About Me
MikroTik Certified Network Associate (MTCNA)
1 Introduction to Networking
1-1 Basic Networking Concepts
1-2 OSI Model
1-3 TCPIP Model
1-4 IP Addressing
1-5 Subnetting
2 Introduction to MikroTik RouterOS
2-1 RouterOS Overview
2-2 RouterOS Installation
2-3 RouterOS Licensing
2-4 RouterOS Interface Overview
2-5 RouterOS Command Line Interface (CLI)
2-6 RouterOS Graphical User Interface (GUI)
3 Basic Router Configuration
3-1 Router Identification
3-2 Interface Configuration
3-3 IP Address Assignment
3-4 Default Gateway Configuration
3-5 DNS Configuration
3-6 Basic Firewall Configuration
4 Routing
4-1 Static Routing
4-2 Dynamic Routing Protocols
4-3 OSPF Configuration
4-4 BGP Configuration
4-5 Policy-Based Routing
5 Network Address Translation (NAT)
5-1 Introduction to NAT
5-2 Basic NAT Configuration
5-3 Port Address Translation (PAT)
5-4 One-to-One NAT
5-5 Hairpin NAT
6 Firewall and Security
6-1 Firewall Basics
6-2 Firewall Rules Configuration
6-3 NAT Rules Configuration
6-4 Traffic Shaping and QoS
6-5 VPN Basics
6-6 IPsec VPN Configuration
7 Wireless Networking
7-1 Wireless Basics
7-2 Wireless Interface Configuration
7-3 Wireless Security
7-4 Wireless Bridging
7-5 Wireless Access Point Configuration
8 Advanced Topics
8-1 VLAN Configuration
8-2 DHCP Server Configuration
8-3 DHCP Relay Configuration
8-4 PPPoE Server Configuration
8-5 PPPoE Client Configuration
8-6 Hotspot Configuration
8-7 Load Balancing
8-8 High Availability (Failover)
9 Troubleshooting and Maintenance
9-1 Basic Troubleshooting Techniques
9-2 Log Analysis
9-3 Backup and Restore
9-4 Firmware Updates
9-5 System Monitoring
10 Practical Exercises
10-1 Basic Router Configuration Exercise
10-2 Static Routing Exercise
10-3 NAT Configuration Exercise
10-4 Firewall Configuration Exercise
10-5 Wireless Configuration Exercise
10-6 Advanced Configuration Exercise
10-7 Troubleshooting Exercise
8-1 VLAN Configuration Explained

8-1 VLAN Configuration Explained

VLAN (Virtual Local Area Network) configuration is a critical aspect of network management, allowing for the segmentation of a physical network into multiple logical networks. Understanding VLAN configuration is essential for the MikroTik Certified Network Associate (MTCNA) certification.

Key Concepts

1. VLAN Overview

A VLAN is a logical network segment that groups together devices based on criteria such as function, project team, or application, rather than physical location. This segmentation improves network performance, security, and management.

2. VLAN Types

There are several types of VLANs, including:

3. VLAN Tags

VLAN tags are used to identify the VLAN to which a packet belongs. The tag is added to the Ethernet frame, allowing switches to route the packet to the correct VLAN.

4. Trunking

Trunking is the process of carrying multiple VLANs over a single physical link. This is achieved by tagging each packet with the appropriate VLAN ID, allowing the receiving switch to route the packet to the correct VLAN.

5. VLAN Configuration Steps

Configuring VLANs on a MikroTik router involves several steps, including creating the VLAN, assigning interfaces to the VLAN, and configuring trunking.

Detailed Explanation

VLAN Overview

VLANs allow network administrators to segment a physical network into multiple logical networks, improving performance and security. For example, a company might create separate VLANs for HR, IT, and guest networks, ensuring that traffic is isolated and secure.

VLAN Types

Port-Based VLANs are the most common, where devices are assigned to a VLAN based on the switch port they are connected to. MAC Address-Based VLANs are useful for mobile devices that may connect to different ports. Protocol-Based VLANs are used to segment traffic based on the network protocol, such as IP or IPX.

VLAN Tags

VLAN tags are added to Ethernet frames, allowing switches to identify the VLAN to which the packet belongs. The tag includes the VLAN ID, which is used to route the packet to the correct VLAN. For example, a packet with a VLAN ID of 10 would be routed to the VLAN 10 network.

Trunking

Trunking allows multiple VLANs to be carried over a single physical link. This is achieved by tagging each packet with the appropriate VLAN ID, allowing the receiving switch to route the packet to the correct VLAN. For example, a trunk link between two switches might carry VLANs 10, 20, and 30, each with its own VLAN ID.

VLAN Configuration Steps

To configure VLANs on a MikroTik router, follow these steps:

  1. Create the VLAN using the command: /interface vlan add name=VLAN10 vlan-id=10
  2. Assign interfaces to the VLAN using the command: /interface vlan add interface=ether1 vlan-id=10
  3. Configure trunking by setting the appropriate VLAN IDs on the trunk interface: /interface bridge port add bridge=bridge1 interface=ether2 pvid=10

Examples and Analogies

Example: VLAN Overview

Think of VLANs as separate rooms in a house. Just as each room serves a different purpose, each VLAN serves a different function within the network. For example, the living room (VLAN) might be for guests, while the office (VLAN) is for work.

Example: VLAN Types

Consider VLAN types as different ways to organize a library. Port-Based VLANs are like organizing books by shelf, MAC Address-Based VLANs are like organizing books by author, and Protocol-Based VLANs are like organizing books by genre.

Example: VLAN Tags

Imagine VLAN tags as labels on packages. Just as a label indicates the destination of a package, a VLAN tag indicates the VLAN to which a packet belongs. For example, a package labeled "HR" would be delivered to the HR department.

Example: Trunking

Think of trunking as a multi-lane highway. Just as a highway carries multiple lanes of traffic, a trunk link carries multiple VLANs. For example, a trunk link might carry VLANs 10, 20, and 30, each with its own lane.

Example: VLAN Configuration Steps

Configuring VLANs is like setting up a new department in a company. First, you create the department (VLAN), then you assign employees (interfaces) to the department, and finally, you set up communication channels (trunking) between departments.

By mastering VLAN configuration, you can effectively segment and manage your network, improving performance and security.

© 2024 Ahmed Baheeg Khorshid. All rights reserved.