Building a home Lab : Configuring the Mikrotik routerboard for the Local Area Network
Moses Msukwa
Having outlined the intention to build a physical homelab for exploring networking and cybersecurity in my previous article. In this article, we will take the first step of the project. We will configure and deploy a microtik routerboard as a core router and switch for the project. We will segment the home network into VLANs. We will then configure the respective IP Addresses and the DHCP Servers for the VLANs. We will configure access ports for the VLANs and reserve 1 ethernet port for Internet reception from an ISP. For all configurations, we will use WinBox to connect and interface with the routerboard throught the configuration process.
Creating a bridge and assigning ports
Firstly, we need to create a bridge and name it homebridge. In our case, the routerboard already has a default bridge configured, we will just rename it to our desired name. To create or rename the bridge, on the leftbar of our winbox interface, we select bridge and then the select the only listed bridge. In the generals section of the provided interface, on the name field we type ‘homebridge’ as desired. Below is the impression.
After creating the bridge, we need to assign ether ports 2 to 4 to our homebridge. The 4 ports assigned to homebridge will be used as access and trunk ports. We will not assign port ether1 to homebridge because it will be used for Internet connection from our ISP.
Creating the VLANs
After creating the bridge and assigning the ethernet ports to our homebridge, we now have to configure the VLANs. The 4 VLANs are detailed in the table 1.
| No. | VLAN ID | VLAN NAME |
| 1 | 10 | HOMEWIFI |
| 2 | 11 | NETWORKMANAGEMENT |
| 3 | 5 | SERVERS |
| 4 | 15 | ENTERTAINEMENT |
We will start with creating the “NETWORKMANAGEMENT” VLAN Which has a VLANID of 11.
On the leftbar of our winbox interface, select interfaces, then select the VLAN tab and click the + sign.
On the presented New interface form, we will Name the interface as ‘NETWORKMANAGEMENT’ as intially desired. we will also give it the VLAN ID of 11 and on the interface field, we select the “homebridge” interface from the drop down. Lastly, click apply and ok to save the settings. Thus, we have created our first VLAN.
Image 1 showing a form for creating a VLAN.
Following the above process, we will also add the SERVERS, HOMEWIFI and ENTERTAINMENT VLANs assigning them their respective names and VLANIDs as shown in the table 1. For each VLAN , we should also assign the ‘homebridge’ on the interface field. Image 2 shows the list of our newly created VLANs.
Image 2 showing all created VLANs.
Defining IP addresses
After creating our VLANS. We need to add IP Addresses to be used in each VLAN. On the left bar of our winbox interface, select IP then Addresses, then click the + sign. We will start defining the IP addresses for the SERVERS VLAN. On the New Address form, we add the address 192.168.1.1/28, the network 192.168.1.0 and on the interface field we select the SERVERS VLAN. The image below shows the defined fields for the SERVERS VLAN.
Image 3 showing all created VLANs.
We now have to define the IP Addresses for all the VLANs following the above process. Table 2. shows the values for each IP address range to be defined .
| VLANS | ADDRESS | NETWORK | INTERFACE |
| SERVERS | 192.168.1.1/28 | 192.168.1.0 | SERVERS |
| HOMEWIFI | 192.168.1.17/28 | 192.168.1.16 | HOMEWIFI |
| ENTERTAINMENT | 192.168.1.33/28 | 192.168.1.32 | ENTERTAINMENT |
Image 4 below shows all the the defined IP addresses.
Image 4 showing defined IP addresses for the VLANs.
Configuring DHCP Servers
We now have to configure DHCP servers for each of the VLANs with their respective IP pools emanating from the IP addresses we defined previously.
On the leftbar of our winbox interface, we select IP, then select DHCP server, on the top bar select DHCP setup. On the provided DHCP setup form, select the desired DHCP Server interface, in this case we select HOMEWIFI. We will then follow through by clicking next to go with the provided defaults for each VLAN. For the DNS will will put 8.8.8.8 for starters. We then have to follow the above process to define the DHCP Server for the ENTERTAINMENT VLAN. Image 5 the DHCP Servers created.
Image 5 showing defined DHCP server for 2 of the VLANs.
Defining access and truck ports
We now have to create the access or truck ports for the VLANS for the ports that we attached to our bridge. Access and truck ports are also reffered to as untagged and tagged ports. In simple terms, an access/untagged port allows traffic for a single VLAN while a trunk/tagged port allows traffic for multiple VLANs.
For the homelab, we do not need any Truck ports for now hence we will not create any. However, we only need and create access ports for 3 of our VLANs. These include SERVERS, HOMEWIFI and ENTERTAINMENT. Table 3 shows the access ports to be created for the 3 VLANs on the routerboard.
| Port | VLAN ID | VLAN NAME | Description |
| Ether1 | N/A | N/A | Left for Internet connection, connect to ISP router |
| Ether2 | 10 | HOMEWIFI | Wireless access point |
| Ether3 | 5 | SERVERS | For AD |
| Ether4 | 5 | SERVERS | For SIEM |
| Ether5 | 15 | ENTERTAINEMENT | TV CONNECTION |
Table 3 showing the access ports to be defined for the VLANs.
To do create the access ports, on the leftbar of our winboz Interface, we select bridge, then on the top bar we select the VLANs tab. The we select the + sign to create our access ports. We will start defining access ports for the SERVERS VLAN. On the New bridge VLAN form, for the bridge field we select “homebridge” from the dropdown list, on the VLANID field we put 5, on the tagged field we add homebridge (Note that for all VLANS on the tagged field we must add homebridge). On the untagged field, we select ether3 and ether4 as shown in table above. We then click apply and ok to save our settings. We now have ether3 and ether4 as access ports for our SERVERS VLAN. Image 6 shows the fields defining the access ports for the SERVERs VLAN.
Image 6 showing form for defining access ports
Following the above process and referencing the table above, we then define the rest of the access ports for the VLANs as desired in our table. Image 7 shows the defined access ports.
Image 7 showing access ports defined for the VLANs.
Specifying the pVID on the access ports.
One more thing, as we have defined the access ports, we need to specify the pVID for each port which is initially defaulted to 1. To do this, on the leftbar, select bridge, then on the topbar, select port. For each port, click it, then go to VLAN tab and on PVID field indicate the VLANID assigned to that port. Consequentially, for ether5 the PVID is 15, ether4 and ether3 pVID is 5 and lastly ether2 the pVID is 10.
Add interface list for access
We now need to add an interface that we can use the access or connect the router when we activate the VLAN traffic on the router. On the leftbar of our winbox interface, we select interfaces, then select interface List on the top bar. The select the + sign. On the New Interface List Member form, on the List field select LAN from the dropdown and on the interface field select HOMEWIFI from the dropdown. The click ok and apply to save.
Activating the VLAN traffic on the bridge
After completing the above processes, we now need to activate the VLANs traffic on the bridge.
On the leftbar of our winbox interface, we select bridge, then select the “homebridge”, on the top bar select VLAN tab. The check the VLAN filtering field. Click ok and apply to save.
Are we up on all VLANs?
Yes
Subscribe to my newsletter
Read articles from Moses Msukwa directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
Moses Msukwa
Moses Msukwa
I am a software developer from Malawi. Skilled in android and web apps.