Mikrotik VLAN Workshop Prague Final

VLANWorkshop.
Presenter: PaulEriksson
VLANWorkshop2009RoamingNetSweden(www.roamingnet.com)
Aboutthispresentation
AseedfromtheforumbyRandy(Graham)?:
http://forum.mikrotik.com/viewtopic.php?f=2&t=24352
ThisWorkshopcouldlastforhours..., butthereisonly45min.
Aboutthecompany
RoamingNetSweden.
HelpsorganizationstoincreasetheROIin networking. Designinganddeploymentofwiredandwireless networks. Networkanalysisandproblemsolving. Projectmanaging. Worldwidesupportfordifferentclientsindifferent countries.CooperateswithRoamingwireInc.

VLANWorkshop2009RoamingNetSweden(www.roamingnet.com) 3
Aboutme
HaveatechnicaldegreeasaElectricEngineer Beeninnetworkingsince1989. Seniornetworkingconsultant CertifiedMikroTiknetworkconsultant. (MTCZ0016). CertifiedMikroTikTrainer.(TR0027).
Topics
WhyVLANs.? BriefEthernetfundamentals. BriefVLANfundamentals Switchconfigurations. HowVLANsarebuiltinMikroTikRouterOS.
Topics
HowVLANsarebuiltinawirelessenvironment. Demosystem. Summary. Questions.
WhyVLANs
Segmenttraffic,TripplePlay Limitingbroadcastdomains Provideuniquetrafficshapingopportunities (firewall,QoS,etc.) Securethenetwork Provideremotemaintenancewithoutinterfering withtherunningnetwork.

WhyVLANs
ProvidingasingleHotSpotmodel
Ethernetfundamentals
ThetwotypesofEthernetframesusedin networkingaresimilar.TheDIXV2.0frame, frequentlyreferredtoastheEthernetIIframe, andtheIEEE802.3frame. BothprovidingOSIlevel3withtheneededdata field.Thisfieldisalsosometimesreferredtoas theMTUsizeofthepacket.

VLANfundamentals
10
VLANfundamentals
802.1QworkinggroupprovidedaVLANstandard thatinsertsafourbytetagintoastandardEthernet frame.Since802.1Qarrivedmorethen20years aftertheinventionofEthernet,thereareplentyof VLANunawaredevices.TherestillarelotsofNICs thatdonotsupportthe4byteextrafield.These devicesarenotsuitableforVLANtaggingbecause theMTU(layer3packet)sizeneedstobelimited.
11
Switchconfigurations
Therearetwodifferenttypesofswitchports.
Edgeports:(Untagged,Cisco:AccessPort) AswitchportisconfiguredtobepartofaVLAN withoutsendingthe4bytetag.UsedwithVLAN unawaredevicesi.eclientcomputer,printer. Coreport:(Tagged,Cisco:TrunkPort) Aswitchportisconfiguredtosendoutthe4byte tag.UsedwithVLANawaredevicesi.eswitches, routersandservers.

Switchconfigurations
Coreswitches interconnectwithother switches. Edgeswitches connectstothecore andtoclient computers,printersand othernonVLANaware devices.

HowVLANsarebuiltinRouterOS
Commands:

/interfacebridgeaddname=br2 /interfacebridgeportaddbridge=br2interface=ether2 /interfacebridgeportaddbridge=br2interface=ether3 /interfacevlanaddname=br2vl2interface=br2vlanid=2disabled=no
Butnowwecannotuseuntaggedinterfacesin theVLAN
HowVLANsarebuiltinawireless environment.
CreateaWDSinterfaceon bothends. AddtheWDSinterfaceinto thebridge.
Wlan2
Wlan1
Wlan1
Wlan2
Ether1
Ether1
15
HowVLANsarebuiltinawireless environment.
Commands:
/interfacewirelesswdsaddname=wdsmt2masterinterface=wlan1wds address=01:02:03:04:05:06disabled=no /interfacebridgeportaddbridge=br2interface=wdsrtrnet02
16
STPandRSTP
Theproblemswithmultiplebridgeand STP/RSTPseemtocausedofunmaturelinux kernel2.6software. Theconfigurationworkswell,buttheRSTP PVST(PVST=PerVLANSpanningTree), meaningPerBridgeSpanningTreeinROS functionwouldbegreat.SupportforMST 802.1sMultipleSpanningTreeareneeded.

Demonetwork
Thenetworkarebuiltwith: 2RouterBoard532A 1CiscoCatalyst2950(SWRNET01) 1HPProcurve2512(SWRNET02) Thereisonemainswitchnetwork(SWSWGE) andtreeredundantnetworks(SWSWFE),(RT RTCable)and(RTRTWDS) TesttrafficfromLAPRNET01toLAPRNET02

Demonetwork
19
20
21
SWSWGEcabledisconnected
22
SWSWFEdisconnected
23
RTRTCabledisconnected
24
ConfigurationofRTRNET01
#ScriptforconfiguringtheMikrotiktohaveonesinglebridgeandcreatetheVLANontopofthatbridge. /sysidsetname=RTRNET01 #Setupwireless /intwiresetwlan1modeapcountry="czechrepublic"band=5ghzhideyeswdsmodestaticdisabledno /intwirewdsaddmasterwlan1name=wdsrtrnet02wdsaddress=00:0C:42:05:AA:B5 /intwireaccaddauthyesforwyesintwlan1mac=00:0C:42:05:AA:B5 #Addingthebridges /intbraddnamebr2protrstppri0xffff #Addinginterfacestothebridges /intbrpoaddbridgebr2intether2path10000 /intbrpoaddbridgebr2intether3path30000 /intbrpoaddbridgebr2intwdsrtrnet02path40000 #AddingtheVLANinterfaces /intvlanaddnamebr2vl2intbr2vlan2disno /intvlanaddnamebr2vl5intbr2vlan5disno /intvlanaddnamebr2vl10intbr2vlan10disno #AddinganmgmtIP /ipaddraddadd172.30.99.1/24intbr2vl2 #SetupSNMP /snmpsetcontact=noc@roamingnet.comenabled=yeslocation="PragMuM2009"
25
ConfigurationofRTRNET02
#ScriptforconfiguringtheMikrotiktohaveonesinglebridgeandcreatetheVLANontopofthatbridge. /sysidsetname=RTRNET02 #Setupwireless /intwiresetwlan1modeapcountry="czechrepublic"band=5ghzhideyeswdsmodestaticdisabledno /intwirewdsaddmasterwlan1name=wdsrtrnet01wdsaddress=00:0C:42:05:AA:B0disabledno /intwireaccaddauthyesforwyesintwlan1mac=00:0C:42:05:AA:B0 #Addingthebridges /intbraddnamebr2protrstppri0xffff #Addinginterfacestothebridges /intbrpoaddbridgebr2intether2path10000 /intbrpoaddbridgebr2intether3path30000 /intbrpoaddbridgebr2intwdsrtrnet01path40000 #AddingtheVLANinterfaces /intvlanaddnamebr2vl2intbr2vlan2disno /intvlanaddnamebr2vl5intbr2vlan5disno /intvlanaddnamebr2vl10intbr2vlan10disno #AddinganmgmtIP /ipaddraddadd172.30.99.2/24intbr2vl2 #SetupSNMP /snmpsetcontact=noc@roamingnet.comenabled=yeslocation="PragMuM2009"
26
ConfigurationofSWRNET01
SWRNET01#shoconf Using2181outof32768bytes ! version12.1 noservicepad servicetimestampsdebuguptime servicetimestampsloguptime noservicepasswordencryption ! hostnameSWRNET01 ! enablesecret5xxxxxxxxxxxxxxxxxxxxxxxxxxx ! ipsubnetzero ! ipsshtimeout120 ipsshauthenticationretries3 vtpmodetransparent ! ! spanningtreemodemst nospanningtreeoptimizebpdutransmission spanningtreeextendsystemid ! ! ! ! vlan2 namemgmt ! vlan5 nameISP1 ! vlan10 nameISP2 ! vlan97 ! interfaceFastEthernet0/1 switchporttrunkallowedvlan1,2,5,10 switchportmodetrunk spanningtreecost10000 ! interfaceFastEthernet0/2 switchporttrunkallowedvlan2,5,10 switchportmodetrunk spanningtreecost10000 ! interfaceFastEthernet0/3 ! interfaceFastEthernet0/4 ! interfaceFastEthernet0/5 ! interfaceFastEthernet0/6 ! interfaceFastEthernet0/7 ! interfaceFastEthernet0/8 ! interfaceFastEthernet0/9 ! interfaceFastEthernet0/10 ! interfaceFastEthernet0/11 ! interfaceFastEthernet0/12 ! interfaceFastEthernet0/13 ! interfaceFastEthernet0/14 ! interfaceFastEthernet0/15 ! interfaceFastEthernet0/16 ! interfaceFastEthernet0/17 ! interfaceFastEthernet0/18 ! interfaceFastEthernet0/19 ! interfaceFastEthernet0/20 ! interfaceFastEthernet0/21 ! interfaceFastEthernet0/22 ! interfaceFastEthernet0/23 ! interfaceFastEthernet0/24 ! interfaceGigabitEthernet0/1 switchporttrunkallowedvlan2,5,10 switchportmodetrunk spanningtreecost1000 ! interfaceGigabitEthernet0/2 switchporttrunkallowedvlan1,2,5,10 switchportmodetrunk ! interfaceVlan1 noipaddress noiproutecache shutdown ! interfaceVlan2 ipaddress172.30.99.11255.255.255.0 noiproutecache ! interfaceVlan5 noipaddress noiproutecache shutdown ! interfaceVlan10 noipaddress noiproutecache shutdown ! iphttpserver snmpservercommunitypublicRO snmpserverlocationPragMuM2009 snmpservercontactnoc@roamingnet.com ! linecon0 linevty04 passwordRoamingNet login linevty515 passwordRoamingNet login ! ! end
27
ConfigurationofSWRNET02
Startupconfiguration: ;J4812AConfigurationEditor;Createdonrelease#F.05.69 hostname"SWRNET02" snmpservercontact"noc@roamingnet.com" snmpserverlocation"PragMuM2009" maxvlans16 cdprun snmpservercommunity"public"Unrestricted vlan1 name"DEFAULT_VLAN" forbid12,13 untagged512,14 noipaddress nountagged14,13 exit vlan2 name"mgmt" ipaddress172.30.99.12255.255.255.0 tagged12,56,1213 exit vlan5 name"ISP1" untagged34 tagged12,56,1213 exit vlan10 name"ISP2" tagged12,56,1213 exit managementvlan2 noaaaportaccessauthenticatoractive spanningtree spanningtreepriority5 spanningtree13pathcost1000 spanningtree14pathcost10000 passwordmanager passwordoperator exit
28
Summary
VLANssegmentsthebroadcastdomain. VLANshelpsyousecurethenetwork. ForVLANinwirelessnetworks,createWDS connectionsfirst,thenlayerontheVLAN! SpanningTreecanonlybeusedonbridgeswith physicalandWDSinterfaces. SupportforMST802.1s(MultipleSpanningTree)isa needifdifferentpathcostsonphysicalandVLAN interfacesshallbeused.

ThankYou!
Paul Eriksson
Mobile: +46706210055 eMail: periksson@roamingnet.com Fax: +46696129010 CV: http://www.linkedin.com/in/periksson

Mikrotik VLAN Workshop Prague Final

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Mikrotik VLAN Workshop Prague Final

Hochgeladen von

Copyright:

Verfügbare Formate

VLANWorkshop.

HelpsorganizationstoincreasetheROIin networking. Designinganddeploymentofwiredandwireless networks. Networkanalysisandproblemsolving. Projectmanaging. Worldwidesupportfordifferentclientsindifferent countries.CooperateswithRoamingwireInc.

HaveatechnicaldegreeasaElectricEngineer Beeninnetworkingsince1989. Seniornetworkingconsultant CertifiedMikroTiknetworkconsultant. (MTCZ0016). CertifiedMikroTikTrainer.(TR0027).

WhyVLANs.? BriefEthernetfundamentals. BriefVLANfundamentals Switchconfigurations. HowVLANsarebuiltinMikroTikRouterOS.

HowVLANsarebuiltinawirelessenvironment. Demosystem. Summary. Questions.

Segmenttraffic,TripplePlay Limitingbroadcastdomains Provideuniquetrafficshapingopportunities (firewall,QoS,etc.) Securethenetwork Provideremotemaintenancewithoutinterfering withtherunningnetwork.

ThetwotypesofEthernetframesusedin networkingaresimilar.TheDIXV2.0frame, frequentlyreferredtoastheEthernetIIframe, andtheIEEE802.3frame. BothprovidingOSIlevel3withtheneededdata field.Thisfieldisalsosometimesreferredtoas theMTUsizeofthepacket.

Edgeports:(Untagged,Cisco:AccessPort) AswitchportisconfiguredtobepartofaVLAN withoutsendingthe4bytetag.UsedwithVLAN unawaredevicesi.eclientcomputer,printer. Coreport:(Tagged,Cisco:TrunkPort) Aswitchportisconfiguredtosendoutthe4byte tag.UsedwithVLANawaredevicesi.eswitches, routersandservers.

Coreswitches interconnectwithother switches. Edgeswitches connectstothecore andtoclient computers,printersand othernonVLANaware devices.

/interfacebridgeaddname=br2 /interfacebridgeportaddbridge=br2interface=ether2 /interfacebridgeportaddbridge=br2interface=ether3 /interfacevlanaddname=br2vl2interface=br2vlanid=2disabled=no

CreateaWDSinterfaceon bothends. AddtheWDSinterfaceinto thebridge.

/interfacewirelesswdsaddname=wdsmt2masterinterface=wlan1wds address=01:02:03:04:05:06disabled=no /interfacebridgeportaddbridge=br2interface=wdsrtrnet02

Theproblemswithmultiplebridgeand STP/RSTPseemtocausedofunmaturelinux kernel2.6software. Theconfigurationworkswell,buttheRSTP PVST(PVST=PerVLANSpanningTree), meaningPerBridgeSpanningTreeinROS functionwouldbegreat.SupportforMST 802.1sMultipleSpanningTreeareneeded.

Thenetworkarebuiltwith: 2RouterBoard532A 1CiscoCatalyst2950(SWRNET01) 1HPProcurve2512(SWRNET02) Thereisonemainswitchnetwork(SWSWGE) andtreeredundantnetworks(SWSWFE),(RT RTCable)and(RTRTWDS) TesttrafficfromLAPRNET01toLAPRNET02

Das könnte Ihnen auch gefallen