I have two sites.
Site A = DHCP 172.16.0.1/16
Site B = DHCP 192.168.100.1/24
I have a separate router for Site A and Site B.
Both routers have separate internet connections.
I want to
assign Site A IPs (172.16.0.0/16 DHCP) to my few clients at Site B with the help of Vlans.
I don’t want to use VLAN on Site A.
(Traffic coming from the site A router will be marked as VLAN 10 by the Site 2 Router)
Vlan 10 = 172.16.0.0/16
Vlan 20 = 192.168.100.0/24.
Hope you understand.
Regards
Tell us a bit more about network layout on site B: how are devices connecting to router B, do you have VLAN-aware switches? Also important: how do you intend to connect both routers, using dedicated direct connection or using VPN over internet?
Yes, I have Mikrotik HAP AC2 on Site 2 for my client which will work as WiFi routers and switches also. (Also handel Mikrotik HAP with CAPSman)
Both routers are in the same place and connected to an ethernet wire.
OK, so you can connect e.g. ether16 of router A with e.g. ether4 of router B. You need to add ether16 of routerA to it’s LAN bridge (making config exactly the same as if you wanted to connect a LAN PC to that port). On router B you have to configure ether4 as access port of VLAN 10. At the same time you need to enable vlan-filtering on LAN bridge of same router.
As to the rest of network: you can keep using “native” LAN subnet of site B as untagged (the one you marked as VLAN 20 on your diagram). So you have to add tagged VLAN 10 on ports where it’s needed … on downstream ports from router B as well as any switches and/or APs. Those ports will become hybrid (in ROS parlance) with tagged VLAN 10 and untagged. I believe that’s called “trunk with native VLAN” on some other vendors. Note that implicitly the “native” LAN subnet will be VLAN 1 on most equipment (MT included), but that doesn’t matter much as all the wires will see untagged frames. Some end ports (where you want to connect devices that you want to be members of site A IP subnet) will have to be configured as access ports of VLAN 10.
add router B to VLAN 10 (make LAN bridge interface tagged member of this VLAN and create corresponding /interface/vlan) 172.16.0.0/16 address to router B and on router A add static route towards 192.168.100.0/24 via router B address
on the interconnection link add another (tagged) VLAN, configure it properly on both routers, add another IP subnet only for this connection and establish routing between both LAN subnets.
In this case router config will be symmetrical and it won’t rely on the VLAN 10 being passed between sites in switched manner. Also allows to configure firewall etc. properly on each side individually.
I’d go with option #2 even though it seems a bit more complex.
