Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

Mikrotik with 1 wan and multiple lan subnets

Locked
 
haris013
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 80
Joined: Mon Jun 18, 2018 2:13 am

Mikrotik with 1 wan and multiple lan subnets

Mon Jun 18, 2018 2:38 pm

Hello everyone!

I just bought a mikrotik rb750gr3 (Hex). I am newbie student and i would like to learn more about computer networks, so i thought a mikrotik would be a good idea to start playing around.

I have downloaded winbox and i have plugged my MT on my PC. It seems that it has a default configuration and proposes me to apply it. Should i proceed?

My goal is to create a network topology as bellow:

Image

I have the exact hardware as the picture shows and i would like to connect at the internet, have multiple interfaces with different subnets each, clients between subnets should not be "talking" each other except 2 PC's that should have access at the whole network. Final step is a vpn connection at Lan network 192.168.3.0/24 in order to access my server remotely.

Can you guide me guys how i can achive that kind of setup?

Of course any ideas or advices in order to improve my planned network is welcome.

Thanks in advance!
Top
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19325
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:
Contact anav

Re: Mikrotik with 1 wan and multiple lan subnets

Mon Jun 18, 2018 3:39 pm

What is your higher load subnet? Or put another way, where would you want to use switch speed?
Is the intention for all users to be able to see all users (lots of shared devices on the two networks??)
Top
 
haris013
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 80
Joined: Mon Jun 18, 2018 2:13 am

Re: Mikrotik with 1 wan and multiple lan subnets

Mon Jun 18, 2018 3:53 pm

The higher load subnet would be the Lan 2 192.168.1.0/24 . I am planning to connect a nas server at the 8 port switch and is gonna be a lot of traffic due to incremental backups from clients at the the nas server. I don’t want all users to see all users, only 2 users must see the other networks.
Top
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11598
Joined: Thu Mar 03, 2016 10:23 pm

Re: Mikrotik with 1 wan and multiple lan subnets

Mon Jun 18, 2018 9:33 pm

As every port on your RB will belong to different IP network, all traffic between any network device and your NAS will flow through RB's CPU. Expect high CPU load and less than desired throughput.

Default setup will be of little help when trying to achieve your final setup. However, if you're new at Mikrotik, I'd suggest to accept default configuration, configure WAN (PPPoE) and proceed from there.
First of all, any ethernet port that is going to be used for different IP network should not belong to any bridge (in ROS). E.g. remove ethernet port 3 from default bridge, add IP address from 192.168.2.0/24 to that port and play with firewall settings so that you'll get what you want regarding connectivity between different IP networks.
Then proceed with another router port and another network ...
Top
 
haris013
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 80
Joined: Mon Jun 18, 2018 2:13 am

Re: Mikrotik with 1 wan and multiple lan subnets

Mon Jun 18, 2018 9:51 pm

As every port on your RB will belong to different IP network, all traffic between any network device and your NAS will flow through RB's CPU. Expect high CPU load and less than desired throughput.

Default setup will be of little help when trying to achieve your final setup. However, if you're new at Mikrotik, I'd suggest to accept default configuration, configure WAN (PPPoE) and proceed from there.
First of all, any ethernet port that is going to be used for different IP network should not belong to any bridge (in ROS). E.g. remove ethernet port 3 from default bridge, add IP address from 192.168.2.0/24 to that port and play with firewall settings so that you'll get what you want regarding connectivity between different IP networks.
Then proceed with another router port and another network ...
Thank you very much for the info.

Can you guide me or give me a link where is the menu/setting to assign a port with a subnet ? How I can assign a DHCP server for each port/subnet?

I saw at several menus the mtu and l2 mtu values. Should I change them? What value is the optimum according the diagram I posted above?
Top
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11598
Joined: Thu Mar 03, 2016 10:23 pm

Re: Mikrotik with 1 wan and multiple lan subnets

Mon Jun 18, 2018 10:32 pm

You don't want to play with MTU settings unless you know what you're doing.
Top
 
haris013
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 80
Joined: Mon Jun 18, 2018 2:13 am

Re: Mikrotik with 1 wan and multiple lan subnets

Mon Jun 18, 2018 10:57 pm

You don't want to play with MTU settings unless you know what you're doing.
Ok got it. About the setup settings, can you guide around the menus I should do my settings?
Top
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19325
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:
Contact anav

Re: Mikrotik with 1 wan and multiple lan subnets

Mon Jun 18, 2018 11:57 pm

Well I use Winbox and terminal
Best is to get familiar with them.
First thing I would do is have a read through this link and start there.
https://wiki.mikrotik.com/wiki/Manual:S ... our_Router

As for setup...........................
You need to define the following..........

/interface ethernet
/interface bridge ( I would put my NAS LAN on the bridge, the rest not).
/interface list
/ip pool
/ip dhcp-server
/interface bridge port (where you assign ether interfaces to bridge in this case if ether5 is your wan port and ether1 is your NAS Lan, it would be solely ether1)
/interface list member (where you define which interfaces are on the LAN or WAN.
/ip address (dont worry about the WAN one, just enter in the LAN ones - except if its a static IP and you have all the numbers)
/ip dhcp-client
/ip dhcp-server network (seems redundant but every item is entered in separately when building subnets.)
/ip dns
/ip firewall address-list (for now at least identify which PCs ;you will use to administer the router internally (or perhaps one subnet).
/ip firewall filter (the default rules plust the link above will get you going)
/ip firewall NAT
(you need to ensure private to public and back to private transation when users go out to the net - source nat)
(you need to detail any planned incoming unsolicited traffic - destnation nat)
/ip route (perhaps the trickiest part of the setup but basically you have one WAN so its not so bad)
/ip service (as per the link above turn everything off except winbox and ssh and change ssh port to non-standard)
/ip ssh set to strong crypto
/ip DNS (as required/desired)

The terminal selection on winbox is where you can do commands manually.
The most useful one is to see the configuration in text form.
Type
/export hide-sensitive file=nameofyourchoice

After that you go to the FILES selection on the menu and you will see that file there.
Right click and download to your PC and use notepad++ to view.
Chances are you will want to post it in a thread when you wish to see what you have done right and wrong.
Dont forget to delete the file from FILES after you download it.

The other nice thing about the configuration exported is you can modify any part of the text file and then simply paste that bit of revision into TERMINAL and it will add the change to your router

There is tons to learn, take it slow. If you know networking, unlike me, it will go much smoother.
Top
 
haris013
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 80
Joined: Mon Jun 18, 2018 2:13 am

Re: Mikrotik with 1 wan and multiple lan subnets

Tue Jun 19, 2018 4:21 pm

Thank you very much, I will give a try and post further questions if I need.


For now just one question, why nas should go to a bridge and now just a plain lan? What are the benefits of a bridge?

thanks
Top
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19325
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:
Contact anav

Re: Mikrotik with 1 wan and multiple lan subnets

Wed Jun 20, 2018 12:42 am

Damn, why me, I knew he would ask that question.
Hmm because only one bridge can be HW meaning hardware offload - using wire speed of chip when passing packets back and forth between a subnet.
So if your NAS is on the same subnet as other devices heavy with traffic, best to ensure that traffic (layer2) is on a bridge.

I don't know how to apply HW to a plain ethernet interface with its subnet (not on a bridge).

I don't know if there would any advantaged to putting other subnets on a bridge, that would be for experts.......
It seems to be almost a useless construct other than you can put many subnets on a bridge and not have to create address lists for rules just use BRIDGE.
Top
 
haris013
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 80
Joined: Mon Jun 18, 2018 2:13 am

Re: Mikrotik with 1 wan and multiple lan subnets

Sat Jun 30, 2018 11:35 pm

Hello again everyone. After reading a little bit i gave a try to configure my mikrotik. I will paste my config, can you take a look and correct me if i have anything wrong? The plan is to setup the router according my first post. What else do i need to setup in order to run everything smoothly and stable? I have not understood yet how to setup a bridge for the NAS, i am trying to understand the logic behind this setup.
Code: Select all
# jan/02/1970 04:15:16 by RouterOS 6.40.4
# software id = XXXXXX
#
# model = RouterBOARD 750G r3
# serial number = XXXXXXXXX
/interface ethernet
set [ find default-name=ether1 ] name=internet
set [ find default-name=ether2 ] name=localnet-1
set [ find default-name=ether3 ] name=localnet-2
set [ find default-name=ether4 ] name=localnet-3
set [ find default-name=ether5 ] name=localnet-4
/interface pppoe-client
add add-default-route=yes dial-on-demand=yes disabled=no interface=internet \
    keepalive-timeout=60 name=pppoe-out1 user=guest@hol.gr
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=pool-localnet-1 ranges=192.168.1.150-192.168.1.250
add name=pool-localnet-2 ranges=192.168.2.25-192.168.2.250
add name=pool-localnet-3 ranges=192.168.3.50-192.168.3.60
add name=pool-localnet-4 ranges=192.168.4.10-192.168.4.250
/ip dhcp-server
add address-pool=pool-localnet-1 disabled=no interface=localnet-1 name=\
    server-localnet-1
add address-pool=pool-localnet-2 disabled=no interface=localnet-2 name=\
    server-localnet-2
add address-pool=pool-localnet-3 disabled=no interface=localnet-3 name=\
    server-localnet-3
add address-pool=pool-localnet-4 disabled=no interface=localnet-4 name=\
    server-localnet-4
/ip address
add address=192.168.1.1/24 interface=localnet-1 network=192.168.1.0
add address=192.168.2.1/24 interface=localnet-2 network=192.168.2.0
add address=192.168.3.1/24 interface=localnet-3 network=192.168.3.0
add address=192.168.4.1/24 interface=localnet-4 network=192.168.4.0
/ip dhcp-server network
add address=192.168.1.0/24 comment=Localnet-1 dns-server=192.168.1.1 gateway=\
    192.168.1.1
add address=192.168.2.0/24 comment=Localnet-2 dns-server=192.168.2.1 gateway=\
    192.168.2.1
add address=192.168.3.0/24 comment=Localnet-3 dns-server=192.168.3.1 gateway=\
    192.168.3.1
add address=192.168.4.0/24 comment=Localnet-4 dns-server=192.168.4.1 gateway=\
    192.168.4.1
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,1.0.0.1
/ip firewall nat
# pppoe-out1 not ready
add action=masquerade chain=srcnat out-interface=pppoe-out1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh port=26
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Europe/Athens
/system identity
set name=HomeLabRouter
/system ntp client
set enabled=yes server-dns-names=hercules.eim.gr
/system routerboard mode-button
set enabled=no on-event=""
Top
Locked

Who is online

Users browsing this forum: UniCloud, wfburton and 65 guests
  4. RouterOS
  5. Beginner Basics