I’m trying to separate two LAN networks on the same MikroTik router using the VRF method. I believe I’ve configured everything correctly, but for some reason, it’s not working as expected. When I apply the configuration, the network goes down, but fortunately, it happened outside of working hours.
It doesn’t work like that…
“WE” should read the export (full of configuration errors and omissions) and from there extract the network graph and all the information that YOU know but you didn’t provide “US”.
I’m sorry, but only now that I’ve answered someone else will answer this topic, but for other reasons.
extract the network graph and all the information that YOU know but you didn't provide "US".
Tell me what you need, and I will provide you with the necessary resources.
you need Network Diagram..!?
It is not like you started from fresh and only added a VRF configuration, the configuration you posted has (among other things) a wireguard connection, a macvlan, a number of src-nat and dst-nat settings, custom firewall rules and there are clear signs of having been configured and re-configured several times.
Its complexity goes well over my level of competence, so cannot provide any specific suggestions, but there are a few things that struck me and that you may want to check/fix (not necessarily related to the issue you are having):
always search a configuration for “*” (asterisk), you have a couple occurrences of it, *16, *1A, this means that something got lost in a configuration change and ROS resorted to leave a pointer to something that was there but now doesn’t exist anymore
if you use action=masquerade you cannot specify the to-addresses, masquerade is a sort of “automatic” src-nat, the to-addresses only work for src-nat
you have three routing tables (besides the two VRF’s) of which only one seems to be used (and it is disabled)
calling the VRF’s “Wifi” and “Server” are likely to confuse, I would rename them to “Wifi_vrf” and “Server_vrf”
