How to configure mikrotik network equipment » History » Revision 19
« Previous |
Revision 19/32
(diff)
| Next »
Nico Schottelius, 05/21/2020 04:53 PM
How to configure mikrotik network equipment¶
- Table of contents
- How to configure mikrotik network equipment
Status¶
This document is PRE PRODUCTION.
Setting up a newly arrived Mikrotik switch¶
This part is specific for mikrotik-crs326 devices and should
After arriving within 1 work day do:
- Unpack
- Find out which name the switch should have
- go to https://netbox.ungleich.ch
- search for crs326
- identify the last used number
- Create a new device
- go to devices
- devices
- add
- name: "mikrotik-crs326-XX"
- device-role: a device role
- device-type: CRS326
- serial-number: <from the device>
- site: placeX -
- create
- Add a physical label with its name
- Do not continue before you have done that!
- configure your notebook with the ipv4 address 192.168.88.23/24
- connect to the crs326:
ssh admin@192.168.88.1
- Configure the switch
- Set identity:
/system identity set name=mikrotik-crs326-XX
# use the correct name - Set password:
/user set admin password=
# use the password for mikrotik in the place that you are, use password store - Enable IPv6:
/system package enable ipv6
- Reboot so that IPv6 is enabled:
/system reboot
- Add a place indendent, unrouted IPv6 address:
/ipv6 address add eui-64=yes advertise=no interface=bridge address=2a0a:e5c0:1:c::/64
- Get the assigned IPv6 address:
/ipv6 address print
- Disconnect from the switch
- Set identity:
- Assign your notebook the IPv6 address 2a0a:e5c0:1:c::23/64
- Connect to the switch via IPv6
- Remove the IPv4 address 192.168.88.1 to avoid collisions with other switches:
/ip address remove numbers=0
- Verify:
/ip address print
- Verify:
- Remove the IPv4 address 192.168.88.1 to avoid collisions with other switches:
- Verify / update entries in netbox:
- Verify that the serial number is correct:
:put [ /system routerboard get serial-number ]
- Netbox
- go to the ipv6 prefix https://netbox.ungleich.ch/ipam/prefixes/216/
- create a new ipv6 address
- set the DNS name to mikrotik-crs326-XX
- role = loopback
- go to the ipv6 prefix https://netbox.ungleich.ch/ipam/prefixes/216/
- Verify that the serial number is correct:
- Ensure all steps are taken correctly
- Move the device to our inventory / stock if not directly used
Configuring a Mikrotik switch for integration into the network¶
Depending on the usage scenario, we will define a variety of bridges and assign ports to it.
- In almost all cases the uplink port will be the sfp-sfpplus1 port.
- In almost all cases we want to apply vlan tagging to that port
- For server networks, we configure the MTU to the highest value the switch supports
- Devices are configured with a 9200 MTU
- So the MTU on the switch ports needs to be at least 9200
First step for all integrations¶
Setup MTU of all sfp-sfpplus ports (plural) to 9200 and the L2MTU to 9204:
Use /interface print
to find out the maximum MTU:
[admin@mikrotik-crs326-1] > /interface print Flags: D - dynamic, X - disabled, R - running, S - slave # NAME TYPE ACTUAL-MTU L2MTU MAX-L2MTU MAC-ADDRESS 0 S ether1 ether 9200 9204 10218 B8:69:F4:8E:AC:BA 1 S ether2 ether 9200 9204 10218 B8:69:F4:8E:AC:BB ... 24 R sfp-sfpplus1 ether 9200 9204 10218 B8:69:F4:8E:AC:D2 25 sfp-sfpplus2 ether 9200 9204 10218 B8:69:F4:8E:AC:D3
Above is already setup, but the values differ, use the following to set it correctly:
/interface set sfp-sfpplus1 mtu=9200 l2mtu=9204 /interface set sfp-sfpplus2 mtu=9200 l2mtu=9204
Use case 1: coworking network¶
To use the switch in a coworking network, we keep the MTU
- Create a vlan interface named vlan-coworking:
/interface vlan add vlan-id=15 name=vlan-coworking interface=sfp-sfpplus1
- Verify that it is created:
/interface vlan print
- Lookup the vlan-id from https://netbox.ungleich.ch/ipam/vlans/
- The vlan will be added to sfp-sfpplus1
- Verify that it is created:
- Create a bridge named bridge-coworking:
/interface bridge add name=bridge-coworking
- Verify that it is created:
/interface print
- Verify that it is created:
- Add the interface vlan-coworking to the bridge-coworking as a port:
/interface vlan add interface=vlan-coworking
- Verify that the port is added:
/interface vlan print
- Verify that the port is added:
- Add all ethernet ports that you need for coworking to the bridge-coworking
- For instance to add port 7:
/interface bridge port set bridge=bridge-coworking numbers=6
- Find the number of the interface with
/interface bridge port print
- Find the number of the interface with
- Verify again like you did above
- For instance to add port 7:
Use case 2: server or internal network¶
Steps similar to above, BUT ensure that the MTU is set correctly on all interfaces.
- Ensure that the mtu is correct on the sfp-sfplus interfaces (see above)
- This is important
- We create a bridge named
- bridge-server:
SAMI
- bridge-internal:
SAMI
- bridge-server:
- We create a new vlan interface on sfp-sfpplus1 named
- vlan-server:
SAMI
- vlan-internal:
SAMI
- vlan-server:
- Add the
- vlan-server interface as a port to bridge-server:
SAMI
- vlan-internal interface as a port to bridge-internal:
SAMI
- vlan-server interface as a port to bridge-server:
- Verify that the MTU is correct
- On the VLAN interface
- On the bridge
- On the sfp-sfapplus interfaces
If the MTUs are wrong, you can encounter hanging connections, while ping (small packet) still works. Be careful to do it right.
Update the switch to the latest version¶
(TBD for IPv6 only networks)
o
Updated by Nico Schottelius over 4 years ago · 19 revisions