How to configure mikrotik network equipment » History » Revision 30
« Previous |
Revision 30/32
(diff)
| Next »
Nico Schottelius, 07/28/2020 03:54 PM
How to configure mikrotik network equipment¶
- Table of contents
- How to configure mikrotik network equipment
Status¶
This document is PRE PRODUCTION.
Finding a directly connected Mikrotik switch¶
If you don't know the IP address of a Mikrotik switch, just connect a direct cable to it and ping the IPv6 multicast all nodes address:
5: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 80:1f:02:d6:4c:50 brd ff:ff:ff:ff:ff:ff inet6 fe80::821f:2ff:fed6:4c50/64 scope link valid_lft forever preferred_lft forever bridge:~# ping ff02::1%eth1 PING ff02::1%eth1 (ff02::1%5): 56 data bytes 64 bytes from fe80::821f:2ff:fed6:4c50: seq=0 ttl=64 time=0.115 ms 64 bytes from fe80::c6ad:34ff:fe88:832b: seq=0 ttl=64 time=0.588 ms (DUP!) 64 bytes from fe80::821f:2ff:fed6:4c50: seq=1 ttl=64 time=0.109 ms 64 bytes from fe80::c6ad:34ff:fe88:832b: seq=1 ttl=64 time=0.432 ms (DUP!) ^C --- ff02::1%eth1 ping statistics --- 2 packets transmitted, 2 packets received, 2 duplicates, 0% packet loss round-trip min/avg/max = 0.109/0.311/0.588 ms bridge:~#
- One of the ip address is you, the other one is the switch
Connecting to it via ssh:
[15:21] bridge:~% ssh admin@fe80::c6ad:34ff:fe88:832b%eth1 admin@fe80::c6ad:34ff:fe88:832b%eth1's password:
Setting up a newly arrived Mikrotik switch¶
This part is specific for mikrotik-crs326 devices and should
After arriving within 1 work day do:
- Unpack
- Find out which name the switch should have
- go to https://netbox.ungleich.ch
- search for crs326
- identify the last used number
- Create a new device
- go to devices
- devices
- add
- name: "mikrotik-crs326-XX"
- device-role: a device role
- device-type: CRS326
- serial-number: <from the device>
- site: placeX -
- create
- Add a physical label with its name
- Do not continue before you have done that!
- configure your notebook with the ipv4 address 192.168.88.23/24
- connect to the crs326:
ssh admin@192.168.88.1
- Configure the switch
- Set identity:
/system identity set name=mikrotik-crs326-XX
# use the correct name - Set password:
/user set admin password=
# use the password for mikrotik in the place that you are, use password store - Enable IPv6:
/system package enable ipv6
- Reboot so that IPv6 is enabled:
/system reboot
- Add a place indendent, unrouted IPv6 address:
/ipv6 address add eui-64=yes advertise=no interface=bridge address=2a0a:e5c0:1:c::/64
- Get the assigned IPv6 address:
/ipv6 address print
- Disconnect from the switch
- Set identity:
- Assign your notebook the IPv6 address 2a0a:e5c0:1:c::23/64
- Connect to the switch via IPv6
- Remove the IPv4 address 192.168.88.1 to avoid collisions with other switches:
/ip address remove numbers=0
- Verify:
/ip address print
- Verify:
- Remove the IPv4 address 192.168.88.1 to avoid collisions with other switches:
- Verify / update entries in netbox:
- Verify that the serial number is correct:
:put [ /system routerboard get serial-number ]
- Netbox
- go to the ipv6 prefix https://netbox.ungleich.ch/ipam/prefixes/216/
- create a new ipv6 address
- set the DNS name to mikrotik-crs326-XX
- role = loopback
- go to the ipv6 prefix https://netbox.ungleich.ch/ipam/prefixes/216/
- Verify that the serial number is correct:
- Ensure all steps are taken correctly
- Move the device to our inventory / stock if not directly used
Configuring a Mikrotik switch for integration into the network¶
Depending on the usage scenario, we will define a variety of bridges and assign ports to it.
- In almost all cases the uplink port will be the sfp-sfpplus1 port.
- In almost all cases we want to apply vlan tagging to that port
- For server networks, we configure the MTU to the highest value the switch supports
- Devices are configured with a 9200 MTU
- So the MTU on the switch ports needs to be at least 9200
First step for all integrations¶
Setup MTU of all sfp-sfpplus ports (plural) to 9200 and the L2MTU to 9204:
Use /interface print
to find out the maximum MTU:
[admin@mikrotik-crs326-1] > /interface print Flags: D - dynamic, X - disabled, R - running, S - slave # NAME TYPE ACTUAL-MTU L2MTU MAX-L2MTU MAC-ADDRESS 0 S ether1 ether 9200 9204 10218 B8:69:F4:8E:AC:BA 1 S ether2 ether 9200 9204 10218 B8:69:F4:8E:AC:BB ... 24 R sfp-sfpplus1 ether 9200 9204 10218 B8:69:F4:8E:AC:D2 25 sfp-sfpplus2 ether 9200 9204 10218 B8:69:F4:8E:AC:D3
Above is already setup, but the values differ, use the following to set it correctly:
/interface set sfp-sfpplus1 mtu=9200 l2mtu=9204 /interface set sfp-sfpplus2 mtu=9200 l2mtu=9204
Use case 1: coworking network¶
To use the switch in a coworking network, we keep the MTU
- Create a vlan interface named vlan-coworking:
/interface vlan add vlan-id=15 name=vlan-coworking interface=sfp-sfpplus1
- Verify that it is created:
/interface vlan print
- Lookup the vlan-id from https://netbox.ungleich.ch/ipam/vlans/
- The vlan will be added to sfp-sfpplus1
- Verify that it is created:
- Create a bridge named bridge-coworking:
/interface bridge add name=bridge-coworking
- Verify that it is created:
/interface print
- Verify that it is created:
- Add the interface vlan-coworking to the bridge-coworking as a port:
/interface vlan add interface=vlan-coworking
- Verify that the port is added:
/interface vlan print
- Verify that the port is added:
- Add all ethernet ports that you need for coworking to the bridge-coworking
- For instance to add port 7:
/interface bridge port set bridge=bridge-coworking numbers=6
- Find the number of the interface with
/interface bridge port print
- Find the number of the interface with
- Verify again like you did above
- For instance to add port 7:
Use case 2: server or internal network¶
Steps similar to above, BUT ensure that the MTU is set correctly on all interfaces.
- Ensure that the mtu is correct on the sfp-sfplus interfaces (see above)
- This is important
- We create a bridge named
- bridge-server:
/interface bridge add name=bridge-server
- bridge-internal:
/interface bridge add name=bridge-internal
- bridge-server:
- We create a new vlan interface on sfp-sfpplus1 named
- vlan-server:
/interface vlan add name=vlan-server interface=sfp-sfpplus1 mtu=9200
- vlan-internal:
/interface vlan add name=vlan-internal interface=sfp-sfpplus1 mtu=9200
- vlan-server:
- Add the
- vlan-server interface as a port to bridge-server:
/interface bridge port add interface=vlan-server bridge=bridge-server
- vlan-internal interface as a port to bridge-internal:
/interface bridge port add interface=vlan-internal bridge=bridge-internal
- vlan-server interface as a port to bridge-server:
- Verify that the MTU is correct
- On the VLAN interface:
/interface vlan print
- On the bridge:
/interface bridge print
- On the sfp-sfpplus interfaces:
/interface print
- On the VLAN interface:
If the MTUs are wrong, you can encounter hanging connections, while ping (small packet) still works. Be careful to do it right.
Typical setup for a new mikrotik-crs326 in place6¶
You need to insert a GBIC module BEFORE seting mtu on the sfp-sfpplus interface
/interface set sfp-sfpplus1 mtu=10216 l2mtu=10218 /interface bridge add name=bridge-server /interface vlan add name=vlan-server interface=sfp-sfpplus1 mtu=10214 vlan-id=11 /interface bridge port add interface=vlan-server bridge=bridge-server /interface bridge add name=bridge-internal /interface vlan add name=vlan-internal interface=sfp-sfpplus1 mtu=10214 vlan-id=10 /interface bridge port add interface=vlan-internal bridge=bridge-internal /ipv6 address add eui-64=yes advertise=no interface=bridge-internal address=2a0a:e5c0:2::/64 /ipv6 address print
Update the switch to the latest version¶
(TBD for IPv6 only networks)
Make switch accept router advertisements!¶
[admin@mikrotik-crs236-2] > /ipv6 settings set accept-router-advertisements=yes
FINALLY!
Updated by Nico Schottelius over 4 years ago · 30 revisions