How to configure mikrotik network equipment » History » Revision 18
Revision 17 (Nico Schottelius, 05/21/2020 04:51 PM) → Revision 18/32 (Nico Schottelius, 05/21/2020 04:52 PM)
h1. How to configure mikrotik network equipment {{toc}} h2. Status This document is **PRE PRODUCTION**. h2. Setting up a newly arrived Mikrotik switch This part is specific for mikrotik-crs326 devices and should After arriving within 1 work day do: * Unpack * Find out which name the switch should have ** go to https://netbox.ungleich.ch ** search for crs326 ** identify the last used number ** Create a new device *** go to devices *** devices *** add **** name: "mikrotik-crs326-XX" **** device-role: a device role **** device-type: CRS326 **** serial-number: <from the device> **** site: placeX - **** create * Add a physical label with its name ** Do not continue before you have done that! * configure your notebook with the ipv4 address 192.168.88.23/24 * connect to the crs326: @ssh admin@192.168.88.1@ * Configure the switch ** Set identity: @/system identity set name=mikrotik-crs326-XX@ # use the correct name ** Set password: @/user set admin password=@ # use the password for mikrotik in the place that you are, use password store ** Enable IPv6: @/system package enable ipv6@ ** Reboot so that IPv6 is enabled: @/system reboot@ ** Add a place indendent, unrouted IPv6 address: @/ipv6 address add eui-64=yes advertise=no interface=bridge address=2a0a:e5c0:1:c::/64@ ** Get the assigned IPv6 address: @/ipv6 address print@ ** Disconnect from the switch * Assign your notebook the IPv6 address *2a0a:e5c0:1:c::23/64* * Connect to the switch via IPv6 ** Remove the IPv4 address 192.168.88.1 to avoid collisions with other switches: @/ip address remove numbers=0@ *** Verify: @/ip address print@ * Verify / update entries in netbox: ** Verify that the serial number is correct: @:put [ /system routerboard get serial-number ]@ ** Netbox *** go to the ipv6 prefix https://netbox.ungleich.ch/ipam/prefixes/216/ **** create a new ipv6 address **** set the DNS name to *mikrotik-crs326-XX* **** role = loopback * Ensure all steps are taken correctly * Move the device to our inventory / stock if not directly used h2. Configuring a Mikrotik switch for integration into the network Depending on the usage scenario, we will define a variety of bridges and assign ports to it. * In almost all cases the uplink port will be the *sfp-sfpplus1* port. * In almost all cases we want to apply vlan tagging to that port * For server networks, we configure the MTU to the highest value the switch supports ** Devices are configured with a 9200 MTU ** So the MTU on the switch ports needs to be at least 9200 h3. First step for all integrations Setup MTU of all *sfp-sfpplus* ports (plural) to 9200 and the L2MTU to 9204: Use @/interface print@ to find out the maximum MTU: <pre> [admin@mikrotik-crs326-1] > /interface print Flags: D - dynamic, X - disabled, R - running, S - slave # NAME TYPE ACTUAL-MTU L2MTU MAX-L2MTU MAC-ADDRESS 0 S ether1 ether 9200 9204 10218 B8:69:F4:8E:AC:BA 1 S ether2 ether 9200 9204 10218 B8:69:F4:8E:AC:BB ... 24 R sfp-sfpplus1 ether 9200 9204 10218 B8:69:F4:8E:AC:D2 25 sfp-sfpplus2 ether 9200 9204 10218 B8:69:F4:8E:AC:D3 </pre> Above is already setup, but the values differ, use the following to set it correctly: <pre> /interface set sfp-sfpplus1 mtu=9200 l2mtu=9204 /interface set sfp-sfpplus2 mtu=9200 l2mtu=9204 </pre> h3. Use case 1: coworking network To use the switch in a coworking network, we keep the MTU * Create a vlan interface named *vlan-coworking*: @/interface vlan add vlan-id=15 name=vlan-coworking interface=sfp-sfpplus1@ ** Verify that it is created: @/interface vlan print@ ** Lookup the vlan-id from https://netbox.ungleich.ch/ipam/vlans/ ** The vlan will be added to *sfp-sfpplus1* * Create a bridge named *bridge-coworking*: @/interface bridge add name=bridge-coworking@ ** Verify that it is created: @/interface print@ * Add the interface *vlan-coworking* to the *bridge-coworking* as a port: @/interface vlan add interface=vlan-coworking@ ** Verify that the port is added: @/interface vlan print@ * Add all ethernet ports that you need for coworking to the *bridge-coworking* ** For instance to add port 7: @/interface bridge port set bridge=bridge-coworking numbers=6@ *** Find the number of the interface with @/interface bridge port print@ ** Verify again like you did above h3. Use case 2: server or internal network Steps similar to above, BUT ensure that the MTU is set correctly on all interfaces. * Ensure that the mtu is correct on the *sfp-sfplus* interfaces (see above) ** This is important * We create a bridge named ** *bridge-server*: @SAMI@ ** *bridge-internal*: @SAMI@ * We create a new vlan interface on *sfp-sfpplus1* named ** *vlan-server*: @SAMI@ ** *vlan-internal*: @SAMI@ * Add the ** *vlan-server* interface as a port to *bridge-server*: @SAMI@ *bridge-server* ** *vlan-internal* interface as a port to *bridge-internal*: @SAMI@ *bridge-internal* * Verify that the MTU is correct ** On the VLAN interface ** On the bridge ** On the sfp-sfapplus interfaces If the MTUs are wrong, you can encounter hanging connections, while ping (small packet) still works. Be careful to do it right. h2. Update the switch to the latest version (TBD for IPv6 only networks) o