Very new to this platform and find the complexity a bit daunting.
I have the RB2011-UAS-RM
What I would like to do:
have different subnets/DHCP servers on each switch, with both switches using the same Wan connection.
I tried taking one SW2 interface and assigning a DHCP server to it, but it still pulls the default DHCP subnet from SW1. I assume that I somehow need to separate SW1 and SW2, but not sure how to do this.
Once that part is done I wondered how to have both switches using the same WAN interface. Would VLAN be the way to go, or maybe virtual router? I really haven’t a clue.
If I recall correctly, the RB2011 has two switches, the first includes ether1 to ether5 and the second ether6 to ether10.
Now first lets assume that your WAN port is ether1. You should group the interfaces of first switch under ether 2:
/interface ethernet
set master-port=ether2 ether3
set master-port=ether2 ether4
set master-port=ether2 ether5
Then group together the interfaces of the next switch
/interface ethernet
set master-port=ether6 ether7
set master-port=ether6 ether8
and so on
Next assign IP address on ether2 and ether6, for example:
And then setup dhcp server on ether2 and another on ether6.
For both networks to use the same WAN is pretty straight forward, just add a masquerade rule with out-interface your WAN interface.
Keep in mind that both networks will be able to communicate between them by default, unless you specify rules in firewall filter that would prohibit that.
Wow! Can’t believe a year has gone by since I started this project. The initial reply Caci99 made little sense to me at the time, but now I’ve done a little reading it seems pretty clear what the steps are. I am wondering now what the difference might be to use routes between the subnets or vlans to segment the two subnets.
I have no practical experience with VLANs, but AFAIK (from reading)…
VLANs are useful if you want the same subnet (or lack of subnet… the same “layer2” physical network, really) to be available from the entire LAN, and yet want certain devices in the LAN to not communicate with each other, before consulting the router about it. To accomplish that, you’d need to have a smart switch sitting between such devices, which would assign the VLAN based on the device requiring access, and then, if the two devices are in the same VLAN, let it communicate with it.
Routing has the same effect, except that the IPs are in different subnets, so with or without a smart switch, the router will be consulted. If both subnets are behind the same LAN, a device can always “manually” change its IP, thus bypassing the router. If you need to counter that, you can again use a smart switch, which would force all packets to pass through to the router (with or without assigning a VLAN in the process).
Or in other words, VLANs are to layer2 (MAC addresses, etc.) what routing is to layer3 (IPs, etc.) of the OSI model