Hi

I’m just learning here and experimenting with different scenario’s. I would appreciate picking your brains on this setup.

I have:
Main Network WAN on 192.168.88.1 - pppoe connection via Mikrotik to a bridged ADSL modem
VOIP WAN on 192.168.8.1 - Vlan 2 - ethernet connection coming in from supplier
HP procurve L3 switch - WAN is untagged vlan0, VOIP WAN is dedicated and tagged on one port and untagged on the necessary ports for the phones

I want to access VLAN2 from outside - favorite method at the moment is to reverse ssh tunnel. I will be experimenting with vpn next. So what I did was untag vlan2 on port WAN connection from Mikrotik on the procurve, add vlan2 interface on M with necessary static address. Hunky dory - can now access phones on VLAN2

However now each subnet and ping and access each other. The whole point of being on Vlan is to separate and not route between. Why does this occur when I add on the Mikrotik? What I mean is that I specified VLAN2 when adding - should the addition not automatically exclude all subnets except whats on VLAN2?

Also now that the subnets can ‘see’ each other, will both WAN dhcp servers be in competition and live on both subnets?

Many thanks in advance.

I’m trying to visualize your network layout without success. However, the MikroTik is a router, it will happily route traffic between the different LANs unless you prevent it from doing so via firewall rules. That’s about as far as I can go with your limited description of what is connected to what.

Please give a little more detailed description of the network layout, and I might be able to give more detail. I am very familiar with VLANs on the HP switches, and getting a pretty good understanding of them with the MikroTik routers and switches.

Jim

Apologies! I thought it was adequately laid out. Thank you for taking the time to reply. I’ll try again.

Mikrotik on eth1 has pppoe connection to ADSL modem. Then provides internet connection to the 192.168.88.0/24 lan via eth3. Also provides DHCP services. VLAN2 is also added to interface eth3 as described. eth3 is connected to procurve.

Service provider for VOIP internet connectivity is also connected to procurve on a tagged port for VLAN2. DHCP is also provided on the 192.168.8.0/24 range.

Procurve has VLAN0 untagged on all ports except the port for VOIP service provider. VLAN2 is untagged on all ports requiring VLAN2 as well - ports 1-10 for the phones.

I’m still learning - hope the above clarifies the layout. If not, could you give me an example of what you need to clarify?

as per @fewi requirements, I am posting configs here:
"/ip address print detail"
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; default configuration
address=192.168.88.1/24 network=192.168.88.0 interface=ether1 actual-interface=ether1
1 address=192.168.1.1/24 network=192.168.1.0 interface=wlan1 actual-interface=wlan1
2 address=192.168.2.2/24 network=192.168.2.0 interface=ether3 actual-interface=ether3
3 address=192.168.8.5/24 network=192.168.8.0 interface=VLAN2 actual-interface=VLAN2
4 D address=(blanked out) network=(blanked out) interface=Afrigreen actual-interface=Afrigreen(pppoe connection)

/ip route print detail
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
0 ADS dst-address=0.0.0.0/0 gateway=41.170.73.1 gateway-status=41.170.73.1 reachable via Afrigreen distance=1 scope=30 target-scope=10
1 ADC dst-address=(blanked out) pref-src=(blanked out) gateway=Afrigreen gateway-status=Afrigreen reachable distance=0 scope=10
2 ADC dst-address=192.168.1.0/24 pref-src=192.168.1.1 gateway=wlan1 gateway-status=wlan1 reachable distance=0 scope=10
3 ADC dst-address=192.168.2.0/24 pref-src=192.168.2.2 gateway=ether3 gateway-status=ether3 reachable distance=0 scope=10
4 ADC dst-address=192.168.8.0/24 pref-src=192.168.8.5 gateway=VLAN2 gateway-status=VLAN2 reachable distance=0 scope=10
5 ADC dst-address=192.168.88.0/24 pref-src=192.168.88.1 gateway=ether1 gateway-status=ether1 reachable distance=0 scope=10

/interface print detail
Flags: D - dynamic, X - disabled, R - running, S - slave
0 R name="ether1" type="ether" mtu=1500 l2mtu=1526 max-l2mtu=1526
1 name="ether2" type="ether" mtu=1500 l2mtu=1522 max-l2mtu=1522
2 R name="ether3" type="ether" mtu=1500 l2mtu=1522 max-l2mtu=1522
3 R name="wlan1" type="wlan" mtu=1500 l2mtu=2290
4 R name="VLAN2" type="vlan" mtu=1500 l2mtu=1522
5 X name="Webafrica" type="pppoe-out"
6 R name="Afrigreen" type="pppoe-out" mtu=1492


/ip firewall export

jun/12/2016 09:19:01 by RouterOS 5.21

software id = 4427-73ZF

/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s tcp-close-wait-timeout=10s tcp-established-timeout=1d tcp-fin-wait-timeout=10s
tcp-last-ack-timeout=10s tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall nat
add action=masquerade chain=srcnat disabled=no
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061 sip-direct-media=yes
set pptp disabled=no

Hope I get a bite here?