<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix"> There are two ways to do VLAN
tagging in the mikrotik router, one is via the switch
chip(hardware dependent) and the other is more commonly seen done
in RouterOS(In the CPU). Not many people take advantage of the
switch-chip method as there is little proper documentation on it
and it doesn't work on ALL mikrotik devices(chipset dependant). <br>
<br>
That said, for those that do have programmable switch chips in
there mikrotik router device. Then tagging at switch chip level is
fast and doesn't require CPU % cycles to do it, and it will do
INGRESS and EGRESS tagging and TRUNKING nicely. There is also some
nice coding available if you want to apply logic rules to tagging.
Ow and the switch chip menu is where you can do port mirroring if
you need to packet capture a port for things like full packet
capture for auditing purposes!!<br>
<br>
If you do VLAN work in the CPU/RouterOS rather than at switch
chip level then it will eat a small amount of CPU resources,
always better to offload to a wirespeed hardware chip when latency
of traffic is critical.<br>
<br>
<a
href="http://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features">http://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features</a><br>
<br>
Regards All<br>
Greg McLennan<br>
-------------------------------------------------------------------------------------------<br>
<br>
On 9/02/2013 12:02 PM, Paul Gear wrote:<br>
</div>
<blockquote cite="mid:5115A023.9070605@libertysys.com.au"
type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<div class="moz-cite-prefix">On 02/08/2013 09:11 AM, Thomas
Jackson wrote:<br>
</div>
<blockquote
cite="mid:000b01ce0588$7cac2270$76046750$@thomax.com.au"
type="cite">
<pre wrap="">I've seen you mention VLAN tagging on Mikrotik several times, and I'm not
sure where you have been stuck on this.
/interface vlan add interface=ether1 name=my-vlan vlan-id=100
Creates a virtual interface called my-vlan, primary interface ether1, VLAN
ID 100. From there, it is treated like another interface in the rest of the
system (routing, firewall etc). If you want to use VLANs on a switch group,
define your switch group by defining the master-port on each slave port,
then use the above command with your master port.</pre>
</blockquote>
<br>
Here's the configuration tutorial i started with:<br>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://wiki.mikrotik.com/wiki/Vlans_on_Mikrotik_environment">http://wiki.mikrotik.com/wiki/Vlans_on_Mikrotik_environment</a><br>
<br>
As it stands, it works. Now take the configuration they outline
there, and produce an equivalent config to this one from a Cisco
2950:<br>
<br>
int f0/1<br>
switchport mode trunk<br>
switchport trunk native vlan 10<br>
switchport trunk allowed vlan 20<br>
int f0/2<br>
switchport mode trunk<br>
switchport trunk native vlan 20<br>
switchport trunk allowed vlan 30<br>
int f0/3<br>
switchport mode trunk<br>
switchport trunk native vlan 30<br>
switchport trunk allowed vlan 10<br>
int f0/4<br>
description Uplink<br>
switchport mode trunk<br>
switchport trunk allowed vlan 10,20,30<br>
<br>
Or, even simpler and clearer on a ProCurve:<br>
<br>
vlan 10<br>
untagged 1<br>
tagged 3-4<br>
vlan 20<br>
untagged 2<br>
tagged 1,4<br>
vlan 30<br>
untagged 3<br>
tagged 2,4<br>
<br>
To do this with the Mikrotik we need to:<br>
<ul>
<li>Add another VLAN with an access port. Pretty
straightforward.<br>
</li>
<li>Add a tagged VLAN to each access port (it could be for
voice, servers, or whatever). Not hard, but this definitely
produces a configuration which is a whole lot more complex
than the sample on the wiki.<br>
</li>
</ul>
Now do it on the switch chip. This is my lay-down misère. When
you go here, you end up dealing with stuff that is (as far as i
can work out) just a thin CLI wrapper around the switch chip's
TCAM API. (It turns a 2-minute job into a 2-hour job for me. I'm
sure others who are more skilled and practiced with RouterOS could
get it down to 20 minutes or so.)<br>
<br>
Those working in service provider environments may not mess around
with VLAN tagging much, but for me these are everyday tasks, and i
don't have that kind of time to spend on it.<br>
<br>
<blockquote
cite="mid:000b01ce0588$7cac2270$76046750$@thomax.com.au"
type="cite">
<pre wrap="">Obviously Mikrotik isn't going to suit everything (and I don't think it is
quite the right fit for this use), but they are great when used in the right
place like any tool. Comparing a routing platform that can do some switching
(Mikrotik) to switching platforms (Netgear GS108T or ProCurve 1810G) isn't
quite a direct comparison either.</pre>
</blockquote>
<br>
This did start as a thread about suitable 12V switches... <span
class="moz-smiley-s1"><span> :-) </span></span><br>
<br>
<blockquote
cite="mid:000b01ce0588$7cac2270$76046750$@thomax.com.au"
type="cite">
<pre wrap="">To tenuously get back to topic, the GS108T
is powered from a wall-wart if my memory is right, so may actually suit this
use-case. I would rather saw my arm off than use a Netgear GS108T after some
previous bad experiences, but that is a story for a different day!</pre>
</blockquote>
<br>
That was my point - i feel the same way about Netgear GS108Ts and
ProCurve 1810s. <span class="moz-smiley-s3"><span> ;-) </span></span><br>
<br>
Paul<br>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
AusNOG mailing list
<a class="moz-txt-link-abbreviated" href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a>
<a class="moz-txt-link-freetext" href="http://lists.ausnog.net/mailman/listinfo/ausnog">http://lists.ausnog.net/mailman/listinfo/ausnog</a>
</pre>
</blockquote>
<br>
</body>
</html>