I would like to connect 2 separate LAN’s so that they communicate with each other.
Each LAN has its own internet connection.
They will be connecting using a fibre cable.
I’ve done some research and it can be done using static routes but im not getting it to work.
LAN1
Eth1 - Internet (DHCP from Provide)
Eth2-10 - (LAN -Bridge)
192.168.0.0/24
LAN2
Eth1 - Internet (DHCP from Provide)
Eth2-10 - (LAN -Bridge)
10.10.10.0/24
Hi,
What routers do you use? How the fiber will connect LAN? On LAN sides? WAN sides?
Are these LAN at the same place or in different locations?
The more details, the better the answer would be.
current testing using RB860PGS. Yes Fibre connects LAN1 SPF to LAN2 SPF. The LANs are in different locations but not too far apart thats why im thinking of connecting them using fibre
Unknown model. Sorry. Mayby RB960PGS. What is the configuration?
How can you have Eth 6 up to 10 configured for 5 port device?
sorry typo,
Eth2-5+spf all in one bridge
Well if you’re going to bridge the LANs, then the LANs needs to be on the same layer 3 network - so no routing involved.
If you want to route between the two sites… Then you need to set up a layer 3 link, not a layer 2 (i.e. brige) link.
Does any of your internet connections have public ip address ? Maybe you can use wireguard in your case.
unfortunately the internet doesnt have static public IP addresses.
On both hEX PoE devices, take sfp1 out of the LAN bridge, if not yet done. The interface should no longer be a slave port of the bridge (no more S flag)!
On router 1, add an IP address to the sfp1 interface:
/ip address
add interface=sfp1 address=172.27.1.1 network=172.27.1.2
On router 2, add an IP address to the sfp1 interface:
/ip address
add interface=sfp1 address=172.27.1.2 network=172.27.1.1
Please note that the address and network are swapped.
On router 1, add a route:
/ip route
add dst-address=10.10.10.0/24 gateway=172.27.1.2 routing-table=main
On router 2, add a route:
/ip route
add dst-address=192.168.0.0/24 gateway=172.27.1.1 routing-table=main
On router 1, add a firewall rule to allow access from router 2's LAN, to be moved above other drop rules of the forward chain:
/ip firewall filter
add action=accept chain=forward in-interface=sfp1
Further restrictions like src-address=10.10.10.0/24 and dst-address=192.168.0.0/24 can be added at will.
On router 2, add a firewall rule to allow access from router 1's LAN, to be moved above other drop rules of the forward chain
/ip firewall filter
add action=accept chain=forward in-interface=sfp1
Further restrictions like src-address=192.168.0.0/24 and dst-address=10.10.10.0/24 can be added at will.
Connect the two SFP ports together.