Community discussions

MUM Europe 2020
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 84
Joined: Sun Mar 29, 2015 3:58 pm

VRF overlaping networks, default route in main routing table

Sat Mar 31, 2018 6:08 pm


I`am testing MikroTik`s VRF functionality, to see where it can came to good use. I`am trying to achieve following:
-4 VRFs: red, blue, green, black
-red and black VRF with overlaping networks
-All VRFs should access internet through main routing table, at gateway (wlan1 interface)

Everything works if the networks are non overlaping, I create route for example for blue vrf:
dst-address= gateway= gateway-status= on main reachable via  wlan1 distance=1 scope=30 target-scope=10 routing-mark=blue
and route back from routing table to VRF:
dst-address= gateway=Vlan20-Blue gateway-status=Vlan20-Blue reachable distance=1 scope=30 target-scope=10
How to achieve this for overlapping VRFs black and red, with the same subnet, if i create route from main routing table back to VRF, how to route both subnets back to it`s VRFs.

/interface bridge
add fast-forward=no name=bridge vlan-filtering=yes
/interface wireless
set [ find default-name=wlan2 ] ssid=MikroTik
/interface vlan
add interface=bridge name=Vlan10-Red vlan-id=10
add interface=bridge name=Vlan20-Blue vlan-id=20
add interface=bridge name=Vlan30-Green vlan-id=30
add interface=bridge name=Vlan40-Black vlan-id=40
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" management-protection=allowed mode=dynamic-keys name=profile1 \
    supplicant-identity="" wpa2-pre-shared-key=#201nt3rn3tT3st18#
set [ find default-name=wlan1 ] band=2ghz-b/g/n disabled=no mode=station-pseudobridge security-profile=profile1 ssid=\
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp_pool0 ranges=
add name=dhcp_pool1 ranges=
add name=dhcp_pool2 ranges=
add name=dhcp_pool3 ranges=
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=Vlan10-Red name=dhcp1
add address-pool=dhcp_pool1 disabled=no interface=Vlan20-Blue name=dhcp2
add address-pool=dhcp_pool2 disabled=no interface=Vlan30-Green name=dhcp3
add address-pool=dhcp_pool3 disabled=no interface=Vlan40-Black name=dhcp4
/interface bridge port
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
add bridge=bridge interface=ether3 pvid=20
add bridge=bridge interface=ether2 pvid=40
add bridge=bridge interface=ether1
/interface bridge vlan
add bridge=bridge tagged=ether1,bridge vlan-ids=10
add bridge=bridge tagged=bridge untagged=ether3 vlan-ids=20
add bridge=bridge vlan-ids=30
add bridge=bridge tagged=bridge,ether1 untagged=ether2 vlan-ids=40
/ip address
add address= interface=Vlan10-Red network=
add address= interface=Vlan20-Blue network=
add address= interface=Vlan30-Green network=
add address= interface=Vlan40-Black network=
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=wlan1
/ip dhcp-server network
add address= gateway=
add address= gateway=
add address= gateway=
/ip dns
set allow-remote-requests=yes
/ip firewall mangle
add action=mark-routing chain=prerouting in-interface=Vlan20-Blue new-routing-mark=blue passthrough=yes
add action=mark-routing chain=prerouting in-interface=Vlan30-Green new-routing-mark=green passthrough=yes
add action=mark-routing chain=prerouting in-interface=Vlan10-Red new-routing-mark=red passthrough=yes
add action=mark-routing chain=prerouting in-interface=Vlan40-Black new-routing-mark=black passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat out-interface=wlan1
/ip route
add distance=1 gateway= routing-mark=red
add distance=1 gateway= routing-mark=blue
add distance=1 gateway= routing-mark=black
add distance=1 dst-address= gateway=Vlan40-Black
add distance=1 dst-address= gateway=Vlan20-Blue
/ip route rule
add interface=Vlan10-Red table=main
/ip route vrf
add interfaces=Vlan10-Red routing-mark=red
add interfaces=Vlan20-Blue routing-mark=blue
add interfaces=Vlan30-Green routing-mark=green
add interfaces=Vlan40-Black routing-mark=black
/system clock
set time-zone-name=Europe/Ljubljana
/system logging
add disabled=yes topics=dhcp
[admin@MikroTik] > 
Thanks for your help

Who is online

Users browsing this forum: bpwl, MSN [Bot], samoring, Zetera and 120 guests