How to configure mikrotik network equipment » History » Version 14
Samuel Hailu, 05/21/2020 04:24 PM
| 1 | 1 | Nico Schottelius | h1. How to configure mikrotik network equipment |
|---|---|---|---|
| 2 | |||
| 3 | 6 | Nico Schottelius | {{toc}} |
| 4 | 1 | Nico Schottelius | |
| 5 | h2. Status |
||
| 6 | |||
| 7 | This document is **PRE PRODUCTION**. |
||
| 8 | |||
| 9 | h2. Setting up a newly arrived Mikrotik switch |
||
| 10 | |||
| 11 | This part is specific for mikrotik-crs326 devices and should |
||
| 12 | |||
| 13 | After arriving within 1 work day do: |
||
| 14 | |||
| 15 | * Unpack |
||
| 16 | * Find out which name the switch should have |
||
| 17 | ** go to https://netbox.ungleich.ch |
||
| 18 | ** search for crs326 |
||
| 19 | ** identify the last used number |
||
| 20 | ** Create a new device |
||
| 21 | *** go to devices |
||
| 22 | *** devices |
||
| 23 | *** add |
||
| 24 | **** name: "mikrotik-crs326-XX" |
||
| 25 | **** device-role: a device role |
||
| 26 | **** device-type: CRS326 |
||
| 27 | **** serial-number: <from the device> |
||
| 28 | **** site: placeX - |
||
| 29 | **** create |
||
| 30 | * Add a physical label with its name |
||
| 31 | ** Do not continue before you have done that! |
||
| 32 | * configure your notebook with the ipv4 address 192.168.88.23/24 |
||
| 33 | * connect to the crs326: @ssh admin@192.168.88.1@ |
||
| 34 | * Configure the switch |
||
| 35 | ** Set identity: @/system identity set name=mikrotik-crs326-XX@ # use the correct name |
||
| 36 | ** Set password: @/user set admin password=@ # use the password for mikrotik in the place that you are, use password store |
||
| 37 | ** Enable IPv6: @/system package enable ipv6@ |
||
| 38 | ** Reboot so that IPv6 is enabled: @/system reboot@ |
||
| 39 | 2 | Nico Schottelius | ** Add a place indendent, unrouted IPv6 address: @/ipv6 address add eui-64=yes advertise=no interface=bridge address=2a0a:e5c0:1:c::/64@ |
| 40 | ** Get the assigned IPv6 address: @/ipv6 address print@ |
||
| 41 | ** Disconnect from the switch |
||
| 42 | * Assign your notebook the IPv6 address *2a0a:e5c0:1:c::23/64* |
||
| 43 | 1 | Nico Schottelius | * Connect to the switch via IPv6 |
| 44 | 3 | Nico Schottelius | ** Remove the IPv4 address 192.168.88.1 to avoid collisions with other switches: @/ip address remove numbers=0@ |
| 45 | *** Verify: @/ip address print@ |
||
| 46 | * Verify / update entries in netbox: |
||
| 47 | ** Verify that the serial number is correct: @:put [ /system routerboard get serial-number ]@ |
||
| 48 | 4 | Nico Schottelius | ** Netbox |
| 49 | *** go to the ipv6 prefix https://netbox.ungleich.ch/ipam/prefixes/216/ |
||
| 50 | **** create a new ipv6 address |
||
| 51 | **** set the DNS name to *mikrotik-crs326-XX* |
||
| 52 | 5 | Nico Schottelius | **** role = loopback |
| 53 | 6 | Nico Schottelius | * Ensure all steps are taken correctly |
| 54 | * Move the device to our inventory / stock if not directly used |
||
| 55 | 7 | Nico Schottelius | |
| 56 | |||
| 57 | h2. Configuring a Mikrotik switch for integration into the network |
||
| 58 | |||
| 59 | Depending on the usage scenario, we will define a variety of bridges and assign ports to it. |
||
| 60 | |||
| 61 | * In almost all cases the uplink port will be the *sfp-sfpplus1* port. |
||
| 62 | * In almost all cases we want to apply vlan tagging to that port |
||
| 63 | * For server networks, we configure the MTU to the highest value the switch supports |
||
| 64 | ** Devices are configured with a 9200 MTU |
||
| 65 | ** So the MTU on the switch ports needs to be at least 9200 |
||
| 66 | |||
| 67 | h3. First step for all integrations |
||
| 68 | |||
| 69 | 8 | Nico Schottelius | Setup MTU of all *sfp-sfpplus* ports (plural) to 9200 and the L2MTU to 9204: |
| 70 | 1 | Nico Schottelius | |
| 71 | 8 | Nico Schottelius | Use @/interface print@ to find out the maximum MTU: |
| 72 | |||
| 73 | <pre> |
||
| 74 | [admin@mikrotik-crs326-1] > /interface print |
||
| 75 | Flags: D - dynamic, X - disabled, R - running, S - slave |
||
| 76 | # NAME TYPE ACTUAL-MTU L2MTU MAX-L2MTU MAC-ADDRESS |
||
| 77 | 0 S ether1 ether 9200 9204 10218 B8:69:F4:8E:AC:BA |
||
| 78 | 1 S ether2 ether 9200 9204 10218 B8:69:F4:8E:AC:BB |
||
| 79 | ... |
||
| 80 | 24 R sfp-sfpplus1 ether 9200 9204 10218 B8:69:F4:8E:AC:D2 |
||
| 81 | 25 sfp-sfpplus2 ether 9200 9204 10218 B8:69:F4:8E:AC:D3 |
||
| 82 | </pre> |
||
| 83 | |||
| 84 | Above is already setup, but the values differ, use the following to set it correctly: |
||
| 85 | |||
| 86 | <pre> |
||
| 87 | /interface set sfp-sfpplus1 mtu=9200 l2mtu=9204 |
||
| 88 | /interface set sfp-sfpplus2 mtu=9200 l2mtu=9204 |
||
| 89 | </pre> |
||
| 90 | |||
| 91 | 7 | Nico Schottelius | h3. Use case 1: coworking network |
| 92 | 1 | Nico Schottelius | |
| 93 | 9 | Nico Schottelius | To use the switch in a coworking network, we keep the MTU |
| 94 | |||
| 95 | 13 | Samuel Hailu | * Create a vlan interface named *vlan-coworking*: @//interface vlan> /interface vlan add vlan-id=15 name=vlan-coworking interface=sfp-sfpplus1 |
| 96 | [admin@mikrotik-crs326-9] /interface vlan> /interface vlan add vlan-id=15 name=vlan-coworking interface= |
||
| 97 | sfp-sfpplus1 |
||
| 98 | @ |
||
| 99 | 9 | Nico Schottelius | ** Lookup the vlan-id from https://netbox.ungleich.ch/ipam/vlans/ |
| 100 | 12 | Nico Schottelius | ** The vlan will be added to *sfp-sfpplus1* |
| 101 | 14 | Samuel Hailu | * Create a bridge named *bridge-coworking*: @//interface bridge add name=bridge-coworking@ |
| 102 | * Add the interface *vlan-coworking* to the *bridge-coworking* as a port: @//interface vlan add interface=vlan-coworking @ |
||
| 103 | 9 | Nico Schottelius | * Add all ethernet ports that you need for coworking to the *bridge-coworking* |
| 104 | 10 | Nico Schottelius | ** For instance to add port 7: @/something something sami@ |
| 105 | 8 | Nico Schottelius | |
| 106 | h2. Update the switch to the latest version |
||
| 107 | |||
| 108 | (TBD for IPv6 only networks) |
||
| 109 | o |