Posted inSCRIPTLAR VA SOZLAMALAR

MikroTik-da VLAN sozlash bo’yicha to’liq qo’llanma

No Comments

1. VLAN nima?

VLAN (Virtual Local Area Network) – bu tarmoq segmentatsiyasini ta’minlovchi texnologiya bo‘lib, turli guruhdagi qurilmalarni izolyatsiya qilish va tarmoq xavfsizligini oshirish imkonini beradi. MikroTik routerlarida VLAN yordamida tarmoqni yaxshiroq boshqarish mumkin.

2. VLAN sozlashning asosiy usullari

MikroTikda VLAN-larni ikki asosiy usulda sozlash mumkin:

  • Bridge orqali VLAN – switch vazifasini bajaruvchi qurilmalarda ishlatiladi.
  • RouterOS interfeyslari orqali VLAN – Layer 3 yo‘naltirish talab etilganda ishlatiladi.

3. VLAN yaratish va sozlash

3.1. VLAN interfeysini yaratish

Quyidagi buyruq orqali MikroTik’ga yangi VLAN interfeys qo‘shamiz:

/interface vlan
add name=VLAN10 vlan-id=10 interface=ether1
add name=VLAN20 vlan-id=20 interface=ether1

Bu yerda:

  • VLAN10 va VLAN20 – VLAN interfeys nomlari,
  • vlan-id=10 va vlan-id=20 – VLAN identifikatorlari,
  • interface=ether1 – VLAN bog‘lanadigan interfeys.

3.2. VLAN interfeysiga IP-manzil berish

/ip address
add address=192.168.10.1/24 interface=VLAN10
add address=192.168.20.1/24 interface=VLAN20

Bu amallar orqali har bir VLAN interfeysga IP-manzil beriladi.

3.3. DHCP server sozlash

Agar VLAN-larga avtomatik IP manzillar taqsimlash kerak bo‘lsa, DHCP serverni sozlash kerak:

/ip pool
add name=pool10 ranges=192.168.10.100-192.168.10.200
add name=pool20 ranges=192.168.20.100-192.168.20.200

/ip dhcp-server
add name=dhcp10 interface=VLAN10 address-pool=pool10 disabled=no
add name=dhcp20 interface=VLAN20 address-pool=pool20 disabled=no

/ip dhcp-server network
add address=192.168.10.0/24 gateway=192.168.10.1
add address=192.168.20.0/24 gateway=192.168.20.1

3.4. VLAN-larni Bridge orqali sozlash

Agar MikroTik switch funksiyasida ishlatilsa, bridge yordamida VLAN-larni sozlash tavsiya etiladi:

/interface bridge
add name=bridge1 vlan-filtering=yes

/interface bridge port
add bridge=bridge1 interface=ether2 pvid=10
add bridge=bridge1 interface=ether3 pvid=20
add bridge=bridge1 interface=ether4 pvid=10

/interface bridge vlan
add bridge=bridge1 tagged=ether1 untagged=ether2,ether4 vlan-ids=10
add bridge=bridge1 tagged=ether1 untagged=ether3 vlan-ids=20

Bu holatda:

  • bridge1 – VLAN filtering yoqilgan bridge interfeys,
  • ether1 – trunk port (tagged VLAN-lar uzatiladi),
  • ether2 va ether4 – VLAN 10 uchun access portlar,
  • ether3 – VLAN 20 uchun access port.

3.5. Firewall qoidalarini qo‘shish

Agar VLAN-lar o‘zaro izolyatsiya qilinishi kerak bo‘lsa, firewall qoidalarini sozlash mumkin:

/ip firewall filter
add chain=forward action=drop in-interface=VLAN10 out-interface=VLAN20
add chain=forward action=drop in-interface=VLAN20 out-interface=VLAN10

Bu qoidalar VLAN 10 va VLAN 20 o‘rtasida trafikni bloklaydi.

4. Xulosa

MikroTik-da VLAN sozlash orqali tarmoqni samarali boshqarish, xavfsizlikni oshirish va trafikni segmentatsiya qilish mumkin. Ushbu maqolada VLAN interfeys yaratish, IP-manzillar berish, DHCP server sozlash va firewall qoidalarini qo‘shish ko‘rib chiqildi. Agar savollaringiz bo‘lsa, izohlarda qoldiring!

Tags:
0 0 ovozlar
Article Rating
Obuna boʻling
Xabar berish
guest

0 Comments
Eng avvalgi
Eng yangi Eng ko'p ovoz berilgan
Inline fikr-mulohazalar
Hamma izohlarni ko'rish