Re: [WISPA] basic mikrotik question
Hey Butch, Just got back to review this list ... thanks for the very useful post about letting the Mikrotiks participate in the trunking. Much appreciated! Adam - Original Message - From: Butch Evans but...@butchevans.com To: WISPA General List wireless@wispa.org Sent: Saturday, June 13, 2009 2:14 PM Subject: Re: [WISPA] basic mikrotik question On Sat, 2009-06-13 at 09:01 -0400, Adam Greene wrote: A while back we experimented with trunking VLANs over a Mikrotik backhaul, and *at the same time* putting the Mikrotiks themselves into a tagged 802.1q management VLAN. We had major problems with that. I just did this the other day. There are several possible scenarios that you can do: 1. Straight passing of vlan tags (just simple layer2 bridge) where the MT is not participating in any of the vlans. This is very easy, as you said. 2. Passthrough of tagged traffic and the MT participates in one or more vlans (management vlan for example). This, too, is fairly easy. * Build the bridge to include the ports that will passthrough traffic. * Build a bridge to host the management vlan. * Create a vlan on the passthrough bridge and add this vlan interface to the vlan host bridge. DO NOT add the management vlan as a port on the passthrough bridge * managment IP address would be assigned to the vlan host bridge 3. VLAN termination with trunked port. Simply add vlan interfaces on the physical interface. IP addresses for each vlan would be assigned to the vlan interfaces themselves. The physical interface would then be equivalent to a Cisco trunk port. Each vlan is a routing interface in this scenario. 4. VLAN participation where multiple ports participate in the vlan. This is a bit more complex type of configuration and describing steps to create this would be too difficult to do here in a generic fasion. You can, of course, have combinations of all the above. The trick with Mikrotik is a matter of creative use of bridges and vlans and understanding traffic flow at layer 2. -- * Butch Evans * Professional Network Consultation* * http://www.butchevans.com/* Network Engineering * * http://www.wispa.org/ * WISPA Board Member * * http://blog.butchevans.com/ * Wired or Wireless Networks * WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] basic mikrotik question
A while back we experimented with trunking VLANs over a Mikrotik backhaul, and *at the same time* putting the Mikrotiks themselves into a tagged 802.1q management VLAN. We had major problems with that. But yeah, just bridging 802.1q VLANs over the Mikrotiks while keeping the radios themselves in an untagged management subnet, I expected that that should work. Thanks, all, for the feedback! Adam - Original Message - From: Butch Evans but...@butchevans.com To: WISPA General List wireless@wispa.org Sent: Saturday, June 13, 2009 1:52 AM Subject: Re: [WISPA] basic mikrotik question On Sat, 2009-06-13 at 01:26 -0400, Josh Luthman wrote: Ya, not a Vlan person myself. I prefer routers. VLAN does not necessarily preclude routing. VLANs are a layer 2 method of segmenting the network. You can route on top of a VLAN layer. I am not a fan of VLANs because a large part of the time I see them used, they add complexity to the network when it is not necessary to do so. Used correctly, VLANs are a really easy way to provide segmentation and broadcast controls. -- * Butch Evans * Professional Network Consultation* * http://www.butchevans.com/* Network Engineering * * http://www.wispa.org/ * WISPA Board Member * * http://blog.butchevans.com/ * Wired or Wireless Networks * WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] basic mikrotik question
On Sat, 2009-06-13 at 09:01 -0400, Adam Greene wrote: A while back we experimented with trunking VLANs over a Mikrotik backhaul, and *at the same time* putting the Mikrotiks themselves into a tagged 802.1q management VLAN. We had major problems with that. I just did this the other day. There are several possible scenarios that you can do: 1. Straight passing of vlan tags (just simple layer2 bridge) where the MT is not participating in any of the vlans. This is very easy, as you said. 2. Passthrough of tagged traffic and the MT participates in one or more vlans (management vlan for example). This, too, is fairly easy. * Build the bridge to include the ports that will passthrough traffic. * Build a bridge to host the management vlan. * Create a vlan on the passthrough bridge and add this vlan interface to the vlan host bridge. DO NOT add the management vlan as a port on the passthrough bridge * managment IP address would be assigned to the vlan host bridge 3. VLAN termination with trunked port. Simply add vlan interfaces on the physical interface. IP addresses for each vlan would be assigned to the vlan interfaces themselves. The physical interface would then be equivalent to a Cisco trunk port. Each vlan is a routing interface in this scenario. 4. VLAN participation where multiple ports participate in the vlan. This is a bit more complex type of configuration and describing steps to create this would be too difficult to do here in a generic fasion. You can, of course, have combinations of all the above. The trick with Mikrotik is a matter of creative use of bridges and vlans and understanding traffic flow at layer 2. -- * Butch Evans * Professional Network Consultation* * http://www.butchevans.com/* Network Engineering * * http://www.wispa.org/ * WISPA Board Member * * http://blog.butchevans.com/ * Wired or Wireless Networks * WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] basic mikrotik question
Question on this... If you simply make the MT bridge the traffic, leaving VLAN tags alone, could torch see the traffic? On 6/13/09, Butch Evans but...@butchevans.com wrote: On Sat, 2009-06-13 at 09:01 -0400, Adam Greene wrote: A while back we experimented with trunking VLANs over a Mikrotik backhaul, and *at the same time* putting the Mikrotiks themselves into a tagged 802.1q management VLAN. We had major problems with that. I just did this the other day. There are several possible scenarios that you can do: 1. Straight passing of vlan tags (just simple layer2 bridge) where the MT is not participating in any of the vlans. This is very easy, as you said. 2. Passthrough of tagged traffic and the MT participates in one or more vlans (management vlan for example). This, too, is fairly easy. * Build the bridge to include the ports that will passthrough traffic. * Build a bridge to host the management vlan. * Create a vlan on the passthrough bridge and add this vlan interface to the vlan host bridge. DO NOT add the management vlan as a port on the passthrough bridge * managment IP address would be assigned to the vlan host bridge 3. VLAN termination with trunked port. Simply add vlan interfaces on the physical interface. IP addresses for each vlan would be assigned to the vlan interfaces themselves. The physical interface would then be equivalent to a Cisco trunk port. Each vlan is a routing interface in this scenario. 4. VLAN participation where multiple ports participate in the vlan. This is a bit more complex type of configuration and describing steps to create this would be too difficult to do here in a generic fasion. You can, of course, have combinations of all the above. The trick with Mikrotik is a matter of creative use of bridges and vlans and understanding traffic flow at layer 2. -- * Butch Evans * Professional Network Consultation* * http://www.butchevans.com/* Network Engineering * * http://www.wispa.org/ * WISPA Board Member * * http://blog.butchevans.com/ * Wired or Wireless Networks * WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 When you have eliminated the impossible, that which remains, however improbable, must be the truth. --- Sir Arthur Conan Doyle WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] basic mikrotik question
On Sat, 2009-06-13 at 16:55 -0400, Josh Luthman wrote: Question on this... If you simply make the MT bridge the traffic, leaving VLAN tags alone, could torch see the traffic? Yes, that should be no problem. -- * Butch Evans * Professional Network Consultation* * http://www.butchevans.com/* Network Engineering * * http://www.wispa.org/ * WISPA Board Member * * http://blog.butchevans.com/ * Wired or Wireless Networks * WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
[WISPA] basic mikrotik question
Hi ... I'm planning to deploy a Mikrotik backhaul, with the Mikrotiks themselves in an untagged management subnet. The traffic passing over the backhaul would be 802.1q tagged (i.e. customer traffic, each customer in their own VLAN). I assume this should work without a hitch, right? Maybe a dumb question but better safe than sorry ... Thanks, Adam WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] basic mikrotik question
no problem at all -- Kristi Fundu IT-NTS dooel www.it-nts.mk WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] basic mikrotik question
Pretty sure no problems. Use bridge (or ap bridge) and station modes is my suggestion. Don't do anything with VLANs myself. On 6/12/09, Adam Greene maill...@webjogger.net wrote: Hi ... I'm planning to deploy a Mikrotik backhaul, with the Mikrotiks themselves in an untagged management subnet. The traffic passing over the backhaul would be 802.1q tagged (i.e. customer traffic, each customer in their own VLAN). I assume this should work without a hitch, right? Maybe a dumb question but better safe than sorry ... Thanks, Adam WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 When you have eliminated the impossible, that which remains, however improbable, must be the truth. --- Sir Arthur Conan Doyle WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] basic mikrotik question
On Fri, 2009-06-12 at 18:19 -0400, Adam Greene wrote: I'm planning to deploy a Mikrotik backhaul, with the Mikrotiks themselves in an untagged management subnet. The traffic passing over the backhaul would be 802.1q tagged (i.e. customer traffic, each customer in their own VLAN). I assume this should work without a hitch, right? Maybe a dumb question but better safe than sorry ... It must be something in the waterI went several years without a VLAN call and now it seems I've done 3 or 4 this year alone. Either way, what you want is very easy to do (though it may not be so straightforward if you have not worked with MT vlans) and works correctly. NOTE: I said works correctly above instead of works well mostly because I don't like a vlan based architecture. With that caveat, as far as Mikrotik is concerned, vlans work well. -- * Butch Evans * Professional Network Consultation* * http://www.butchevans.com/* Network Engineering * * http://www.wispa.org/ * WISPA Board Member * * http://blog.butchevans.com/ * Wired or Wireless Networks * WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] basic mikrotik question
But even without touching Vlan config on his MT bridge I'm pretty sure it'll pass it like a dumb switch right? On 6/12/09, Butch Evans but...@butchevans.com wrote: On Fri, 2009-06-12 at 18:19 -0400, Adam Greene wrote: I'm planning to deploy a Mikrotik backhaul, with the Mikrotiks themselves in an untagged management subnet. The traffic passing over the backhaul would be 802.1q tagged (i.e. customer traffic, each customer in their own VLAN). I assume this should work without a hitch, right? Maybe a dumb question but better safe than sorry ... It must be something in the waterI went several years without a VLAN call and now it seems I've done 3 or 4 this year alone. Either way, what you want is very easy to do (though it may not be so straightforward if you have not worked with MT vlans) and works correctly. NOTE: I said works correctly above instead of works well mostly because I don't like a vlan based architecture. With that caveat, as far as Mikrotik is concerned, vlans work well. -- * Butch Evans * Professional Network Consultation* * http://www.butchevans.com/* Network Engineering * * http://www.wispa.org/ * WISPA Board Member * * http://blog.butchevans.com/ * Wired or Wireless Networks * WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 When you have eliminated the impossible, that which remains, however improbable, must be the truth. --- Sir Arthur Conan Doyle WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] basic mikrotik question
On Fri, 2009-06-12 at 19:10 -0400, Josh Luthman wrote: But even without touching Vlan config on his MT bridge I'm pretty sure it'll pass it like a dumb switch right? Yes. If it's a bridge, it will pass the layer 2 stuff unhindered. Just have to create the management VLAN on the bridge and assign IPs to the bridge. It's pretty simple, really. At least this type of configuration is simple. You can create some pretty complex solutions if you try, though. -- * Butch Evans * Professional Network Consultation* * http://www.butchevans.com/* Network Engineering * * http://www.wispa.org/ * WISPA Board Member * * http://blog.butchevans.com/ * Wired or Wireless Networks * WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] basic mikrotik question
Ya, not a Vlan person myself. I prefer routers. On 6/13/09, Butch Evans but...@butchevans.com wrote: On Fri, 2009-06-12 at 19:10 -0400, Josh Luthman wrote: But even without touching Vlan config on his MT bridge I'm pretty sure it'll pass it like a dumb switch right? Yes. If it's a bridge, it will pass the layer 2 stuff unhindered. Just have to create the management VLAN on the bridge and assign IPs to the bridge. It's pretty simple, really. At least this type of configuration is simple. You can create some pretty complex solutions if you try, though. -- * Butch Evans * Professional Network Consultation* * http://www.butchevans.com/* Network Engineering * * http://www.wispa.org/ * WISPA Board Member * * http://blog.butchevans.com/ * Wired or Wireless Networks * WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 When you have eliminated the impossible, that which remains, however improbable, must be the truth. --- Sir Arthur Conan Doyle WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] basic mikrotik question
On Sat, 2009-06-13 at 01:26 -0400, Josh Luthman wrote: Ya, not a Vlan person myself. I prefer routers. VLAN does not necessarily preclude routing. VLANs are a layer 2 method of segmenting the network. You can route on top of a VLAN layer. I am not a fan of VLANs because a large part of the time I see them used, they add complexity to the network when it is not necessary to do so. Used correctly, VLANs are a really easy way to provide segmentation and broadcast controls. -- * Butch Evans * Professional Network Consultation* * http://www.butchevans.com/* Network Engineering * * http://www.wispa.org/ * WISPA Board Member * * http://blog.butchevans.com/ * Wired or Wireless Networks * WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
