Project

General

Profile

How to configure mikrotik network equipment » History » Revision 19

Revision 18 (Nico Schottelius, 05/21/2020 04:52 PM) → Revision 19/32 (Nico Schottelius, 05/21/2020 04:53 PM)

h1. How to configure mikrotik network equipment 

 {{toc}} 

 h2. Status 

 This document is **PRE PRODUCTION**. 

 h2. Setting up a newly arrived Mikrotik switch 

 This part is specific for mikrotik-crs326 devices and should 

 After arriving within 1 work day do: 

 * Unpack 
 * Find out which name the switch should have 
 ** go to https://netbox.ungleich.ch 
 ** search for crs326 
 ** identify the last used number 
 ** Create a new device 
 *** go to devices  
 *** devices 
 *** add 
 **** name: "mikrotik-crs326-XX" 
 **** device-role: a device role 
 **** device-type: CRS326 
 **** serial-number: <from the device> 
 **** site: placeX - 
 **** create 
 * Add a physical label with its name 
 ** Do not continue before you have done that! 
 * configure your notebook with the ipv4 address 192.168.88.23/24  
 * connect to the crs326: @ssh admin@192.168.88.1@ 
 * Configure the switch 
 ** Set identity: @/system identity set name=mikrotik-crs326-XX@ # use the correct name 
 ** Set password: @/user set admin password=@ # use the password for mikrotik in the place that you are, use password store 
 ** Enable IPv6: @/system package enable ipv6@ 
 ** Reboot so that IPv6 is enabled: @/system reboot@ 
 ** Add a place indendent, unrouted IPv6 address: @/ipv6 address add eui-64=yes advertise=no interface=bridge address=2a0a:e5c0:1:c::/64@ 
 ** Get the assigned IPv6 address: @/ipv6 address print@ 
 ** Disconnect from the switch 
 * Assign your notebook the IPv6 address *2a0a:e5c0:1:c::23/64* 
 * Connect to the switch via IPv6 
 ** Remove the IPv4 address 192.168.88.1 to avoid collisions with other switches: @/ip address remove numbers=0@ 
 *** Verify: @/ip address print@ 
 * Verify / update entries in netbox: 
 ** Verify that the serial number is correct: @:put [ /system routerboard get serial-number ]@ 
 ** Netbox 
 *** go to the ipv6 prefix https://netbox.ungleich.ch/ipam/prefixes/216/ 
 **** create a new ipv6 address 
 **** set the DNS name to *mikrotik-crs326-XX* 
 **** role = loopback 
 * Ensure all steps are taken correctly 
 * Move the device to our inventory / stock if not directly used 


 h2. Configuring a Mikrotik switch for integration into the network 

 Depending on the usage scenario, we will define a variety of bridges and assign ports to it. 

 * In almost all cases the uplink port will be the *sfp-sfpplus1* port. 
 * In almost all cases we want to apply vlan tagging to that port 
 * For server networks, we configure the MTU to the highest value the switch supports 
 ** Devices are configured with a 9200 MTU 
 ** So the MTU on the switch ports needs to be at least 9200 

 h3. First step for all integrations 

 Setup MTU of all *sfp-sfpplus* ports (plural) to 9200 and the L2MTU to 9204: 

 Use @/interface print@ to find out the maximum MTU: 

 <pre> 
 [admin@mikrotik-crs326-1] > /interface print  
 Flags: D - dynamic, X - disabled, R - running, S - slave  
  #       NAME                                  TYPE         ACTUAL-MTU L2MTU    MAX-L2MTU MAC-ADDRESS       
  0     S ether1                                ether              9200    9204        10218 B8:69:F4:8E:AC:BA 
  1     S ether2                                ether              9200    9204        10218 B8:69:F4:8E:AC:BB 
 ... 
 24    R    sfp-sfpplus1                          ether              9200    9204        10218 B8:69:F4:8E:AC:D2 
 25       sfp-sfpplus2                          ether              9200    9204        10218 B8:69:F4:8E:AC:D3 
 </pre> 

 Above is already setup, but the values differ, use the following to set it correctly: 

 <pre> 
 /interface set sfp-sfpplus1 mtu=9200 l2mtu=9204 
 /interface set sfp-sfpplus2 mtu=9200 l2mtu=9204 
 </pre> 

 h3. Use case 1: coworking network 

 To use the switch in a coworking network, we keep the MTU 

 * Create a vlan interface named *vlan-coworking*: @/interface vlan add    vlan-id=15 name=vlan-coworking interface=sfp-sfpplus1@ 
 ** Verify that it is created: @/interface vlan print@ 
 ** Lookup the vlan-id from https://netbox.ungleich.ch/ipam/vlans/ 
 ** The vlan will be added to *sfp-sfpplus1* 
 * Create a bridge named *bridge-coworking*: @/interface bridge add name=bridge-coworking@ 
 ** Verify that it is created: @/interface print@ 
 * Add the interface *vlan-coworking* to the *bridge-coworking* as a port: @/interface vlan add interface=vlan-coworking@ 
 ** Verify that the port is added: @/interface vlan print@ 
 * Add all ethernet ports that you need for coworking to the *bridge-coworking* 
 ** For instance to add port 7: @/interface bridge port set bridge=bridge-coworking numbers=6@  
 *** Find the number of the interface with @/interface bridge port print@ 
 ** Verify again like you did above 

 h3. Use case 2: server or internal network 

 Steps similar to above, BUT ensure that the MTU is set correctly on all interfaces. 

 * Ensure that the mtu is correct on the *sfp-sfplus* interfaces (see above) 
 ** This is important 
 * We create a bridge named 
 ** *bridge-server*: @SAMI@ 
 ** *bridge-internal*: @SAMI@ 
 * We create a new vlan interface on *sfp-sfpplus1* named 
 ** *vlan-server*: @SAMI@ 
 ** *vlan-internal*: @SAMI@ 
 * Add the 
 ** *vlan-server* interface as a port to *bridge-server*: @SAMI@ 
 ** *vlan-internal* interface as a port to *bridge-internal*: @SAMI@ 
 * Verify that the MTU is correct 
 ** On the VLAN interface 
 ** On the bridge 
 ** On the sfp-sfapplus interfaces 


 <pre> 
 


   If the MTUs are wrong, you can encounter hanging connections, while ping (small packet) still works. Be careful to do it right. 
 </pre> 

 h2. Update the switch to the latest version 

 (TBD for IPv6 only networks) 
 o