VLAN (Virtual Local Area Network) is a logical topology that divides a single broadcast domain into multiple broadcast domains. It increases network security and performance as well as improves network efficiency. MikroTik VLAN routing configuration with manageable switch was discussed in previous article. Today we will learn how to configure VLAN between MikroTik RouterOS. This Router to router VLAN (layer3 VLAN) is useful when any ISP provide connection to one or more local ISPs who use MikroTik Router to maintain their LAN users.

Network Diagram

To configure VLAN between MikroTik RouterOS, I am following a network diagram like the below image.

In this network, ether1 port of Core RouterOS is connected to internet having IP address 192.168.30.2/29. Ether2 port is connected to an Ethernet Hub. A hub is an OSI physical layer device. So, if there is a hub between Routers, then from Layer3 point of view it is the same as an Ethernet cable connection between them. Ether2 has two VLANs (VLAN 10 having IP address 172.22.2.1/30 and VLAN 20 having IP address 172.22.2.5/30).

Ether1 port of Client RouterOS1 is connected to the Ethernet Hub. This port has a VLAN interface whose id is 10. So, it is able to communicate with Core Router’s VLAN 10 interface with IP address 172.22.2.2/30. Ether2 port has a LAN having IP address 10.10.2.1/24.

Ether1 port of Client RouterO2 is also connected to the Ethernet Hub. This port has a VLAN interface whose id is 20. So, it is able to communicate with Core Router’s VLAN 20 interface with IP address 172.22.2.5/30. Ether2 port has a LAN having IP address 10.10.3.1/24.

As ether2 port of Core RouterOS and ether1 port of Client RouterOS1 and Client RouterPS2 are in the same broadcast domain, a VLAN configuration is so useful to optimize this network.

VLAN Configuration in Core RouterOS

Core RouterOS is connected to internet with ether1 port. So, ether1 port is working as WAN port. On the other hand, two client RouterOS is connected to ether2 port which is working as LAN port. As two client RouterOS are in the same broadcast domain, we will create two VLAN on LAN port to improve network efficiency. The following steps will show how to create VLAN in Core RouterOS and configure WAN and LAN properly.

• Login to core MikroTik RouterOS using Winbox with full privilege credential.
• Click on Interfaces menu item. Interface List window will appear. Click on VLAN tab and then click on PLUS SIGN (+). New Interface window will appear.
• Put interface name (VLAN 10) in Name input box and put VLAN ID (10) in VLAN ID input box and choose your physical interface (ether2) that will be used as trunk port from Interface dropdown menu and then click on Apply and OK button. Similarly, create VLAN 20 interface.
• Go to IP > Addresses menu item and click on PLUS SIGN (+). In New Address window, put WAN IP address (192.168.30.2/30) in Address input field and choose WAN interface (ether1) from Interface dropdown menu and then click on Apply and OK button.
• Click on PLUS SIGN (+) again and put gateway IP of VLAN 10 (172.22.2.1/30) in Address input box and choose VLAN 10 interface from Interface dropdown menu and then click on Apply and OK button. Similarly, put VLAN 20 gateway IP (172.22.2.5/30) on VLAN 20 interface.
• Go to IP > DNS and put DNS Server IP (8.8.8.8 or 8.8.4.4) in Servers input field and click on Apply and OK button.
• Go to IP > Firewall and click on NAT tab and then click on PLUS SIGN (+). Inside General tab, choose srcnat from Chain dropdown menu and click on Action tab and then choose masqueradefrom Action dropdown menu. Click on Apply and OK button.
• Go to IP > Routes and click on PLUS SIGN (+). In New Route window, click on Gateway input field and put WAN Gateway address (192.168.30.1) in Gateway input field and click on Apply and OK button.

VLAN configuration as well as basic RouterOS configuration in Core RouterOS has been completed. Now we will configure VLAN in Client RouterOS1 and Client RouterOS2.

VLAN Configuration in Client RouterOS1

 Ether1 port of Client RouterOS1 is connected to Core RouterOS through Ethernet Hub and it is working as WAN port. As Core RouterOS is using VLAN for its client, Client RouterOS1 must create VLAN on its WAN interface. The following steps will show how to create VLAN in Client RouterOS1 and configure WAN and LAN properly.

• Login to Client RouterOS1 using Winbox with full privilege credential.
• Click on Interfaces menu item. Interface List window will appear. Click on VLAN tab and then click on PLUS SIGN (+). New Interface window will appear.
• Put interface name (VLAN 10) in Name input box and put VLAN ID (10) in VLAN ID input box and choose your physical interface (ether1) from Interface dropdown menu and then click on Apply and OK button.
• Go to IP > Addresses menu item and click on PLUS SIGN (+). In New Address window, put WAN IP address (172.22.2.2/30) in Address input field and choose VLAN interface (VALN 10) as WAN interface from Interface dropdown menu and then click on Apply and OK button.
• Click on PLUS SIGN (+) again and put LAN gateway IP (10.10.2.1/24) in Address input box and choose ether2 interface from Interface dropdown menu and then click on Apply and OK button.
• Go to IP > DNS and put DNS Server IP (8.8.8.8 or 8.8.4.4) in Servers input field and click on Apply and OK button.
• Go to IP > Firewall and click on NAT tab and then click on PLUS SIGN (+). Inside General tab, choose srcnat from Chain dropdown menu and click on Action tab and then choose masqueradefrom Action dropdown menu. Click on Apply and OK button.
• Go to IP > Routes and click on PLUS SIGN (+). In New Route window, click on Gateway input field and put WAN Gateway address (172.22.2.1) in Gateway input field and click on Apply and OK button.

Client RouterOS1 configuration with VLAN has been completed. Now it is able to communicate with internet as well as its LAN users are also able to get internet through this Router. For checking, assign a LAN IP in PC-2 and try to get internet. If everything is OK, PC-2 will be able to get internet.

VLAN Configuration in Client RouterOS2

 Like client RouterOS1, ether1 port of Client RouterOS2 is also connected to Core RouterOS through Ethernet Hub and it is working as WAN port for this Router. As Core RouterOS is using VLAN for its client, Client RouterOS2 must create VLAN on its WAN interface too. The following steps will show how to create VLAN in Client RouterOS2 and configure WAN and LAN properly.

• Login to Client RouterOS2 using Winbox with full privilege credential.
• Click on Interfaces menu item. Interface List window will appear. Click on VLAN tab and then click on PLUS SIGN (+). New Interface window will appear.
• Put interface name (VLAN 20) in Name input box and put VLAN ID (20) in VLAN ID input box and choose your physical interface (ether1) from Interface dropdown menu and then click on Apply and OK button.
• Go to IP > Addresses menu item and click on PLUS SIGN (+). In New Address window, put WAN IP address (172.22.2.6/30) in Address input field and choose VLAN interface (VALN 20) as WAN interface from Interface dropdown menu and then click on Apply and OK button.
• Click on PLUS SIGN (+) again and put LAN gateway IP (10.10.3.1/24) in Address input box and choose ether2 interface from Interface dropdown menu and then click on Apply and OK button.
• Go to IP > DNS and put DNS Server IP (8.8.8.8 or 8.8.4.4) in Servers input field and click on Apply and OK button.
• Go to IP > Firewall and click on NAT tab and then click on PLUS SIGN (+). Inside General tab, choose srcnat from Chain dropdown menu and click on Action tab and then choose masqueradefrom Action dropdown menu. Click on Apply and OK button.
• Go to IP > Routes and click on PLUS SIGN (+). In New Route window, click on Gateway input field and put WAN Gateway address (172.22.2.5) in Gateway input field and click on Apply and OK button.

Client RouterOS2 configuration with VLAN has been completed. Now it is able to communicate with internet as well as its LAN users are also able to get internet through this Router. For checking, assign a LAN IP in PC-1 and try to get internet. If everything is OK, PC-1 will be able to get internet.

If you face any confusion to follow the above steps properly, watch the below video about VLAN routing configuration between MikroTik RouterOS. I hope, it will reduce your any confusion.

VLAN routing configuration between MikroTik RouterOS has been discussed in this article. I hope you will be able to create VLAN between RouterOS if your system requires. However, if you face any confusion to create a Layer3 VLAN between MikroTik RouterOS, feel free to discuss in comment or contact with me from Contact page. I will try my best to stay with you.