Is it possible to manage two LAN having each the same IP subnet both containing machines with same ip address ?



I would say NO, but I'm not aware if Ros has some obscure feature......
I could use netmap to addressing two different subnet , but how to know on wich target machines ?

Why?

Why not? It's of course better to not have something like this, but if it already happened and it's not possible to change it...

Netmap with some virtual subnets is good first step. Next one would be two routing tables, one for each subnet on different interfaces. And finally mangle rules in prerouting to choose the right routing table based on which virtual subnet is destination.

Sob, How can I define a virtual subnet to the real one and routing through the right interface ?
I suppose each ethernet has not to be configured with an ip address...

Why?

So Sob can show off his MT networking skills

Simple example showing how to set up access from outside:

First some addresses (*):
Routes in two different routing tables:
Mangle rules (packets to virtual 192.168.91.x will get "net1" routing mark, and packets to virtual 192.168.92.x will get "net2" routing mark):
Map virtual networks to real ones:
Small fix for when this router is not default gateway for both networks:
(*) Same address and network on two interfaces like this is of course wrong. For this example, it could be maybe a little less wrong with /32 netmask.

This example also shows only the basic idea, the RB won't work as default gateway for both subnets. It could, but it would require additional connection marking. But since I don't know how exactly is everything connected, I won't bother with that now.

I didn't know more interfaces can be configured with the same ip address and subnet , I thought this would mess up things.

It happens, rarely, but happens, you find a place having the same addressing i.e. for PC and for ip cameras or ip telephony, completely separated , each with its own switch (sometimes ip cameras network stand-alone without a router) and you're asked for managing both remtely......

Surely I'll give it a try !

I thought it was clear that it does mess things up. The fact that to some extent it's possible to make it work doesn't change that it's wrong. If it's at all possible, the config should be changed into something clean, i.e. either join the networks correctly, or renumber some.

No, wait, I haven't undesrtood if two eth with the same ip address and class on the same routerboard is IMPOSSIBLE (don't work) or is WRONG (but works because of using interface names and routing marks).

Each LAN has it own gateway (not the routerboard).

Only way to do this without messing things up, is to use a VRF

Hi there,

I'm currently researching a very similar solution for a setup where I have:
- a single CCR acting as main and unique router for a whole plant (ROS 7.14.2) configured with VLANs under bridge
- one CRS switch connected to the CCR (via trunk port) and also to other (18) "dev" subnets with identical topology (each subnet/vlan has 192.168.1.0/24 overlapping range)
- such subnets cannot change IP range and have a few devices that have static IPs (which may also be identical from one subnet to the other). These subnets do not need to reach internet or the mgmt vlan
- mgmt vlan must be able to reach all devices in the dev subnets / vlan with a unique IP such as:
-> A PC in the mgmt vlan (say 10.2.0.0/24) should be able to reach a PC (device IP is 192.168.1.10/24) in dev1 vlan via 10.2.1.10
-> A PC in the mgmt vlan should be able to reach a second PC (device IP is 192.168.1.10/24) in dev2 vlan via 10.2.2.10, and so on.

I understand the solution lies in a mix of mangle and netmap dstnat + possibly the use of VRFs but I fail to grasp the full setup.

Can you please assist with this setup? For sake of simplicity we might skip the VLAN (with additional switch part) and focus on a simpler solution based on the diagram at the beginning of the post.

Thank you in advance.

UPDATE: found a working solution: here.