Hi!
I would like to know if it is possible to configure a Mikrotik RouterOS 7.19.6 RB5009UPr+S+ router with the following topology:
* I currently have a network with many devices on the 172.18.0.0/18 network. I want to separate them into different VLANs but keep the same gateway (172.18.0.1) that they are currently configured with.
Is there a way to configure this? I’ve tried using InterVLAN + proxy-ARP, but I still haven’t figured it out.
Best regards.
Edit: my brain read /22 instead of /18. How many vlans are you planning? /18 is a lot more than 4 /24 subnets. in fact 64.
Can you explain what the real goal is?
Do you plan to use dhcp?
Original follows:
What is the purpose of the different vlans?
What does "them"/"they" refer to in "I want to separate them into different VLANs but keep the same gateway (172.18.0.1) that they are currently configured with."
Assuming you are going to split into 4 /24 subnets (172.18.0.0/24, 172.18.1.0/24, 172.18.2.0/24 and 172.18.3.0/24), what is the disadvantge of having a unique gateway for each vlan?
Having a single subnet per vlan is the "standard" way to do this. Why be different? If there is a good reason, please explain.
I don't have an exact number of VLANs. Since I have several different setups, sometimes there might be 15 VLANs and other times 3 VLANs.
The real goal here is to separate network traffic, reduce broadcasts, and segment the network. We often have issues with staff plugging devices into our equipment, causing them to fail. We need to pinpoint exactly where the problem occurred and prevent other devices from malfunctioning.
We do not plan to use DHCP. As I mentioned earlier, our network is already set up. Each device has its own IP and gateway configured. Since all devices are on the same 172.18.0.0/18 network, they will all have the same gateway: 172.18.0.1. This entire network is currently in production.
So, it sounds like you are looking for a magic bullet to solve your problem.
It isn't obvious to me how extra vlans will help your situation.
You don't say what the "issues" are when staff plug devices into your equipment, causing "them" to fail.
What does "issues" mean?
What does "them" refer to? Your equipment? The device being plugged in?
If you are using static addressing you are much more likely to have "issues" like duplicate ip addresses.
A possible scenario:
User Bob has a PC with ip address 172.18.32.232/18 and gateway 172.18.0.1
His PC is old and he gets a replacement. To make things "consistent" with the old PC the new one is configured with the same static ip address and gateway (172.18.32.232/18 and gateway 172.18.0.1). The old PC is put into a "spare pool" instead of being disposed of, or someone dumpster dives and retrieves it (and it hasn't been wiped).
Later someone plugs the old PC back into the flat network, and Bob calls complaining that his PC is having problems.
How will vlans possibly help?
I think the real solution is to migrate to new ip addresses and when you do, use dhcp.
Do you even have managed switches where you can see the mac address tables? That's usually the best tool for finding where the duplicate ip address is located.
But I don't even know if duplicate ip addresses is the problem you are trying to avoid.
In any case, I don't see how vlans and proxy-arp could solve the problem you are describing, especially if you somehow expect this to work without reconfiguring the "devices".
To give you some context, here’s the current situation:
On our current network (172.18.0.0/18 + GW 172.18.0.1), we have 2,500 devices connected.
An outside company connected a device with a gateway of 172.18.0.1, which caused a loop in our network. Our system became isolated.
My goal is to segment the network so that if this happens again, the inconsistency doesn’t spread throughout the entire network (so it stays within a single VLAN?). I had also considered using proxy-ARP so that our devices point to the same GW even when they’re on different VLANs.
Is this possible?
That's a bit vague. I can create a network in my house that has 172.18.0.1 as the GW and it should have no effect on you.
Or are you saying that a service company brought in a device with a GW set to 172.18.0.1 (using your gateway). How did that cause a loop? Or are you saying that someone put is a rouge dhcp server with 172.18.0.1 as its ip address and set option 3 with address 172.18.0.1.
I don't know of any good solution other than using multiple smaller subnets, each in their own vlan/lan/broadcast domain.