how to achieve this setup?

snooOren6925 · November 11, 2024, 8:33am

hi there

I’m toying with various ways to setup a network as part of my learning. I’ve done the following setup previously successfully with the same set of devices on the network

mikrotik RB5009 as main router (to internet) and TPlink access point only - no issues
TPlink as router and RB5009 as another switch (bridged all interface with DHCP+DNS on TPLINK) - flat network - no issues
TPLINK as router (DHCP+DNS) and RB5009 as an internal router (bridge eth1-8 and SFP port Dynamic IP from TPLINK). this setup as double NAT (on TPLINK and RB5009) - no issues

I’m trying to now have TPLINK as the router to internet (DHCP and DNS) but only for the network 192.168.0.0 and RB5009 at the centre of the network. see attached diagram. is the following things do correct (want to avoid double NATing)

a. create a bridge with only eth7 & 8 which will connect the TPLINK router and switch for network 192.168.0.0
b. using SFP port on RB5009 connect to switch (10g connection) and form a subnet of 192.168.88.0 with 2 LAN client. (how do i go about doing this?) do i create another bridge with just the SFP port?
presume I can setup a DHCP for the subnet 192.168.88.0 to assign IP address
c. need static route on TPLINK router and RB5009 so that traffic can flow between the 2 subnet
d. can i enable firewall on the SFP port to protect the the LAN clients?

would like to achieve the topology but just wondering what’s the best way to setup it on on RB5009. any guidance is much appreciate. thanks

Lokamaya · November 11, 2024, 9:17am

Why do you need a bridge? Do you mean bonding?

Deco X7 has 1 x 2,5Gb RJ45 and 2 x 1Gb RJ45
Rb5009 has 1 x 2,5Gb Rj45 (on eth1), 7 x 1Gb RJ45 (including eth7 and eth8) and 1x SFP+

anav · November 11, 2024, 2:03pm

Your request makes no sense to me.
You cannot have the rb5009 providing separate subnets without double NAT because its now acting as a router not a switch.
Why do you insist on using the TPLINK router at all… Dump it…

mkx · November 11, 2024, 6:33pm

You can. But TPlink has to perform NAT also for “alien” subnets on LAN side … and I’ve no idea if that’s possible or not.

anav · November 11, 2024, 7:41pm

Hmmm well THIS IS possible
THE 5009 Acting as Router with a few of its own subnets using ports 2,3 Incoming VLAN on trunk pork ether1 terminates on the router and VLAN identified to bridge on the router. This is the incoming private WAN from the TPLINK.

The 5009 on the trunk port above also receives TP link VLANS (assumign the tplink can have vlans) , simply to transfer to outgoing ports 4,5 ( no other relationship to router ).
If there are no vlans from the TPLINK and the TPLINK can only do one subnet, then this part is NOT required.

WHAT IS NOT POSSIBLE
Is TPLINK to provide dhcp for one subnet including an IP for the private WANIP to RB5009, and not have the rest of the network double natted.
In other words, if you dont want double nat, DROP the TPLINK like cold turkey and run all off RB5009 or put it after the RB5009

If you are saying you get two WANIPs from the ISP provider perhaps more can be done.

WHY WHY WHY, does this TP link have to be ISP facing?
What model is it, and can it handle vlans??