Community discussions

 
tr00g33k
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 84
Joined: Sun Mar 29, 2015 3:58 pm

VRF overlaping networks, default route in main routing table

Sat Mar 31, 2018 6:08 pm

Hello,

I`am testing MikroTik`s VRF functionality, to see where it can came to good use. I`am trying to achieve following:
-4 VRFs: red, blue, green, black
-red and black VRF with overlaping networks
-All VRFs should access internet through main routing table, at gateway 192.168.24.1 (wlan1 interface)

Everything works if the networks are non overlaping, I create route for example for blue vrf:
dst-address=0.0.0.0/0 gateway=192.168.24.1@main gateway-status=192.168.24.1 on main reachable via  wlan1 distance=1 scope=30 target-scope=10 routing-mark=blue
and route back from routing table to VRF:
dst-address=192.168.20.0/24 gateway=Vlan20-Blue gateway-status=Vlan20-Blue reachable distance=1 scope=30 target-scope=10
How to achieve this for overlapping VRFs black and red, with the same subnet 192.168.10.0/24, if i create route from main routing table back to VRF, how to route both subnets 192.168.10.0/24 back to it`s VRFs.

Scheme:
Image
/interface bridge
add fast-forward=no name=bridge vlan-filtering=yes
/interface wireless
set [ find default-name=wlan2 ] ssid=MikroTik
/interface vlan
add interface=bridge name=Vlan10-Red vlan-id=10
add interface=bridge name=Vlan20-Blue vlan-id=20
add interface=bridge name=Vlan30-Green vlan-id=30
add interface=bridge name=Vlan40-Black vlan-id=40
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" management-protection=allowed mode=dynamic-keys name=profile1 \
    supplicant-identity="" wpa2-pre-shared-key=#201nt3rn3tT3st18#
set [ find default-name=wlan1 ] band=2ghz-b/g/n disabled=no mode=station-pseudobridge security-profile=profile1 ssid=\
    "Internet-Access"
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp_pool0 ranges=192.168.10.2-192.168.10.254
add name=dhcp_pool1 ranges=192.168.20.2-192.168.20.254
add name=dhcp_pool2 ranges=192.168.30.2-192.168.30.254
add name=dhcp_pool3 ranges=192.168.10.2-192.168.10.254
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=Vlan10-Red name=dhcp1
add address-pool=dhcp_pool1 disabled=no interface=Vlan20-Blue name=dhcp2
add address-pool=dhcp_pool2 disabled=no interface=Vlan30-Green name=dhcp3
add address-pool=dhcp_pool3 disabled=no interface=Vlan40-Black name=dhcp4
/interface bridge port
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
add bridge=bridge interface=ether3 pvid=20
add bridge=bridge interface=ether2 pvid=40
add bridge=bridge interface=ether1
/interface bridge vlan
add bridge=bridge tagged=ether1,bridge vlan-ids=10
add bridge=bridge tagged=bridge untagged=ether3 vlan-ids=20
add bridge=bridge vlan-ids=30
add bridge=bridge tagged=bridge,ether1 untagged=ether2 vlan-ids=40
/ip address
add address=192.168.10.1/24 interface=Vlan10-Red network=192.168.10.0
add address=192.168.20.1/24 interface=Vlan20-Blue network=192.168.20.0
add address=192.168.30.1/24 interface=Vlan30-Green network=192.168.30.0
add address=192.168.10.1/24 interface=Vlan40-Black network=192.168.10.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=wlan1
/ip dhcp-server network
add address=192.168.10.0/24 gateway=192.168.10.1
add address=192.168.20.0/24 gateway=192.168.20.1
add address=192.168.30.0/24 gateway=192.168.30.1
/ip dns
set allow-remote-requests=yes
/ip firewall mangle
add action=mark-routing chain=prerouting in-interface=Vlan20-Blue new-routing-mark=blue passthrough=yes
add action=mark-routing chain=prerouting in-interface=Vlan30-Green new-routing-mark=green passthrough=yes
add action=mark-routing chain=prerouting in-interface=Vlan10-Red new-routing-mark=red passthrough=yes
add action=mark-routing chain=prerouting in-interface=Vlan40-Black new-routing-mark=black passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat out-interface=wlan1
/ip route
add distance=1 gateway=192.168.24.1@main routing-mark=red
add distance=1 gateway=192.168.24.1@main routing-mark=blue
add distance=1 gateway=192.168.24.1@main routing-mark=black
add distance=1 dst-address=192.168.10.0/24 gateway=Vlan40-Black
add distance=1 dst-address=192.168.20.0/24 gateway=Vlan20-Blue
/ip route rule
add interface=Vlan10-Red table=main
/ip route vrf
add interfaces=Vlan10-Red routing-mark=red
add interfaces=Vlan20-Blue routing-mark=blue
add interfaces=Vlan30-Green routing-mark=green
add interfaces=Vlan40-Black routing-mark=black
/system clock
set time-zone-name=Europe/Ljubljana
/system logging
add disabled=yes topics=dhcp
[admin@MikroTik] > 
Thanks for your help

Who is online

Users browsing this forum: No registered users and 57 guests