Project

General

Profile

How to configure mikrotik network equipment » History » Version 15

Nico Schottelius, 05/21/2020 04:25 PM

1 1 Nico Schottelius
h1. How to configure mikrotik network equipment
2
3 6 Nico Schottelius
{{toc}}
4 1 Nico Schottelius
5
h2. Status
6
7
This document is **PRE PRODUCTION**.
8
9
h2. Setting up a newly arrived Mikrotik switch
10
11
This part is specific for mikrotik-crs326 devices and should
12
13
After arriving within 1 work day do:
14
15
* Unpack
16
* Find out which name the switch should have
17
** go to https://netbox.ungleich.ch
18
** search for crs326
19
** identify the last used number
20
** Create a new device
21
*** go to devices 
22
*** devices
23
*** add
24
**** name: "mikrotik-crs326-XX"
25
**** device-role: a device role
26
**** device-type: CRS326
27
**** serial-number: <from the device>
28
**** site: placeX -
29
**** create
30
* Add a physical label with its name
31
** Do not continue before you have done that!
32
* configure your notebook with the ipv4 address 192.168.88.23/24 
33
* connect to the crs326: @ssh admin@192.168.88.1@
34
* Configure the switch
35
** Set identity: @/system identity set name=mikrotik-crs326-XX@ # use the correct name
36
** Set password: @/user set admin password=@ # use the password for mikrotik in the place that you are, use password store
37
** Enable IPv6: @/system package enable ipv6@
38
** Reboot so that IPv6 is enabled: @/system reboot@
39 2 Nico Schottelius
** Add a place indendent, unrouted IPv6 address: @/ipv6 address add eui-64=yes advertise=no interface=bridge address=2a0a:e5c0:1:c::/64@
40
** Get the assigned IPv6 address: @/ipv6 address print@
41
** Disconnect from the switch
42
* Assign your notebook the IPv6 address *2a0a:e5c0:1:c::23/64*
43 1 Nico Schottelius
* Connect to the switch via IPv6
44 3 Nico Schottelius
** Remove the IPv4 address 192.168.88.1 to avoid collisions with other switches: @/ip address remove numbers=0@
45
*** Verify: @/ip address print@
46
* Verify / update entries in netbox:
47
** Verify that the serial number is correct: @:put [ /system routerboard get serial-number ]@
48 4 Nico Schottelius
** Netbox
49
*** go to the ipv6 prefix https://netbox.ungleich.ch/ipam/prefixes/216/
50
**** create a new ipv6 address
51
**** set the DNS name to *mikrotik-crs326-XX*
52 5 Nico Schottelius
**** role = loopback
53 6 Nico Schottelius
* Ensure all steps are taken correctly
54
* Move the device to our inventory / stock if not directly used
55 7 Nico Schottelius
56
57
h2. Configuring a Mikrotik switch for integration into the network
58
59
Depending on the usage scenario, we will define a variety of bridges and assign ports to it.
60
61
* In almost all cases the uplink port will be the *sfp-sfpplus1* port.
62
* In almost all cases we want to apply vlan tagging to that port
63
* For server networks, we configure the MTU to the highest value the switch supports
64
** Devices are configured with a 9200 MTU
65
** So the MTU on the switch ports needs to be at least 9200
66
67
h3. First step for all integrations
68
69 8 Nico Schottelius
Setup MTU of all *sfp-sfpplus* ports (plural) to 9200 and the L2MTU to 9204:
70 1 Nico Schottelius
71 8 Nico Schottelius
Use @/interface print@ to find out the maximum MTU:
72
73
<pre>
74
[admin@mikrotik-crs326-1] > /interface print 
75
Flags: D - dynamic, X - disabled, R - running, S - slave 
76
 #     NAME                                TYPE       ACTUAL-MTU L2MTU  MAX-L2MTU MAC-ADDRESS      
77
 0   S ether1                              ether            9200  9204      10218 B8:69:F4:8E:AC:BA
78
 1   S ether2                              ether            9200  9204      10218 B8:69:F4:8E:AC:BB
79
...
80
24  R  sfp-sfpplus1                        ether            9200  9204      10218 B8:69:F4:8E:AC:D2
81
25     sfp-sfpplus2                        ether            9200  9204      10218 B8:69:F4:8E:AC:D3
82
</pre>
83
84
Above is already setup, but the values differ, use the following to set it correctly:
85
86
<pre>
87
/interface set sfp-sfpplus1 mtu=9200 l2mtu=9204
88
/interface set sfp-sfpplus2 mtu=9200 l2mtu=9204
89
</pre>
90
91 7 Nico Schottelius
h3. Use case 1: coworking network
92 1 Nico Schottelius
93 9 Nico Schottelius
To use the switch in a coworking network, we keep the MTU
94
95 13 Samuel Hailu
* Create a vlan interface named *vlan-coworking*: @//interface vlan> /interface vlan add  vlan-id=15 name=vlan-coworking interface=sfp-sfpplus1 
96
[admin@mikrotik-crs326-9] /interface vlan> /interface vlan add  vlan-id=15 name=vlan-coworking interface=
97
sfp-sfpplus1 
98
@
99 9 Nico Schottelius
** Lookup the vlan-id from https://netbox.ungleich.ch/ipam/vlans/
100 12 Nico Schottelius
** The vlan will be added to *sfp-sfpplus1*
101 14 Samuel Hailu
* Create a bridge named *bridge-coworking*: @//interface bridge add name=bridge-coworking@
102 15 Nico Schottelius
** Verify that it is created: @SAMI@
103 14 Samuel Hailu
* Add the interface *vlan-coworking* to the *bridge-coworking* as a port: @//interface vlan add interface=vlan-coworking @
104 15 Nico Schottelius
** Verify that the port is added: @SAMI@
105 9 Nico Schottelius
* Add all ethernet ports that you need for coworking to the *bridge-coworking*
106 10 Nico Schottelius
** For instance to add port 7: @/something something sami@
107 15 Nico Schottelius
** Verify again like you did above
108 8 Nico Schottelius
109
h2. Update the switch to the latest version
110
111
(TBD for IPv6 only networks)
112
o