Joining 2 networks

RouterOS Beginner Basics
1

I would like to join two networks together so I can access each device across both. I have a Mikrotik RB2011iLS-IN router I would like to use. Can anyone please assist in how to configure router to accomplish this. I have attached a diagram of existing setup.

https://forum.mikrotik.com/download/file.php?mode=view&id=41670

2

Your diagram is confusing,
You need two MT units one behind each modem acting as the router for its connection.
Then you can setup various tunnels and connections…

3

First of all are those 2 “modems” Mikrotik Routers?
Can they connected together physically of not?

4

Thanks for the response. I have modified drawing to try and give a better understanding
Home.jpg

5

this is what you need:
https://wiki.mikrotik.com/wiki/Manual:IP/IPsec#Site_to_Site_IPsec_tunnel

have a go and let us know if you run into problems

One of your Mikrotik router needs static Public IP, or at least have DDNS setup so it can be reached from the Internet.

6

@solar77 - I am very curious to see if your mind reading skills are up to snuff, or you just like pulling rectal plucks out of thin air ;-PPP
If right, please change your name to solar666, if wrong change it to solar0

7

I have left my crystal ball in the office…

what OP want, is site to site VPN, hence the suggestion.

8

@Garfieldlyn, should be one of these 2 methods. But of course also depends on the distance between the two LANs.
If they are both in the same building then Method 2 can be sufficient. Of course both LANs should be in same network with same netmask.
You also need to set up the gateways accordingly, ie. on the LAN router or on the managed L3 switch add some static routes so that outgoing traffic goes over both WAN links.
Method 2 is faster.

Method 1:

       ISP1                   ISP2
        |                      |
----------------       ----------------
| WAN Router 1 |       | WAN Router 2 |
----------------       ----------------
             |           |
           ----------------- 
           |   LAN Router   |
           ----------------- 
                  |
           ------------------------- 
           |   Dumb L2 Switch(es)   |   
           ------------------------- 
             |  |  |  |  |
             PCs ...

>
\
<br>
> ```text
Method 2:

           ISP1                   ISP2
            |                      |
    ----------------       ----------------
    | WAN Router 1 |       | WAN Router 2 |
    ----------------       ----------------
                 |           |
               -------------------- 
               |   L3 Switch(es)   |   
               -------------------- 
                 |  |  |  |  |
                 PCs ...
9

OK…I assumed these two are in different locations, then both ADSL routers can VPN into the same Mikrotik which can forward traffic from one subnet to another. However, both routers needs to be able to do static routing as well so normal traffic would not have to through VPN

if they where in the same building, yes a direct wired connection via L3 switch would be the way go to. Would an RB2011 do it? probably yes, not sure about the performance though. If you want to use the RB2011, keep both connection on the gigabit ports, not the 100Mbps ports.

10

Thanks all for the input. I have modified drawing to show actually what is existing to make things clearer
Network.jpg

11

Is the RB2011 able to be wired to both routers (ie in same building etc).

12

@Garfieldlyn, how far apart are LAN1 and LAN2? Are they in the same floor / building / city / country / continent / planet / galaxy / universe ? :slight_smile: :slight_smile: :slight_smile:

If you need to securely join two networks together over the Internet, then study these:
https://serverfault.com/questions/14169/how-to-securely-join-two-networks-together-over-the-internet
https://serverfault.com/questions/966895/routing-between-two-networks-connected-via-vpn-on-linux
Ie. you need to use VPN, IPsec, IPIP etc, ie. an encrypted tunneling protocol over the insecure Internet…
Check whether your WAN routers can do VPN/IPSec, else replace them with routers that can do VPN/IPSec…
Betweem 2 MikroTik routers one can use also “EoIP”: https://wiki.mikrotik.com/wiki/Manual:Interface/EoIP but it seems only if both LANs are in the same broadcast domain, ie. if they use the same network/netmask.

13

Yes

14

As what Solar77 said…
if they where in the same building, yes a direct wired connection via L3 switch would be the way go to. Would an RB2011 do it? probably yes, not sure about the performance though. If you want to use the RB2011, keep both connection on the gigabit ports, not the 100Mbps ports.

It sounds though that you want very limited crossover permitted so it important that you clarify the use cases in more detail…


+++++++++++++++
Interesting though, is it as simple as using the RB2011 as a router (but with no internet and no dhcp ) and just create two subnets and two bridges to match the desired LANS one from each of the MAIN routers?? Then one could apply forward filter rules to permit desired traffic? If there is not too much traffic it should be doable.
Then again that is the MTUNA certitfed approach and there may be far more efficient solutions out there from others… :slight_smile:

15

I have a Cisco SF308-08 switch. Could that be configured to do the Job

16

According to the spec https://www.cisco.com/c/en/us/support/switches/sf300-08-8-port-10-100-managed-switch/model.html

Cisco SF300-08 8-Port 10/100 Managed Switch
Device Type: Switch - 8 ports - L3 - managed
Routing Protocol: Static IPv4 routing
Authentication Method: Secure Shell (SSH), RADIUS, TACACS+

it should be possible (at least theoretically b/c one has to consult the documentation). But it has only 100 Mbps.
It seems possible: https://www.cisco.com/c/en/us/support/docs/smb/switches/cisco-small-business-300-series-managed-switches/smb5724-configure-ipv4-static-routes-settings-on-a-switch-through-th.html

17

Tried your link and configured switch but still no working. I am not that verse in understand the concept. Could someone please guide me based on the drawing. Thanks

18

What is working and what is not working? Can you ping the other sides from that device, and ping from other devices etc.?
Maybe you should ask in the Cisco forums on how to setup that Cisco L3 switch correctly.

19

I would not use the Cisco if it is only 100Mbps. The RB2011 surely will do better than that. My guess is that you can reach 200 Mbps to 400 Mbps throughput:
https://mikrotik.com/product/RB2011UiAS-2HnD-IN#fndtn-testresults

so a user case is important here, for example, if you have large amount of data to be transferred (like backup NAS to another location, have CCTV cameras on both LAN but the only NVR is at one of the locations) or if you just want to use the printer on the other LAN,

@anav
your approach is what I’d do. but it won’t work just yet. you will also need both ADSL router to have a static route, on LAN1, if you want to reach 192.168.1.0/24, go to gateway 10.41.39.xx (which is the IP of RB2011 on LAN1, and same for the LAN2, static route: if you want to reach 10.41.39.0/24, go to gateway 192.168.1.xx (IP of RB2011 on LAN2)

also correct routing on the Mikrotik, so it can forward reply packet to the correct gateway / Interface.

that’s probably it but I might missed something.

20

No I cannot ping each sides