Project

General

Profile

Actions

How to configure mikrotik network equipment » History » Revision 23

« Previous | Revision 23/32 (diff) | Next »
Nico Schottelius, 05/21/2020 05:05 PM


How to configure mikrotik network equipment

Status

This document is PRE PRODUCTION.

Setting up a newly arrived Mikrotik switch

This part is specific for mikrotik-crs326 devices and should

After arriving within 1 work day do:

  • Unpack
  • Find out which name the switch should have
    • go to https://netbox.ungleich.ch
    • search for crs326
    • identify the last used number
    • Create a new device
      • go to devices
      • devices
      • add
        • name: "mikrotik-crs326-XX"
        • device-role: a device role
        • device-type: CRS326
        • serial-number: <from the device>
        • site: placeX -
        • create
  • Add a physical label with its name
    • Do not continue before you have done that!
  • configure your notebook with the ipv4 address 192.168.88.23/24
  • connect to the crs326: ssh admin@192.168.88.1
  • Configure the switch
    • Set identity: /system identity set name=mikrotik-crs326-XX # use the correct name
    • Set password: /user set admin password= # use the password for mikrotik in the place that you are, use password store
    • Enable IPv6: /system package enable ipv6
    • Reboot so that IPv6 is enabled: /system reboot
    • Add a place indendent, unrouted IPv6 address: /ipv6 address add eui-64=yes advertise=no interface=bridge address=2a0a:e5c0:1:c::/64
    • Get the assigned IPv6 address: /ipv6 address print
    • Disconnect from the switch
  • Assign your notebook the IPv6 address 2a0a:e5c0:1:c::23/64
  • Connect to the switch via IPv6
    • Remove the IPv4 address 192.168.88.1 to avoid collisions with other switches: /ip address remove numbers=0
      • Verify: /ip address print
  • Verify / update entries in netbox:
    • Verify that the serial number is correct: :put [ /system routerboard get serial-number ]
    • Netbox
  • Ensure all steps are taken correctly
  • Move the device to our inventory / stock if not directly used

Configuring a Mikrotik switch for integration into the network

Depending on the usage scenario, we will define a variety of bridges and assign ports to it.

  • In almost all cases the uplink port will be the sfp-sfpplus1 port.
  • In almost all cases we want to apply vlan tagging to that port
  • For server networks, we configure the MTU to the highest value the switch supports
    • Devices are configured with a 9200 MTU
    • So the MTU on the switch ports needs to be at least 9200

First step for all integrations

Setup MTU of all sfp-sfpplus ports (plural) to 9200 and the L2MTU to 9204:

Use /interface print to find out the maximum MTU:

[admin@mikrotik-crs326-1] > /interface print 
Flags: D - dynamic, X - disabled, R - running, S - slave 
 #     NAME                                TYPE       ACTUAL-MTU L2MTU  MAX-L2MTU MAC-ADDRESS      
 0   S ether1                              ether            9200  9204      10218 B8:69:F4:8E:AC:BA
 1   S ether2                              ether            9200  9204      10218 B8:69:F4:8E:AC:BB
...
24  R  sfp-sfpplus1                        ether            9200  9204      10218 B8:69:F4:8E:AC:D2
25     sfp-sfpplus2                        ether            9200  9204      10218 B8:69:F4:8E:AC:D3

Above is already setup, but the values differ, use the following to set it correctly:

/interface set sfp-sfpplus1 mtu=9200 l2mtu=9204
/interface set sfp-sfpplus2 mtu=9200 l2mtu=9204

Use case 1: coworking network

To use the switch in a coworking network, we keep the MTU

  • Create a vlan interface named vlan-coworking: /interface vlan add vlan-id=15 name=vlan-coworking interface=sfp-sfpplus1
  • Create a bridge named bridge-coworking: /interface bridge add name=bridge-coworking
    • Verify that it is created: /interface print
  • Add the interface vlan-coworking to the bridge-coworking as a port: /interface vlan add interface=vlan-coworking
    • Verify that the port is added: /interface vlan print
  • Add all ethernet ports that you need for coworking to the bridge-coworking
    • For instance to add port 7: /interface bridge port set bridge=bridge-coworking numbers=6
      • Find the number of the interface with /interface bridge port print
    • Verify again like you did above

Use case 2: server or internal network

Steps similar to above, BUT ensure that the MTU is set correctly on all interfaces.

  • Ensure that the mtu is correct on the sfp-sfplus interfaces (see above)
    • This is important
  • We create a bridge named
    • bridge-server: /interface bridge add name=bridge-server
    • bridge-internal: /interface bridge add name=bridge-internal
  • We create a new vlan interface on sfp-sfpplus1 named
    • vlan-server: /interface vlan add name=vlan-server interface=sfp-sfpplus1 mtu=9200
    • vlan-internal: /interface vlan add name=vlan-internal interface=sfp-sfpplus1 mtu=9200
  • Add the
    • vlan-server interface as a port to bridge-server: /interface bridge port add interface=vlan-server bridge=bridge-server
    • vlan-internal interface as a port to bridge-internal: /interface bridge port add interface=vlan-internal bridge=bridge-internal
  • Verify that the MTU is correct
    • On the VLAN interface: /interface vlan print
    • On the bridge: /interface bridge print
    • On the sfp-sfpplus interfaces: /interface print
If the MTUs are wrong, you can encounter hanging connections, while ping (small packet) still works. Be careful to do it right.

Update the switch to the latest version

(TBD for IPv6 only networks)
o

Updated by Nico Schottelius over 4 years ago · 23 revisions