan1mac=00:0C:42:05:AA:B0
#Addingthebridges
/intbraddnamebr2protrstppri0xffff
#Addinginterfacestothebridges
/intbrpoaddbridgebr2intether2path10000
/intbrpoaddbridgebr2intether3path30000
/intbrpoaddbridgebr2intwdsrtrnet01path40000
#AddingtheVLANinterfaces
/intvlanaddnamebr2vl2intbr2vlan2disno
/intvlanaddnamebr2vl5intbr2vlan5disno
/intvlanaddnamebr2vl10intbr2vlan10disno
#AddinganmgmtIP
/ipaddraddadd172.30.99.2/24intbr2vl2
#SetupSNMP
/snmpsetcontact=noc@roamingnet.comenabled=yeslocation="PragMuM2009"

VLANWorkshop2009RoamingNetSweden(www.roamingnet.com)

26

ConfigurationofSWRNET01
SWRNET01#shoconf
Using2181outof32768bytes
!
version12.1
noservicepad
servicetimestampsdebuguptime
servicetimestampsloguptime
noservicepasswordencryption
!
hostnameSWRNET01
!
enablesecret5xxxxxxxxxxxxxxxxxxxxxxxxxxx
!
ipsubnetzero
!
ipsshtimeout120
ipsshauthenticationretries3
vtpmodetransparent
!
!
spanningtreemodemst
nospanningtreeoptimizebpdutransmission
spanningtreeextendsystemid
!
!
!
!
vlan2
namemgmt
!
vlan5
nameISP1
!
vlan10
nameISP2
!
vlan97
!

interfaceFastEthernet0/1
switchporttrunkallowedvlan1,2,5,10
switchportmodetrunk
spanningtreecost10000
!
interfaceFastEthernet0/2
switchporttrunkallowedvlan2,5,10
switchportmodetrunk
spanningtreecost10000
!
interfaceFastEthernet0/3
!
interfaceFastEthernet0/4
!
interfaceFastEthernet0/5
!
interfaceFastEthernet0/6
!
interfaceFastEthernet0/7
!
interfaceFastEthernet0/8
!
interfaceFastEthernet0/9
!
interfaceFastEthernet0/10
!
interfaceFastEthernet0/11
!
interfaceFastEthernet0/12
!
interfaceFastEthernet0/13
!
interfaceFastEthernet0/14
!
interfaceFastEthernet0/15
!
interfaceFastEthernet0/16
!

interfaceFastEthernet0/17
!
interfaceFastEthernet0/18
!
interfaceFastEthernet0/19
!
interfaceFastEthernet0/20
!
interfaceFastEthernet0/21
!
interfaceFastEthernet0/22
!
interfaceFastEthernet0/23
!
interfaceFastEthernet0/24
!
interfaceGigabitEthernet0/1
switchporttrunkallowedvlan2,5,10
switchportmodetrunk
spanningtreecost1000
!
interfaceGigabitEthernet0/2
switchporttrunkallowedvlan1,2,5,10
switchportmodetrunk
!
interfaceVlan1
noipaddress
noiproutecache
shutdown
!
interfaceVlan2
ipaddress172.30.99.11255.255.255.0
noiproutecache
!
interfaceVlan5
noipaddress
noiproutecache
shutdown

!
interfaceVlan10
noipaddress
noiproutecache
shutdown
!
iphttpserver
snmpservercommunitypublicRO
snmpserverlocationPragMuM2009
snmpservercontactnoc@roamingnet.com
!
linecon0
linevty04
passwordRoamingNet
login
linevty515
passwordRoamingNet
login
!
!
end

VLANWorkshop2009RoamingNetSweden(www.roamingnet.com)

27

ConfigurationofSWRNET02
Startupconfiguration:
;J4812AConfigurationEditor;Createdonrelease#F.05.69
hostname"SWRNET02"
snmpservercontact"noc@roamingnet.com"
snmpserverlocation"PragMuM2009"
maxvlans16
cdprun
snmpservercommunity"public"Unrestricted
vlan1
name"DEFAULT_VLAN"
forbid12,13
untagged512,14
noipaddress
nountagged14,13
exit
vlan2
name"mgmt"
ipaddress172.30.99.12255.255.255.0
tagged12,56,1213
exit

vlan5
name"ISP1"
untagged34
tagged12,56,1213
exit
vlan10
name"ISP2"
tagged12,56,1213
exit
managementvlan2
noaaaportaccessauthenticatoractive
spanningtree
spanningtreepriority5
spanningtree13pathcost1000
spanningtree14pathcost10000
passwordmanager
passwordoperator
exit

VLANWorkshop2009RoamingNetSweden(www.roamingnet.com)

28

Summary

VLANssegmentsthebroadcastdomain.

VLANshelpsyousecurethenetwork.

ForVLANinwirelessnetworks,createWDS
connectionsfirst,thenlayerontheVLAN!
SpanningTreecanonlybeusedonbridgeswith
physicalandWDSinterfaces.
SupportforMST802.1s(MultipleSpanningTree)isa
needifdifferentpathcostsonphysicalandVLAN
interfacesshallbeused.
VLANWorkshop2009RoamingNetSweden(www.roamingnet.com)

29

ThankYou!

Paul Eriksson
Mobile: +46706210055
eMail: periksson@roamingnet.com
Fax:
+46696129010
CV:
http://www.linkedin.com/in/periksson
VLANWorkshop2009RoamingNetSweden(www.roamingnet.com)

30