gretower.blogg.se - Mikrotik vlan firewall

Division into subnets makes it easier to manage the firewall policy.

Less cables! We save the number of physical ports on routers and switches.

Using VLAN mechanism has many advantages: The switch must remove the identifier on the ports to which terminal devices such as printers, telephones, IP telephones, etc. VLAN TAG is simply a number from 0 to 4096, which is assigned by the network administrator. The identifier indicates which subnet the packet belongs to. Every Ethernet frame receives a unique identifier called a VLAN TAG. The principle of VLANs is also very simple. According to this assumption, we can configure the connection between the router and the switch in such a way that several networks (ACCOUNTING, IT_DIVISION, DMZ) are available on one physical port of the router and switch. In short, VLAN is a mechanism that enables logical division of networks (segmentation) and aggregation of different networks (broadcast domains) within one physical port. IT_DIVISION and ACCOUNTING, we also have a WWW server in the network and would like to access it from outside. For example, if we would like to divide the network in our workplace into several sections, e.g. The situation changes dramatically when we need to use more networks than just LAN and WAN. Generally, to make such a network, a router equipped with two Ethernet ports and several switch ports is enough. And this functionality is called NAT (Network Address Translation).

Our home router uses a mechanism for translating addresses and ports from our LAN to an external network (Internet). It is obvious that through the WAN port our ISP gives us access to the Internet. Our home networks are usually configured in such a way that we have one local network LAN and access to the public network through the WAN port. Before we start to configure the devices, it's time for some theory.

A short step-by-step guide showing how to configure VLAN networks based on Mikrotik and Cisco devices.Īs our main router, we will use a very powerful Mikrotik RB4011IGS+RM with a Cisco SF350-24 switch.