Mikrotik Switch Commands (Create VLAN, Assign PORTS)

Question

I've been working with a cisco switch and the commands are very simple;

eg/ vlan 100 (will add a vlan called 100)

interface 1/0/1 vlan 100 (will assign the vlan 100 to the port)

It seems mikrotik isn't the same. I don't have a mikrotik switch, but the commands given to me are:

    //add name=vlan200 interface=ether2 vlan-id=200
    //add ports=switch1-cpu, ethernet vlan-id=200 learn=yes

These seem overly complex. Are these the correct commands? Does any Mikrotik guru know where I can test the commands without a switch?

Answer 1

So I've found the answer. After managing to obtain a Mikrotik switch. There is a great class for connecting to MK command prompt - it's linked here: API in C Sharp

The commands are:

/interface ethernet switch vlan add switch="[yourswitch]" vlan-id="[yourvlan]" ports="[porttoassign]"

To assign the port:

/interface ethernet switch port set [yourport] vlan-mode=secure vlan-header=always-strip default-vlan-id=[yourvlan]

If you are using the MK class you need to write it separately. It looks more like this:

MK mikrotik = new MK("192.168.188.1");
        if (mikrotik.Login("admin", "admin"))
        {
            mikrotik.Send("/interface/ethernet/switch/vlan/add");
            mikrotik.Send("=switch=switch1");
            mikrotik.Send("=vlan-id=333");

            mikrotik.Send("=ports=ether4", true);

            foreach (string h in mikrotik.Read())
            {
                Console.WriteLine(h);
            }

Answer 2

There are several ways on Mikrotik to use the VLANs depending on the device. If is a Router or a Switch and if the Switch can do hardware offloading or not. In the Mikrotik Wiki you'll have detailed information.

The most simple way I found to manage the vlans is:

• Create a bridge with all the interfaces you want to manage (trunk and access ports)
• Create the vlans you want
• Add the ports to the bridge port setting a pvid if they are access ports
• Add the ports to the bridge vlan allowing the vlans you want

Here the Mikrotik code with an example with two vlans 10, 20. One access port per vlan (ether1 and ether2) and one trunk port on ether4 passing both vlans.

Be careful, and ensure to have at least one port without vlans or a serial cable to access the device if something goes wrong.

/interface bridge
add name=bridge-vlans vlan-filtering=yes

/interface vlan
add interface=bridge-vlans name=private-users-vlan vlan-id=10
add interface=bridge-vlans name=public-users-vlan vlan-id=20

/interface bridge port
add bridge=bridge-vlans comment="Access port on vlan10" interface=ether1 pvid=10
add bridge=bridge-vlans comment="Access port on vlan20" interface=ether2 pvid=20
add bridge=bridge-vlans comment="Trunk port vlan 10&20" interface=ether4

/interface bridge vlan
add bridge=bridge-vlans tagged=bridge-vlans,ether1 untagged=ether1 vlan-ids=10
add bridge=bridge-vlans tagged=bridge-vlans,ether1 untagged=ether2 vlan-ids=20

If your device is a router and you want a DHCP server on a VLAN you have to:

• Set vlan interface as interface in the DHCP
• Assign an IP address the VLAN interface (as any other interface)

Here the Mikrotik code:

/ip dhcp-server
add address-pool=private-ips disabled=no interface=private-users-vlan lease-time=2h name=private-dhcp
add address-pool=public-ips disabled=no interface=public-users-vlan lease-time=2h name=public-dhcp
/ip address
add address=192.168.1.1/24 interface=private-users-vlan
add address=192.168.2.1/24 interface=public-users-vlan

Answer 3

There is no need to use switch in Mikrotik to accomplish that.
You can create a vlan Interface on a specific port like this:

 int vlan add vlan-id=1 interface=ether1 use-service-tag=yes 

* With use-service-tag=yes option it acts like switch port access vlan1,
* Without it or with use-service-tag=no it acts like trunk port allowing vlan1