Bridge Lan Port Mikrotik

Here, we will talk about how to bridge on the LAN port in the Mikrotik router. The bridge interface is a virtual interface. It is used to group multiple LAN ports into a single one. The physical interface which is added to the bridge is called "Bridge port". In that sense, one bridge interface may have one or many bridge ports. Each bridge port of a bridge interface will act as a switch. If any traffic is entered one of these bridge ports, then it will forward the rest of the bridge port of that bridge interface.

In the bridge configurations, the virtual bridge interface will act as the master interface and the bridge port or the LAN ports that are connected to that bridge will act as the slave interface. If an IP address is assigned to the bridge interface then this IP address will be applicable for all its bridge ports. All the bridge ports will work together using that IP address.

We will create one bridge interface named "Master_LAN" and then we will add the "Ether-2" and "Ether-3" physical interface as a bridge port to the "Master_LAN" bridge. After that, we will assign an IP address to the "Master_LAN" bridge interface. Once added to the bridge interface, the "Ether-2" and "Ether-3" will work in the same way just like they are in the same network segment.

Now we will learn how to create this virtual bridge interface and how to connect a port or a physical interface on that bridge interface in the Mikrotik router.

To add a new bridge interface click on the "Bridge" option from the "Winbox" menu and then click on the (+) sign.

In the "New Interface" window, write a descriptive name for this bridge interface in the "Name" field. We name it "Master_LAN". Leave everything as default. Click on the "Apply" and then "OK". Now it will appear that the bridge interface is added.

Now navigate to the "Ports" tab and click on the (+) sign to add a bridge port.

In the "New Bridge Port" interface, select the physical interface from the "Interface" field which you want to add to the bridge. According to our scenario, we will add the "Ether-2" and "Ether-3" physical interface to our bridge interface. That's why at first we will select the "Ether-2" interface from the "Interface" field. Then select the bridge interface from the "Bridge" field that you have created. According to our scenario, it will be "Master_LAN". After then click on the "Apply" and then "OK" button.

Now we will add the "Ether-3" interface to the "Master_LAN" bridge. The procedure will be the same. Just select the "Ether-3" interface from the "Interface" field.

Now it will appear that the bridge port is added to the list. Here, you will find the "Interface" column that is representing the bridge port and you will find the "Bridge" column also that is representing the bridge to where the bridge port is connected to.

Now we will go to configure an IP address to the "Master_LAN" bridge interface. This IP address will work not only with the "Master_LAN" bridge interface but will work with the bridge port interface also. Any LAN segment that will be connected to these bridge ports, they will reside in the same network segment.

In this scenario, we will use the "192.168.1.0/24" address as our network address. In that sense, we will use the "192.168.1.254/24" as our bridge interface IP address. Let's configure the IP address.

Go to the "IP" option from the "Winbox" Menu and then select "Addresses". Their click on the (+) sign to add a new IP address.

In the "New Address" window, write the "192.168.1.254/24" address in the "Address" field. If we write the IP address with the CIDR value that is "/24" then there is no requirement to define the subnet mask or network mask information in the "Network" field. Then select your bridge interface from the "Interface" field. According to our scenario, it will be the "Master_LAN". To save IP information and close this window, click on the "Apply" and "OK" button.

That's all for the bridge interface setup in the Mikrotik router. This way we can place multiple network interfaces in the same network segment as we need. A broadcast domain will be created with all these bridge ports or network interfaces.

Mikrotik Bridge Two Interfaces

Here, we will talk about how to create a bridge with two network interfaces in the Mikrotik router. In the Mikrotik, we can bridge on multiple network interfaces also. The bridge interface is a virtual interface. It is used to group multiple physical interfaces into a single one. The physical interface which is added to the bridge is called "Bridge port". In that sense, one bridge interface may have one or many bridge ports. Each bridge port of a bridge interface will act as a switch. If any traffic is entered one of these bridge ports, then it will forward the rest of the bridge port of that bridge interface.

In the bridge configurations, the virtual bridge interface will act as the master interface and the bridge port or the physical interface that is connected to that bridge will act as the slave interface. If an IP address is assigned to the bridge interface then this IP address will be applicable for all its bridge ports. All the bridge ports will work together using that IP address.

We will create one bridge interface named "Master_LAN" and then we will add the "Ether-2" and "Ether-3" physical interface as a bridge port to the "Master_LAN" bridge. After that, we will assign an IP address to the "Master_LAN" bridge interface. Once added to the bridge interface, the "Ether-2" and "Ether-3" will work in the same way just like they are in the same network segment.

Now we will learn how to create this virtual bridge interface and how to connect a port or a physical interface on that bridge interface in the Mikrotik router.

To add a new bridge interface click on the "Bridge" option from the "Winbox" menu and then click on the (+) sign.

In the "New Interface" window, write a descriptive name for this bridge interface in the "Name" field. We name it "Master_LAN". Leave everything as default. Click on the "Apply" and then "OK". Now it will appear that the bridge interface is added.

Now navigate to the "Ports" tab and click on the (+) sign to add a bridge port.

In the "New Bridge Port" interface, select the physical interface from the "Interface" field which you want to add to the bridge. According to our scenario, we will add the "Ether-2" and "Ether-3" physical interface to our bridge interface. That's why at first we will select the "Ether-2" interface from the "Interface" field. Then select the bridge interface from the "Bridge" field that you have created. According to our scenario, it will be "Master_LAN". After then click on the "Apply" and then "OK" button.

Now we will add the "Ether-3" interface to the "Master_LAN" bridge. The procedure will be the same. Just select the "Ether-3" interface from the "Interface" field.

Now it will appear that the bridge port is added to the list. Here, you will find the "Interface" column that is representing the bridge port and you will find the "Bridge" column also that is representing the bridge to where the bridge port is connected to.

Now we will go to configure an IP address to the "Master_LAN" bridge interface. This IP address will work not only with the "Master_LAN" bridge interface but will work with the bridge port interface also. Any LAN segment that will be connected to these bridge ports, they will reside in the same network segment.

In this scenario, we will use the "192.168.1.0/24" address as our network address. In that sense, we will use the "192.168.1.254/24" as our bridge interface IP address. Let's configure the IP address.

Go to the "IP" option from the "Winbox" Menu and then select "Addresses". Their click on the (+) sign to add a new IP address.

In the "New Address" window, write the "192.168.1.254/24" address in the "Address" field. If we write the IP address with the CIDR value that is "/24" then there is no requirement to define the subnet mask or network mask information in the "Network" field. Then select your bridge interface from the "Interface" field. According to our scenario, it will be the "Master_LAN". To save IP information and close this window, click on the "Apply" and "OK" button.

That's all for the bridge interface setup in the Mikrotik router. This way we can place multiple network interfaces in the same network segment as we need. A broadcast domain will be created with all these bridge ports or network interfaces.

Mikrotik Bridge Setup

Here, we will talk about how to create a bridge interface in the Mikrotik router. The bridge interface is a virtual interface. It is used to group multiple physical interfaces into a single one. The physical interface which is added to the bridge is called "Bridge port". In that sense, one bridge interface may have one or many bridge ports. Each bridge port of a bridge interface will act as a switch. If any traffic is entered one of these bridge ports, then it will forward the rest of the bridge port of that bridge interface.

In the bridge configurations, the virtual bridge interface will act as the master interface and the bridge port or the physical interface that is connected to that bridge will act as the slave interface. If an IP address is assigned to the bridge interface then this IP address will be applicable for all its bridge ports. All the bridge ports will work together using that IP address.

We will create one bridge interface named "Master_LAN" and then we will add the "Ether-2" and "Ether-3" physical interface as a bridge port to the "Master_LAN" bridge. After that, we will assign an IP address to the "Master_LAN" bridge interface. Once added to the bridge interface, the "Ether-2" and "Ether-3" will work in the same way just like they are in the same network segment.

Now we will learn how to create this virtual bridge interface and how to connect a port or a physical interface on that bridge interface in the Mikrotik router.

To add a new bridge interface click on the "Bridge" option from the "Winbox" menu and then click on the (+) sign.

In the "New Interface" window, write a descriptive name for this bridge interface in the "Name" field. We name it "Master_LAN". Leave everything as default. Click on the "Apply" and then "OK". Now it will appear that the bridge interface is added.

Now navigate to the "Ports" tab and click on the (+) sign to add a bridge port.

In the "New Bridge Port" interface, select the physical interface from the "Interface" field which you want to add to the bridge. According to our scenario, we will add the "Ether-2" and "Ether-3" physical interface to our bridge interface. That's why at first we will select the "Ether-2" interface from the "Interface" field. Then select the bridge interface from the "Bridge" field that you have created. According to our scenario, it will be "Master_LAN". After then click on the "Apply" and then "OK" button.

Now we will add the "Ether-3" interface to the "Master_LAN" bridge. The procedure will be the same. Just select the "Ether-3" interface from the "Interface" field.

Now it will appear that the bridge port is added to the list. Here, you will find the "Interface" column that is representing the bridge port and you will find the "Bridge" column also that is representing the bridge to where the bridge port is connected to.

Now we will go to configure an IP address to the "Master_LAN" bridge interface. This IP address will work not only with the "Master_LAN" bridge interface but will work with the bridge port interface also. Any LAN segment that will be connected to these bridge ports, they will reside in the same network segment.

In this scenario, we will use the "192.168.1.0/24" address as our network address. In that sense, we will use the "192.168.1.254/24" as our bridge interface IP address. Let's configure the IP address.

Go to the "IP" option from the "Winbox" Menu and then select "Addresses". Their click on the (+) sign to add a new IP address.

In the "New Address" window, write the "192.168.1.254/24" address in the "Address" field. If we write the IP address with the CIDR value that is "/24" then there is no requirement to define the subnet mask or network mask information in the "Network" field. Then select your bridge interface from the "Interface" field. According to our scenario, it will be the "Master_LAN". To save IP information and close this window, click on the "Apply" and "OK" button.

That's all for the bridge interface setup in the Mikrotik router. This way we can place multiple network interfaces in the same network segment as we need. A broadcast domain will be created with all these bridge ports or network interfaces.

Mikrotik Connect Two VLAN

In this tutorial, we are going to discuss “Vlan Configuration” on the Mikrotik router. And then we will discuss, how to route traffic between those VLANs or inter-VLAN routing. Here, we will create Vlan-100 and Vlan-200 to work with this lab. Let's start:-

First, we will create a separate bridge interface for each VLAN.  And then, we will associate one physical interface with those bridge interfaces as a bridge port so that, those physical interfaces can act as a default gateway for that VLAN.

Go to the “Bridge” menu and create two bridge interfaces. Here, we are creating two bridge interfaces because our VLAN quantity is two. One bridge interface is for VLAN-100 and another one is for VLAN-200.

Here, we have named the bridge interface as like as our VLAN number. This is completely optional. Anything you can be named.

After creating the interface, this will be look liked:-

Now we will associate one physical interface with each of those bridge interfaces. If you have required, you can associate one or more physical interfaces with one bridge interface. Then, these physical interfaces will be called “Bridge Port”.

To associate bridge port, go to the “ports” tab and click add (+) sign.

In this lesson, we will be going to associate "ether-8" with Bridge_Vlan-100 and "ether-9" with Bridge_Vlan-200. After creating the VLAN-id 100 and VLAN-id 200 and assigning them those bridge interfaces (Bridge_Vlan-100 and Bridge_Vlan-200) respectively, then all hosts connected to "ether-8" will be considered as VLAN-100 member, and all hosts connected to "ether-9" will be considered as VLAN-200 members.

After completing the task, this will be look like:-

Now, we have to create the VLAN interface or VLAN-id. To create VLAN, go to the “Interface” menu and select the “VLAN” tab. Click “add” or (+) sign.

Now, write your VLAN name, ID and select your parent interface. This VLAN ID will be assigned with that parent interface. This means that interface will be treated under this VLAN. In our case, the parent interface will be “Bridge_Vlan-100” for VLAN-100 and interface “Bridge_vlan-200” for VLAN-200. Just like the below:-

VLAN name is optional. It can be anything. No need to match with VLAN-id. For Vlan-200, this will be:-

 After completing the task, this will be as like:-

From now on, all hosts connected to “ether-8” under the VLAN-100 and all hosts connected to “ether-9”, under the VLAN-200.

Now we have to configure the IP address for the default gateway for those VLAN members. Otherwise, the member of the VLAN-100 can’t communicate with the member of the VLAN-200. We will have to assign IP addresses to our bridge interfaces. Our bridge interfaces will perform an inter-VLAN routing process. In this lesson, we are going to use “192.168.1.1/24” as our interface “Bridge_vlan-100” address and “172.16.1.1/24” as our interface “Bridge_Vlan-200” address. Here the IP address “192.168.1.1” performs as a default gateway for VLAN-100 members and the IP address “172.16.1.1” performs as a default gateway for VLAN-200 members. 

To assign IP addresses, we will go to the “IP” section from the menu and then we will select the “address” section from the sub-menu. The IP address for the interface Bridge_Vlan-100 is:-

And for the interface “Bridge_Vlan-200” is:-

Everything is done. Now assign the default gateway address to all VLAN members.  Configure your all host's computers for the default gateway as their gateway address. Both VLANs can communicate with each other. 

Mikrotik Connect Two Routers Over Internet

In this tutorial, we are going to discuss how to connect two remote routers over the internet. We will create an IP tunnel interface to connect these routers. Using this IP tunnel, we can connect two sites from different locations. We can create private communication channels over a public network such as the internet. During the data transmission across this channel, the traffic will be encrypted by the IPSec Protocol. We will go through the step-by-step IP tunnel configuration process between two Mikrotik routers.

Let's assume that, we have two sites equipped with Mikrotik routers. Respectively, the sites are "Site-1" and "Site-2". The router IP address of the "Site-1" is 1.1.1.1 and the LAN network is 192.168.1.0/24. The router IP address of the "Site-2" is 2.2.2.2 and the LAN network is 172.16.1.0/24. The users of the "Site-1" can communicate with the users of the "Site-2" and vice-versa. They can share their local resource as like as they are in the same network.

At first, we will create an IP tunnel interface at the "Site-1" router. Then we will assign an IP address on that tunnel interface. Then we will provide a static route entry to reach the "Site-2" router. These are the all steps that need to be performed to create a tunnel interface at the "Site-1" router. The same configuration has to be done for the "Site-2" router also.

Let's start with the "Site-1" router. We will perform all the configurations using the "Winbox" tool. Now we will create a tunnel interface. To create a tunnel interface, click on the "Interface" from the menu and then select "IP Tunnel" from the "Interface List" window. Their click on the "+" sign to add a new tunnel.

After opening the "Add New Interface" window, navigate to the "General" tab. "In the "Name" field, we can provide a descriptive name for this tunnel. We named it "IP_Tunnel_to_Site-2". In the "Local Address" field, we will write our "Site-1" router IP address that is 1.1.1.1 and in the "Remote Address" field, we will write our "Site-2" router IP address that is 2.2.2.2. In the "IPsec Secret" field, we will provide the password to encrypt the transmitted data. Then uncheck the "Allow Fast Path" ticked button. Leave the rest of the things with the default value. Then click on the "Apply" and then "OK" button to close this window.

Now we will create the IP tunnel interface in the "Site-2" router. The tunnel interface name will be "IP_Tunnel_to_Site-1". The local address will be our "Site-2" router IP address that is 2.2.2.2. Here, the remote address will be our "Site-1" router IP address that is 1.1.1.1. Now we will provide the IPsec secret password. One important note is that the "Site-1" IPsec secret password must be matched with the "Site-2" IPsec secret password. Otherwise, the tunnel link can't be established. Clear the tick mark from the "Allow Fast Path" tick box. Then click on the "Apply" and "OK" button to close this window.

This tunnel should be up now. The tunnel status will be shown at the bottom of the tunnel interface. If the tunnel is established then the "running" text will be highlighted otherwise not. Just like the below:-

At both sites, our tunnel configuration is done. Now we have to configure an IP address on the tunnel interface.

First, I will configure the IP address in the tunnel interface of the "Site-1". To configure an IP address, go to the "IP" option from the "Winbx" menu and then click on the "Addresses" option. Their click on the (+) sign to add a new IP address.

In the "New Address" interface, we will write the IP address that we want to assign the IP tunnel interface. Since our network address is "192.168.1.0/24", that's why we will use "192.168.1.254" as our tunnel interface IP address. Here, we will write our IP address with CIDR value, that's why it will be okay to ignore the network mask information. Then we will select our tunnel interface from the "Interface" field. According to our example, this interface will be "IP_Tunnel_to_Site-2". Then click on the "Apply" and "OK" button to close this window.

Now we will configure the IP address for our "Site-2" tunnel interface. Since our network address is "172.16.1.0/24" at our "Site-2" office, that's why we will use "172.16.1.254" as our tunnel interface IP address. Here, in the same manner, we will write our IP address with CIDR value, that's why it will be okay to ignore the network mask information. Then we will select our tunnel interface from the "Interface" field. According to our example, this interface will be "IP_Tunnel_to_Site-1".

Our IP address configuration is done in the tunnel interface at both sites. Now we are going to add a static route entry. So that the users can reach each other from their office location.

Now we will configure the static route at the "Site-1" router. Go to the "IP" and then click on the "Routes" from the "Winbox" menu. After that, navigate to the "Routes" and click on the "+" sign to add a new rule.

In the "New Route" interface, write the "Site-2" network address in the "Dst. Address" field, which is "172.16.1.0/24". Now select your IP tunnel interface from the "Gateway" field, which is "IP_Tunnel_to_Site-2". Then click on the "Apply" and then "OK".

Now it is the turn of "Site-2". Write the "Site-1" network address in the "Dst. Address" field, which is 192.168.1.0/24. In the same manner, select your tunnel interface from the "Gateway" field, which is "IP_tunnel_to_Site-1". That's it. Now click on the "Apply" and then "OK".

All the work is done. Now a user from the "192.168.1.0/24" network or the "Site-1" office can communicate with a user of the "172.16.1.0/24" network or the "Site-2" office and vice-versa.

At the "Site-1" router, when it receives any request to reach the "172.16.1.0/24" network, it will check its own routing table to find out any route entry to locate that location. When its found this "172.16.1.0/24" entry, then it will forward all the requested traffic to that IP tunnel interface which is "IP_Tunnel_to_Site-2". 

The same will happen in the case of the "Site-2" router. To reach the "192.168.1.0/24" network, it will forward all traffic using the IP tunnel interface which is "IP_Tunnel_to_Site-1".

This is how we connect two remote LANs over WAN. This is how we connect two remote offices over the internet.

Mikrotik Connect Two LAN Over Internet

In this tutorial, we are going to discuss how to connect two remote LANs over the internet. We will use a site-to-site IP tunnel interface to merge these remote LANs.

Using this IP tunnel, we can connect two sites from different locations or we can connect two routers from different locations. We can create private communication channels over a public network such as the internet. During the data transmission across this channel, the traffic will be encrypted by the IPSec Protocol. We will go through the step-by-step IP tunnel configuration process between two Mikrotik routers.

Let's assume that, we have two sites equipped with Mikrotik routers. Respectively, the sites are "Site-1" and "Site-2". The router IP address of the "Site-1" is 1.1.1.1 and the LAN network is 192.168.1.0/24. The router IP address of the "Site-2" is 2.2.2.2 and the LAN network is 172.16.1.0/24. The users of the "Site-1" can communicate with the users of the "Site-2" and vice-versa. They can share their local resource as like as they are in the same network.

At first, we will create an IP tunnel interface at the "Site-1" router. Then we will assign an IP address on that tunnel interface. Then we will provide a static route entry to reach the "Site-2" router. These are the all steps that need to be performed to create a tunnel interface at the "Site-1" router. The same configuration has to be done for the "Site-2" router also.

Let's start with the "Site-1" router. We will perform all the configurations using the "Winbox" tool. Now we will create a tunnel interface. To create a tunnel interface, click on the "Interface" from the menu and then select "IP Tunnel" from the "Interface List" window. Their click on the "+" sign to add a new tunnel.

After opening the "Add New Interface" window, navigate to the "General" tab. "In the "Name" field, we can provide a descriptive name for this tunnel. We named it "IP_Tunnel_to_Site-2". In the "Local Address" field, we will write our "Site-1" router IP address that is 1.1.1.1 and in the "Remote Address" field, we will write our "Site-2" router IP address that is 2.2.2.2. In the "IPsec Secret" field, we will provide the password to encrypt the transmitted data. Then uncheck the "Allow Fast Path" ticked button. Leave the rest of the things with the default value. Then click on the "Apply" and then "OK" button to close this window.

Now we will create the IP tunnel interface in the "Site-2" router. The tunnel interface name will be "IP_Tunnel_to_Site-1". The local address will be our "Site-2" router IP address that is 2.2.2.2. Here, the remote address will be our "Site-1" router IP address that is 1.1.1.1. Now we will provide the IPsec secret password. One important note is that the "Site-1" IPsec secret password must be matched with the "Site-2" IPsec secret password. Otherwise, the tunnel link can't be established. Clear the tick mark from the "Allow Fast Path" tick box. Then click on the "Apply" and "OK" button to close this window.

This tunnel should be up now. The tunnel status will be shown at the bottom of the tunnel interface. If the tunnel is established then the "running" text will be highlighted otherwise not. Just like the below:-

At both sites, our tunnel configuration is done. Now we have to configure an IP address on the tunnel interface.

First, I will configure the IP address in the tunnel interface of the "Site-1". To configure an IP address, go to the "IP" option from the "Winbx" menu and then click on the "Addresses" option. Their click on the (+) sign to add a new IP address.

In the "New Address" interface, we will write the IP address that we want to assign the IP tunnel interface. Since our network address is "192.168.1.0/24", that's why we will use "192.168.1.254" as our tunnel interface IP address. Here, we will write our IP address with CIDR value, that's why it will be okay to ignore the network mask information. Then we will select our tunnel interface from the "Interface" field. According to our example, this interface will be "IP_Tunnel_to_Site-2". Then click on the "Apply" and "OK" button to close this window.

Now we will configure the IP address for our "Site-2" tunnel interface. Since our network address is "172.16.1.0/24" at our "Site-2" office, that's why we will use "172.16.1.254" as our tunnel interface IP address. Here, in the same manner, we will write our IP address with CIDR value, that's why it will be okay to ignore the network mask information. Then we will select our tunnel interface from the "Interface" field. According to our example, this interface will be "IP_Tunnel_to_Site-1".

Our IP address configuration is done in the tunnel interface at both sites. Now we are going to add a static route entry. So that the users can reach each other from their office location.

Now we will configure the static route at the "Site-1" router. Go to the "IP" and then click on the "Routes" from the "Winbox" menu. After that, navigate to the "Routes" and click on the "+" sign to add a new rule.

In the "New Route" interface, write the "Site-2" network address in the "Dst. Address" field, which is "172.16.1.0/24". Now select your IP tunnel interface from the "Gateway" field, which is "IP_Tunnel_to_Site-2". Then click on the "Apply" and then "OK".

Now it is the turn of "Site-2". Write the "Site-1" network address in the "Dst. Address" field, which is 192.168.1.0/24. In the same manner, select your tunnel interface from the "Gateway" field, which is "IP_tunnel_to_Site-1". That's it. Now click on the "Apply" and then "OK".

All the work is done. Now a user from the "192.168.1.0/24" network or the "Site-1" office can communicate with a user of the "172.16.1.0/24" network or the "Site-2" office and vice-versa.

At the "Site-1" router, when it receives any request to reach the "172.16.1.0/24" network, it will check its own routing table to find out any route entry to locate that location. When its found this "172.16.1.0/24" entry, then it will forward all the requested traffic to that IP tunnel interface which is "IP_Tunnel_to_Site-2". 

The same will happen in the case of the "Site-2" router. To reach the "192.168.1.0/24" network, it will forward all traffic using the IP tunnel interface which is "IP_Tunnel_to_Site-1".

This is how we connect two remote LANs over WAN. This is how we connect two remote offices over the internet.