Routing Between Subnets with RB750's.

I’m needing help with setting up some routing in an RB750.

Here’s a diagram showing how this system is put together. The blue lines designate the 1st physical ethernet network, and the red lines designate the 2nd physical ethernet network (which must remain physically separate from the 1st ethernet network, but must still get internet connectivity over the 1st (blue) ethernet network, thus the reason for Router 3). There are three subnets in this entire system - 192.168.1.x, 10.10.10.x, and 192.168.5.x.

The computers in the 192.168.1.x subnet get their internet connectivity through Router 1.
The phones in the 10.10.10.x subnet need to connect to the server and get their internet connectivity through Router 2.
The computers in the 192.168.5.x subnet get their internet connectivity through Router 3 and Router 1 (double natting used here). The gateway in Router 3 is set for the IP address of Router 1. This allows for internet connectivity, but still keeps other traffic from being carried between the two physical networks (the blue and red).

Currently, I’m using a couple of VPN tunnel ‘appliances’ to get a route between the 10.10.10.x phones on the 2nd (red) ethernet network, to the rest of the 10.10.10.x subnet. Basically, it ‘routes around’ Router 3. I did not show these VPN tunnel ‘appliances’.

With this configuration (including the VPN tunnel appliances), everything works, except that I’ve also opened up a ‘path’ for other traffic between the two physical networks (the blue and the red) through the VPN, which I do not want.

My goal is to do away with the VPN tunnel appliances and set up proper routes in the RB750’s, so that the phones on the 2nd (red) ethernet network, can connect to the rest of the 10.10.10.x subnet, through Router 3, and the computers on the 2nd (red) ethernet network can get their internet connectivity through Router 3 and Router 1, but no other ‘connections’ being possible between the two ethernet networks (the blue and the red).

I’ve tried various route settings in Router 3 (the one that’s between the two physical networks), but I can’t come up with any route settings that will allow the 10.10.10.x devices on the 2nd (red) ethernet network to ‘reach’ the phones and server on the 1st (blue) ethernet network.

Is it possible to do what I need to do here, with an RB750?

John Rayfield, Jr.
VC-Network_06-03-15.pdf

I don’t think routes and tunnels is the way to go, rather vlans would be better.

A VLAN prefixes all ethernet packets with an ID. One ID is for phones, the other for computers. So then despite sharing cabling, logistically the ethernet packets are kept separate and thus belong to different LANs (hence the name virtual lan).

Look in your phone’s config, there should be a setting for vlan id. Some phones have a port that you can plug your computer into to share the jack in the room. These phones often have an option to tag packets coming from the computer with another vlan id.

In your computer’s network card config (device manager > network card > properties > advanced) there is usually a spot for vlan.

IF all devices have their own cable back to the Mikrotik switch, then you wouldn’t have to set vlan tagging on computers and phones, rather it gets applied to packets on specific ports of the switch.

Then, you could have 1 mikrotik with two dhcp servers (one for computers, one for phones).

Read more here:
http://wiki.mikrotik.com/wiki/Manual:Interface/VLAN#Create_.27trunks.27_and_implement_routing_between_VLANs