SonicWall TZ205w
X1=WAN
X0 = (VPN Network) 10.11.10.0/24
WLAN = Bridged to X0
X2 = Local Network 192.168.11.0/24
X3,X4= Portgroup with X2
X0 & X2 ----> MikroTik CRS125-24G
Port 1 Gateway
Port 2 Master (192.168.11.0/24) = X2
Port 3-19 Slave to Master Port 2
Port 20 Master (10.11.10.0/24) = X0
Port 21-24 Slave to Master Port 20
New Addition ( Upstairs Office Area) has a CAT 5E connection between above MikroTik and a new MikroTik (same model as downstairs unit) in the upstairs office. Only have a single CAT 5E from the downstairs office to upstairs due to old home converted to office. Not a good way to run cabling.
So long story short, I am wanting to carry both the X0 and X2 networks to the upstairs office so that I can use both, However, they need to stay separate due to HIPAA Compliance.
You have to create two vlans, lets say vlan 11 192.168.11.0/24 and vlan 10 for 10.11.10.0/24,
Lets say port 24 will be connected to the other mikrotik
Remove master interface for it, set it to none.
This will be your trunk port. Then add two bridges lets say bridge-vlan10 and bridge-vlan11. On bridge-vlan10 add to ports section vlan 10 and ether20. Same with bridge-vlan11 add in ports section vlan 11 and ether2. At this point your port 2 and 20 will be access ports to coresponding vlan, also slave ports wil be access ports like it masters. Change port2 and 20 from dhcp server ip address to coresponding vlan so your ip and dhcp server will be assigned to vlans and not to ethers.
On the second mikrotik you have to create one trunk port to connect with both vlans and then access ports as you wish.
then create bridges, like in first mikrotik and put in then vlans and whatever ports needed for each vlan. Use like in the first, master port in bridge and slaves as you wish
To keep them separated, use out-interface ether1 in your forward accept rules.