Hello again, I’ve spent most of the day reading to related threads but none seem to be MY EXACT situation, so I hope this is not a duplicate and someone is able to assist me.
I have my Internet router connected to port 1 on RB750GL, I have it on a static ip of 10.0.0.2.
I am using ports 2,3 and 4 in a bridge assigned to a DHCP server with the range 192.168.88.0/24
Each port in the bridge is connected to a switch but all connected devices are within the same subnet 192.168.88.0.
I have a wireless router connected to one of the switches where I configured the WAN as static with IP 192.168.88.4 and I have DHCP enabled on this wireless. The range for the DHCP on the Wireless is set to 192.168.90.0/24.
The issue I have is that I am unable to ping any device on the subnet 192.168.90.0 from 192.168.88.0 and vice versa. The only way for me to access the 192.168.90 subnet is if I am connected to that DHCP specifically.
I’ve already tried disabling all firewall rules with no dice.
I’ve tried to setup routes on Mikrotik to be able to access that subnet without luck either.
So to clarify, the subnets are NOT both on Mikrotik directly (which seems to be the most common case), one subnet is from Mikrotik and the other one is from the wireless router. They are both wired to the same network but each has its own DHCP server and I’m not sure how to get them to communicate.
Hello,
if i’m getting right what you are trying to accomplish, this is what you should do:
Create static route for 192.168.90.0/24 network
/ip route
add distance=1 dst-address=192.168.90.0/24 gateway=192.168.88.4
This should be enough for MT to know where theese IP’s are. Real question/problem is how will your wireless router pass traffic to hosts behind him? Will he allow traffic (to LAN) he’s considering as WAN side traffic? Provide more information about your WiFi router settings.
Also, what is default route on your 192.168.90.0 router? Sorry for messy answer, English is not my native language.
Besides the correcting the routes you can try to use romon or nat or jump via subsequent telnet sessions from one router to another. Depends on your needs / restrictions / possibilities.
Thank you so much for your reply. I feel so much better to realize I wasn’t going nuts trying the same thing over and over again. This is the exact approach I was taking so I am glad I was not wrong in my assumption.
Sadly it does not work. I have re-created the route again just as you offered to confirm and sure enough I can’t ping the IP:
So as per your comments I am now thinking the problem might actually be on the wireless router itself? if so, here are the details.
Router Model: TL-WDR3600
And this is the routing table on the router (setup by default):
ID Destination Network Subnet Mask Gateway Interface
1 192.168.88.0 255.255.255.0 0.0.0.0 WAN
2 192.168.90.0 255.255.255.0 0.0.0.0 LAN & WLAN
3 0.0.0.0 0.0.0.0 192.168.88.1 WAN
It lets me add new routes but they can’t be on the same lan or wan subnet… so my best guess here is that the WAN does not forward traffic to the LAN (for protection maybe?).
The only work around I’ve made work is creating a Virtual Server on the wireless router itself and giving it a port number, then redirecting that to one of the machines on the .90.0 subnet. If I do that I can access that machine / device but I wanted to avoid that approach since that would mean using a port for each device on that subnet.
So seeing this might be an actual hardware limitation on the wireless router I might need to rethink the setup I have and use the wireless router as a switch instead so that I can control everything from a single subnet.
The issue was with the NAT on the wireless router. I simply disabled it and rebooted the router and with the previous route we had setup (2nd post in this thread) ping started to work and I am able to access / see the network.
As an additional note, while I think its not precisely related I wanted to mention just in case that I dumped all my firewall rules and recreated them from scratch. It is also possible I had a wrong firewall rule set at some point so that is also worth checking.