as you can see there are 4 routers (RB941-2nd) and 2 manageable switches (TP-LINK TL-SL2210)
Here a list about each router’s configuration
[R2]
ether1 = 192.168.20.2/30, ospf area0/backbone
ether2 = 10.10.10.1/24
vlan10 = vlan id 10, interface ether2
vlan20 = vlan id 20, interface ether2
tunnel = PPTP, 172.16.1.1/32
bridge1 = ether2, vlan10, vlan20, pptp server binding
[R1]
ether1 = internet
ether2 = 192.168.10.1/30, ebgp
ether3 = 192.168.20.2/30, ospf area0/backbone
[R3]
ether1 = internet
ether2 = 192.168.10.2/30, ebgp
ether3 = 192.168.30.1/30, ospf area0/backbone
[R4]
ether1 = 192.168.30.2/30, ospf area0/backbone
ether2 = 10.10.10.10/24
vlan10 = vlan id 10, interface ether2
vlan20 = vlan id 20, interface ether2
tunnel = PPTP, 172.16.1.2/32
bridge1 = ether2, vlan10, vlan20, pptp out/client
all routers succesfully connected to each other, so i think my routing configuration is correct and all clients can communicate to each other
my question is, how to divide 2 VLAN segment (vlan10 and vlan20)?, so their client can’t communicate to each other except client with same VLAN ID (ex : PC 1 can Communicate to PC 3 but can’t Communicate to PC 4)
There’s something missing either from your explanation or from the diagram. Are you saying that all clients can communicate with each other right now even though you have the same /24 on the same switch separated into 2 vlans? There must be more to that story.
If you want PC1 to talk to PC3 but not PC2 or PC4, then from how I see it, this is a case where you would use an ethernet tunnel (EoIP) to connect them together between R2 and R4 and keep them separate from each other with regular vlans on the switch and the routers (R2 and R4).
How you would get routing to work to the internet, if you want that, is for someone else to figure out… Seems like you would have to do some 1:1 NAT or something.
You said “all clients can communicate to each other”. This should not be the case based on your diagram.
I just want you to explain how you can have the same subnet (10.10.10.0/24) talking from R2 to R4, and in vlan 10 and vlan 20 and those machines can talk to each other. That should not be the case unless you’re bridging the vlans together somewhere. Also, how are those machines talking across the routers on the same subnet as well?
This violates basic IP routing: One subnet to one layer 2 domain (VLAN). You can’t split a subnet across layer 2 domains unless you’re bridging them somehow. And the same subnet can’t talk across routers unless you’re already doing some sort of EoIP bridging.
Okay i get it, the reason why all my client can communicate each other bcs i bridge “vlan in-interface and vlan out-interface” in one bridge, and i already got the solution for my problem and you’re right about using EoIP so thank you
In case someone out there have the same problem here the solution
I created 2 extra vlan that have same id as the two previous one and the interface for that vlan is EoIP tunnel interface and then i created 2 bridge for each vlan, bridge1 for vlan10in (vlan10 that have ether2 as interface) and vlan10out (that have EoIP tunnel interface) and vice versa for bridge2 and vlan20
So back to your original question, how to keep PC1 and PC3 together, and PC2 and PC4 together. That’s not so difficult if you just separate the VLANs and make 2 separate EoIP tunnels across the R2 and R4 routers.
However, if you want them to “talk to the internet” as well, you’re going to have trouble if you still want to use the same 10.10.10.0/24 subnet on “both” sides. You really should change one.
This is getting a little bit out of my experience area, but if I was going to do this I would put a gateway on the internet facing routers and an EoIP tunnel to them (or a gateway on R2 and R4 with routing to the internet) and make it work somehow. How that is, I don’t know at the moment. Someone smarter than me should answer that
