Community discussions

MUM Europe 2020
 
richard_s
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 61
Joined: Wed Nov 07, 2007 3:24 pm

is this possible

Fri Nov 29, 2019 9:42 pm

Is it possible to put 3 networks down a fiber connection then break them out at the other end? If so how would I do it in non programmers terms. sorry about the quality of the drawing have a broken finger :shock:
3 into 1.jpg
You do not have the required permissions to view the files attached to this post.
 
User avatar
eworm
Member
Member
Posts: 425
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: is this possible

Fri Nov 29, 2019 9:58 pm

Manage RouterOS scripts and extend your devices' functionality: RouterOS Scripts
 
richard_s
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 61
Joined: Wed Nov 07, 2007 3:24 pm

Re: is this possible

Fri Nov 29, 2019 10:01 pm

1 address range for cameras 1 for VOIP and the other for internet and hot spots. Thanks not touched VLANS before.
 
User avatar
xvo
Long time Member
Long time Member
Posts: 631
Joined: Sat Mar 03, 2018 1:12 am
Location: Moscow, Russia

Re: is this possible

Fri Nov 29, 2019 10:04 pm

Yes, of course it is possible.
It is called VLANs.
And you even don't need routers for it - managed switches will suffice.
 
Zacharias
Forum Guru
Forum Guru
Posts: 1083
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: is this possible

Fri Nov 29, 2019 10:24 pm

@xvo its an interVLAN network... you need a router to block the L3 communication between VLANs.
 
richard_s
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 61
Joined: Wed Nov 07, 2007 3:24 pm

Re: is this possible

Fri Nov 29, 2019 10:26 pm

How do I block L3 communication between VLANs? This is a new area to me.
 
Zacharias
Forum Guru
Forum Guru
Posts: 1083
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: is this possible

Fri Nov 29, 2019 10:32 pm

How do I block L3 communication between VLANs? This is a new area to me.
With a router...
Here is a nice article about VLANs viewtopic.php?f=13&t=143620&p=760077#p760077
 
User avatar
xvo
Long time Member
Long time Member
Posts: 631
Joined: Sat Mar 03, 2018 1:12 am
Location: Moscow, Russia

Re: is this possible

Fri Nov 29, 2019 10:36 pm

@xvo its an interVLAN network... you need a router to block the L3 communication between VLANs.
EEEhhh, what? :shock:

Please, tell me, what will change if you swap the two routers on the scheme above with two managed switches.

In OP nothing is said about interVLAN routing, only about squeezing 3 separate networks through one physical line and keeping them separate.
 
Zacharias
Forum Guru
Forum Guru
Posts: 1083
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: is this possible

Fri Nov 29, 2019 10:39 pm

Nothing was said, unless you see the photo again...
InterVLAN routing
Switch works at OSI layer 2 so it uses only Ethernet header to forward and does not check IP header. For this reason we must use the router that is working as a gateway for each VLAN.
Source: https://wiki.mikrotik.com/wiki/Manual:I ... AN_routing
 
mkx
Forum Guru
Forum Guru
Posts: 3350
Joined: Thu Mar 03, 2016 10:23 pm

Re: is this possible

Fri Nov 29, 2019 10:44 pm

Nothing was said, unless you see the photo again...


OP said
Is it possible to put 3 networks down a fiber connection then break them out at the other end?
To me this sounds a job for a pair of VLAN switches without any routing capability whatsoever.
BR,
Metod
 
User avatar
xvo
Long time Member
Long time Member
Posts: 631
Joined: Sat Mar 03, 2018 1:12 am
Location: Moscow, Russia

Re: is this possible

Fri Nov 29, 2019 10:45 pm

Nothing was said, unless you see the photo again...


OP said
Is it possible to put 3 networks down a fiber connection then break them out at the other end?
To me this sounds a job for a pair of VLAN switches without any routing capability whatsoever.
Same for me.
 
richard_s
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 61
Joined: Wed Nov 07, 2007 3:24 pm

Re: is this possible

Fri Nov 29, 2019 10:51 pm

Thanks Zacharias this is well out of my comfort zone looking like I will have to get some one in for this. Got to get 5 miles of fiber put in next I have some boxes ready for deployment so will get 2nd party to set the VPN's up for me, network will be done in stages. Phase 1 completion planned for early April. This will be VOIP server and phones local Internet access and first hot-spot. Along with first batch of security cameras.
 
Zacharias
Forum Guru
Forum Guru
Posts: 1083
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: is this possible

Fri Nov 29, 2019 11:00 pm

Thanks Zacharias this is well out of my comfort zone looking like I will have to get some one in for this
You are welcome... yes that might me better.
This will be VOIP server and phones local Internet access and first hot-spot. Along with first batch of security cameras
I wonder how @xvo and @mkx would isolate those subnets on L2 and L3 with the use of only managed switches...
Am just happy that am a step ahead... :lol:
 
richard_s
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 61
Joined: Wed Nov 07, 2007 3:24 pm

Re: is this possible

Fri Nov 29, 2019 11:10 pm

By 1 hour time zone wise :lol:
 
User avatar
xvo
Long time Member
Long time Member
Posts: 631
Joined: Sat Mar 03, 2018 1:12 am
Location: Moscow, Russia

Re: is this possible

Fri Nov 29, 2019 11:11 pm

I wonder how @xvo and @mkx would isolate those subnets on L2 and L3 with the use of only managed switches...
Am just happy that am a step ahead... :lol:
Each of the networks can have it's own router, for example.

Ahead of what? Common sense? :lol:
Yeah, you are right, that's your feature - jumping to conclusions based on your imagination only.
Seen that several times.
No offence, though. :wink:
 
richard_s
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 61
Joined: Wed Nov 07, 2007 3:24 pm

Re: is this possible

Fri Nov 29, 2019 11:52 pm

xvo this is a new project out of what I have done before. So looking for some help and constructive comments!
 
User avatar
xvo
Long time Member
Long time Member
Posts: 631
Joined: Sat Mar 03, 2018 1:12 am
Location: Moscow, Russia

Re: is this possible

Sat Nov 30, 2019 12:07 am

xvo this is a new project out of what I have done before. So looking for some help and constructive comments!
As I wrote from the start - two devices on you picture don't have to be routers.
You can do such link with two managed switches.
And it won't be hard to configure them.
But, that is all that can be said from your picture.

If you want a deeper advice, you can provide more info about your planned network: topology, needed bandwidth, number of devices, etc.
But from your next posts it is clear, that despite the task from your original post can be solved easily, the whole project is quite complex.
So after all, your idea to hire a professional to do it is a right one.
And for him there will be no problem to make your fiber link work the way you described it.
 
richard_s
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 61
Joined: Wed Nov 07, 2007 3:24 pm

Re: is this possible

Sat Nov 30, 2019 12:18 am

Thanks xvo its just a big learning curve for me as I have always dealt with simple networks this one is a big challenge for me and a lot for me to learn. I am an engineer not a software person wires, wifi and fiber I can understand the programming side of things I struggle with.
 
User avatar
xvo
Long time Member
Long time Member
Posts: 631
Joined: Sat Mar 03, 2018 1:12 am
Location: Moscow, Russia

Re: is this possible

Sat Nov 30, 2019 12:41 am

Thanks xvo its just a big learning curve for me as I have always dealt with simple networks this one is a big challenge for me and a lot for me to learn. I am an engineer not a software person wires, wifi and fiber I can understand the programming side of things I struggle with.
Bottom line: the answer to your original question is that you definitely can use one optical fiber for multiple isolated networks, that is common practice, and not rocket science at all. So you can safely start "digging trenches" for your line and return to the decision whether you want to "struggle" configuring your network yourself or hire someone to help you somewhen later on your project :)
 
richard_s
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 61
Joined: Wed Nov 07, 2007 3:24 pm

Re: is this possible

Sat Nov 30, 2019 12:44 am

yes xvo dig and learn. Thanks
 
Zacharias
Forum Guru
Forum Guru
Posts: 1083
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: is this possible

Sat Nov 30, 2019 1:32 pm

Yeah, you are right, that's your feature - jumping to conclusions based on your imagination only.
You call imagination the fact that i can see with my eyes 3 different subnets on the provided photo ?
Really ? :lol:
I ve seen many times as well enginneers not seeing the obvious... no offense too....
since you use VLANs with different subnets in some point of time for some reason you will need a L3 isolation... so yes am a step ahead.. in time zone too...
So i am twice ahead :lol:
 
sindy
Forum Guru
Forum Guru
Posts: 4193
Joined: Mon Dec 04, 2017 9:19 pm

Re: is this possible

Sat Nov 30, 2019 2:24 pm

You call imagination the fact that i can see with my eyes 3 different subnets on the provided photo ?
There is no doubt about 3 different subnets, but this fact does not imply in any way that you need to take any special measures to isolate them from one another if you use VLAN-aware switches instead of routers on the picture. The L3 isolation is automatically provided by the "L2.5" isolation, i.e. the VLANs: as the tagging and untagging is provided by the switches and only one VLAN is permitted on each port except the trunk one facing towards the remote switch, there is no way how the three L3 subnets could talk to each other even if some device connected to one of the access ports was clever enough to handle tagged frames.

In fact, in such a setup you need a router to allow communication between the VLANs, not to block it.

yes am a step ahead.. in time zone too...
I always thought Moscow time was ahead of Athens time (at least during winter).
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
sindy
Forum Guru
Forum Guru
Posts: 4193
Joined: Mon Dec 04, 2017 9:19 pm

Re: is this possible

Sat Nov 30, 2019 2:50 pm

I am an engineer not a software person wires, wifi and fiber I can understand the programming side of things I struggle with.
@richard_s, for me, "programming" means expressing algorithms (something like if condition then action_x else action_y). Stay assured that you don't need programming in this sense to obtain your goal. Speaking in hardware language, as a frame is being received from the wire via a switch port which is configured as an access one to a VLAN, four bytes (a VLAN tag) get inserted into its header if the destination port isn't an access one to the same VLAN; in the mirror scenario, if the received frame contains a VLAN tag whose VLAN ID part matches the one of the destination port, the four bytes of the tag get removed. So on the cable between the two sites, frames belonging to each VLAN are sent with tags, and on the access port to each VLAN the tags are added/removed so the connected equipment doesn't know anything about their existence. The only difference as compared to three separate cables is that the VLANs share (in other words, compete for) the common bandwidth of the interconnecting link.

If you have a device with at least an 8237 switch chip (when talking about the Mikrotik production), such as hAP ac², you can set it up so that the VLAN tagging and untagging really happened in hardware, so the CPU wouldn't have to touch the frames at all.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
gotsprings
Forum Veteran
Forum Veteran
Posts: 802
Joined: Mon May 14, 2012 9:30 pm

Re: is this possible

Sat Nov 30, 2019 3:02 pm


In fact, in such a setup you need a router to allow communication between the VLANs, not to block it.
Yup... That right there. If no switch is layer 3 or a router... You are not getting from one subnet to the others.

And like xvo posted...
I see managed switches when I see this diagram.
"It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so."
Mark Twain
 
User avatar
xvo
Long time Member
Long time Member
Posts: 631
Joined: Sat Mar 03, 2018 1:12 am
Location: Moscow, Russia

Re: is this possible

Sat Nov 30, 2019 3:24 pm

Yeah, you are right, that's your feature - jumping to conclusions based on your imagination only.
You call imagination the fact that i can see with my eyes 3 different subnets on the provided photo ?
Really ? :lol:
I ve seen many times as well enginneers not seeing the obvious... no offense too....
since you use VLANs with different subnets in some point of time for some reason you will need a L3 isolation... so yes am a step ahead.. in time zone too...
So i am twice ahead :lol:
Whatever.
You can continue to pretend that you still don't understand in what context me and others are talking about not needing routers in the provided picture.
Obviously you do understand, so I don't see a point to continue arguing about it.
 
richard_s
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 61
Joined: Wed Nov 07, 2007 3:24 pm

Re: is this possible

Sat Nov 30, 2019 3:31 pm

Thanks all for your input I have been looking at it the wrong way (the hard one) it is looking simpler than I thought. Will set up on the bench and get working then deploy.

Who is online

Users browsing this forum: Google [Bot], MSN [Bot] and 57 guests