The VLAN Learning Journey

Welcome to 
VLAN Configuration and Networking Lab
vlan.go38.net
辛文義 (Eric Hsin) / eric.hsin@gmail.com  
Taiwan need VLAN right now?
About me
Course Objectives
Explore network segmentation and communication using VLANs.
Gain hands-on experience with MikroTik RouterOS devices.
What Will You Conquer Today?
1
VLAN Concepts
Understand VLANs and IEEE 802.1Q tagging.
2
Configuration
Configure VLANs on MikroTik routers and switches.
3
Trunk and Access Ports
Set up trunk ports for multiple VLANs.
Set up access ports for client devices.
4
Inter-VLAN Routing
Enable secure communication between VLANs.
5
Build Small Office Network
Design and implement a small office network using VLANs to ensure secure and efficient communication between departments.
Why Do We Need VLANs?
"VLANs enhance network security, performance, manageability, and scalability – essential for modern business and campus networks."
Security
Network Segmentation, Isolate traffic to protect sensitive information.
Efficiency
Reduce congestion and improve performance.
Control
Precise control over access and resources.
Scalability
VLANs make it easy to add or change devices without disrupting the network.
What is a VLAN?
Definition
Logically segment physical network into multiple, isolated networks.
Purpose
Improve security, optimize performance, manage network resources efficiently.
Function
Network within a network for private department communication.
VLAN Tagging
IEEE 802.1Q
Industry standard for VLAN tagging.
Packet Tagging
Each data packet tagged with VLAN ID.
Tagged Traffic
Includes VLAN information.
Untagged Traffic
Default traffic with no VLAN information.
Types of VLAN Ports
Trunk Port
A port that carries multiple VLANs, typically between switches or to a router.
Access Port
A port that carries traffic for only one VLAN, typically connected to end-user devices.
Hybrid Port
Acts as both access and trunk port.
Inter-VLAN Routing
Definition
Enables communication between different VLANs.
How it Works
Router or Layer 3 switch routes traffic between VLANs.
Benefits
Maintains security while allowing controlled communication.
Happy Halloween
Let's play!

https://kahoot.it
VLAN Lab Practice
Scenario
GO38.net  is a growing company, HR and IT shared the same network. HR needed data privacy, while IT often tested tools, creating heavy traffic. One day, Mark from IT tested a monitoring tool and accidentally accessed HR’s data, raising privacy concerns. Tensions grew between the departments.
As the company expanded, network overload became an issue. IT’s updates slowed down HR’s work, frustrating both teams. Management saw a need for change to improve security and performance.
HR Department
Sensitive data exposed to other departments.
IT Department
Devices interfere with HR's communications.
Solution
Implement VLANs to segment network by department.
Pair Debugging：Do the lab in pairs
Prepare your device and cable
Each participant in your group will be equipped with a RouterBOARD – at least 2 wireless (dualband) and 5 Ethernet interfaces, a laptop computer, Ethernet cable(s).
Second ROS device from your partner
(required for the step 2 )
 
Two UTP cables
Step 1: Configure Router VLAN Interfaces
1
Connect to the Router
Connect to the Router using WinBox.
2
Create VLAN Interfaces
Create VLAN interfaces on the trunk port (e.g., ether2):
VLAN 10 (HR)
VLAN 20 (IT)
3
Assign IP Addresses
Assign IP addresses to the VLAN interfaces:
VLAN 10: 172.16.10.254/24
VLAN 20: 172.16.20.254/24
4
Set Up DHCP Servers
Set up DHCP servers for each VLAN:
VLAN 10: DHCP for HR
VLAN 20: DHCP for IT
5
*Test Your Configuration
Test your configuration:
Connect a computer to Port 2.
Set the computer’s VLAN ID on its network interface to match the VLAN ID.
[Tip] Enable RoMON on the router to help with future management.
The next step requires two devices, so I encourage you to do the lab in pairs.
Step 2: Configure VLANs on the Switch 
1
Bridge Mode Setup
Reset the second router (if no switch is available) and set it to Bridge Mode.
2
WinBox Connection
Connect to the switch using WinBox.
3
VLAN Filtering Check
Check the first bridge (bridgeLocal) and make sure VLAN filtering is disabled.
4
VLAN Creation
Create two VLANs under Bridge -VLANs: 
(1) Bridge= bridgeLocal, VLAN IDs=10,Tagged=ether1,Untagged=ether2 and ether3 
(2) Bridge= bridgeLocal, VLAN IDs=20,Tagged=ether1,Untagged=ether4 and ether5
5
VLAN ID Assignment
Assign the Port VLAN ID (PVID) for each port under Bridge->Ports: 
(1) ether2 VLAN, set PVID=10 
(2) ether3 VLAN, set PVID=10 
(3) ether4 VLAN, set PVID=20 
(4) ether5 VLAN, set PVID=20
6
Enable VLAN Filtering
Go back to Bridge and enable VLAN filtering.
Step 3: Check the Inter-VLAN Routing
1
Understanding Inter-VLAN Routing
Inter-VLAN routing allows communication between different VLANs. To achieve this, you'll configure routing rules on a router that connects the VLANs. This ensures that traffic can flow between devices in different VLANs.
2
Add Routing Rules
Go to IP -> Routes on the router.
3
Establish Routing Connection
Add a route to allow traffic between VLAN 10 and VLAN 20.
4
Firewall Configuration
Ensure there are no firewall rules blocking inter-VLAN traffic.
Step 4: Test VLAN Communication
1
Connect Devices
Connect devices to the following ports:
Port 2 (VLAN 10)
Port 4 (VLAN 20)
2
Test Intra-VLAN Communication
Test communication with the following commands:
From VLAN 10: ping 172.16.10.254
From VLAN 20: ping 172.16.20.254
3
Test Inter-VLAN Communication
Test inter-VLAN communication:
From a device in VLAN 10, ping a device in VLAN 20 and verify connectivity.
Step 5: Troubleshoot Common Issues
Check VLAN IDs and IP Settings
Check that VLAN IDs and IP settings match on the router and switch.
Verify Trunk Port Configuration
Confirm that the trunk port is set up correctly for tagged VLAN traffic.
Review Firewall Rules
Ensure firewall rules allow inter-VLAN communication.
Bonus Task: Expand Your Office Network
Add more Switches
Try adding more Switches to your network to create a more complex and efficient infrastructure.
Create new VLANs
Create new VLANs to support different departments and test their connectivity.
Test connectivity
Verify that devices in different VLANs can communicate correctly.
Summary 
Configured VLANs
You configured VLANs on both a router and a switch.
Created Trunk and Access Ports
You created trunk and access ports to manage network traffic effectively.
Enabled Inter-VLAN Routing
You enabled inter-VLAN routing and tested communication between different VLANs.
Troubleshooted Common VLAN Issues
You learned to troubleshoot common VLAN issues and address connectivity problems.
Network Security
You understand how to segment networks to enhance security.
Reflection
How can you apply VLANs in your future projects?
What was the most challenging part of this lab?
Learning by Doing!
1
Apply
Use VLANs in real-world projects and networks.
2
Start Small
Set up VLANs on home network or school lab.
3
Divide and Conquer
Select a suitable troubleshooting approach.
4
Explore More
Discover advanced features in MikroTik RouterOS.
Any final questions?
Looking forward to seeing your future VLAN projects!
You Raise Me Up, Thank You!
A special thanks to MikroTik for giving me this incredible opportunity.
Eric Hsin  in Riga, Latvia  , from Taiwan , eric@gmail.com
Made with