I have a large canopy network that is currently bridged. All the canopy managment IP’s are in the range of 169.254.0.0/16 currently. Im segmenting part of this network from the rest with a mikrotik router which is setup to give out public IPs to customers over dhcp, but the canopy managment ip’s remain static of 169.254.0.0/16. How do I route the private IPs so they can be visable from both sides of the router? If I’m on the lan side I still need to be able to see the 169.x.x.x that are on the wan side and if I’m on the wan side I still need to see the 169.x.x.x addresses on the lan side.
IP is IP. You would route the canopy IP space just like you would any other IP space. I don’t understand the question apparently, because there is no difference in public/private IP space as far as routing is concerned.
Sorry, I am new to routing in general.
Let me try to explain better.
Right now our bridged network canopy devices are all 169.254.0.0/16 without gateways. So to communicate with them we put a 169.254.x.x address in our computer to talk to them. To get an IP off the dhcp server we change our settings to dhcp and the canopy hardware passes a public ip to us via our main router.
In trying to to migrate this network to a router network I have segmented one tower by putting a mt router which is between the backhaul and the access points. This router is its own dhcp server for this tower. It routes the public IPs back tothe original main router.
So now If my access point is 169.254.13.20 and Im on the backhaul side of the router I cannot talk to the access point. Vice versa if I am on the access point of the router I cannot talk to the backhaul which is 169.254.13.25.
I need to be able to get to these private ips from both sides and I cant figure it out.
The basic idea is to give the router an IP on the management network on the physical link connecting it to it. At that point the router can route traffic to that network, and will do so when receiving packets for it. You will also have to implement a default gateway on the devices to be managed so they can send traffic back, or you’ll have to NAT all management traffic to the router interface so that the devices to be managed are under the impression the router is managing them so they don’t need a route.
Hope that helps.
Edit: I like the following site for a basic overview of TCP/IP and some routing: http://www.ipprimer.com/overview.cfm. It’s fairly old but the basics haven’t changed.
So, you have something like:
Network YOU are on ↔ Router ↔ 169.254.0.0/26 AND some publics for customers
Is that correct? If so, you have an IP address that is the gateway for the customers assigned to some interface on the router. You need to add an additional address in the 169.254.0.0/26 range on the same interface. Since the devices on the 169.254.0.0/16 network do not have a gateway, you have 2 choices:
- Add a gateway IP to them (make it the IP you will assign to the interface facing that network)
- Create a NAT for traffic destined to 169.254.0.0/26.
Let’s assume that the interface facing YOU (left side of the router) is ether1. Also assume that the interface facing the 169.254.0.0/16 network is ether2. You would do this:
/ip address
add interface=ether2 address=169.254.0.1/16 comment="management for canopy"
/ip firewall nat
add chain=srcnat dst-address=169.254.0.1/16 action=masquerade
That should do it. You will, of course, have to create appropriate routes in the other routers on the network to get to the 169.254.0.0/16 network.
Still not working. Lets say i have a computer on the ether 2 side with an ip of 169.254.13.100/24 with a gateway of 169.254.13.1. I then put 169.254.13.1 on the ether 2 port of the mikrotik router. I want another computer on ether 1 to talk to 169.254.13.100. Lets say the other computer is 169.254.50.100/24. If I put 169.254.50.1 on ether 1 they do not talk to eachother. What am I missing?
Put a quad zero (0.0.0.0/0) default route on the ether1 gateway.
Private IPs are used and work just like public IPs. The only difference is that your ISP will drop private IP routes from you so they don’t go out to the Internet.
Tom