Is it possible to put 3 networks down a fiber connection then break them out at the other end? If so how would I do it in non programmers terms. sorry about the quality of the drawing have a broken finger

Sure, that's what VLAN is for:
https://wiki.mikrotik.com/wiki/Manual:B ... _switching

1 address range for cameras 1 for VOIP and the other for internet and hot spots. Thanks not touched VLANS before.

Yes, of course it is possible.
It is called VLANs.
And you even don't need routers for it - managed switches will suffice.

@xvo its an interVLAN network... you need a router to block the L3 communication between VLANs.

How do I block L3 communication between VLANs? This is a new area to me.

How do I block L3 communication between VLANs? This is a new area to me.

With a router...
Here is a nice article about VLANs viewtopic.php?f=13&t=143620&p=760077#p760077

@xvo its an interVLAN network... you need a router to block the L3 communication between VLANs.

EEEhhh, what?

Please, tell me, what will change if you swap the two routers on the scheme above with two managed switches.

In OP nothing is said about interVLAN routing, only about squeezing 3 separate networks through one physical line and keeping them separate.

Nothing was said, unless you see the photo again...
InterVLAN routing
Switch works at OSI layer 2 so it uses only Ethernet header to forward and does not check IP header. For this reason we must use the router that is working as a gateway for each VLAN.
Source: https://wiki.mikrotik.com/wiki/Manual:I ... AN_routing

Nothing was said, unless you see the photo again...

OP said

Is it possible to put 3 networks down a fiber connection then break them out at the other end?

To me this sounds a job for a pair of VLAN switches without any routing capability whatsoever.

Nothing was said, unless you see the photo again...

OP said

Is it possible to put 3 networks down a fiber connection then break them out at the other end?

To me this sounds a job for a pair of VLAN switches without any routing capability whatsoever.

Same for me.

Thanks Zacharias this is well out of my comfort zone looking like I will have to get some one in for this. Got to get 5 miles of fiber put in next I have some boxes ready for deployment so will get 2nd party to set the VPN's up for me, network will be done in stages. Phase 1 completion planned for early April. This will be VOIP server and phones local Internet access and first hot-spot. Along with first batch of security cameras.

Thanks Zacharias this is well out of my comfort zone looking like I will have to get some one in for this

You are welcome... yes that might me better.

This will be VOIP server and phones local Internet access and first hot-spot. Along with first batch of security cameras

I wonder how @xvo and @mkx would isolate those subnets on L2 and L3 with the use of only managed switches...
Am just happy that am a step ahead...

By 1 hour time zone wise

I wonder how @xvo and @mkx would isolate those subnets on L2 and L3 with the use of only managed switches...
Am just happy that am a step ahead...

Each of the networks can have it's own router, for example.

Ahead of what? Common sense?
Yeah, you are right, that's your feature - jumping to conclusions based on your imagination only.
Seen that several times.
No offence, though.

xvo this is a new project out of what I have done before. So looking for some help and constructive comments!

xvo this is a new project out of what I have done before. So looking for some help and constructive comments!

As I wrote from the start - two devices on you picture don't have to be routers.
You can do such link with two managed switches.
And it won't be hard to configure them.
But, that is all that can be said from your picture.

If you want a deeper advice, you can provide more info about your planned network: topology, needed bandwidth, number of devices, etc.
But from your next posts it is clear, that despite the task from your original post can be solved easily, the whole project is quite complex.
So after all, your idea to hire a professional to do it is a right one.
And for him there will be no problem to make your fiber link work the way you described it.

Thanks xvo its just a big learning curve for me as I have always dealt with simple networks this one is a big challenge for me and a lot for me to learn. I am an engineer not a software person wires, wifi and fiber I can understand the programming side of things I struggle with.

Thanks xvo its just a big learning curve for me as I have always dealt with simple networks this one is a big challenge for me and a lot for me to learn. I am an engineer not a software person wires, wifi and fiber I can understand the programming side of things I struggle with.

Bottom line: the answer to your original question is that you definitely can use one optical fiber for multiple isolated networks, that is common practice, and not rocket science at all. So you can safely start "digging trenches" for your line and return to the decision whether you want to "struggle" configuring your network yourself or hire someone to help you somewhen later on your project

yes xvo dig and learn. Thanks

Yeah, you are right, that's your feature - jumping to conclusions based on your imagination only.

You call imagination the fact that i can see with my eyes 3 different subnets on the provided photo ?
Really ?
I ve seen many times as well enginneers not seeing the obvious... no offense too....
since you use VLANs with different subnets in some point of time for some reason you will need a L3 isolation... so yes am a step ahead.. in time zone too...
So i am twice ahead

You call imagination the fact that i can see with my eyes 3 different subnets on the provided photo ?

There is no doubt about 3 different subnets, but this fact does not imply in any way that you need to take any special measures to isolate them from one another if you use VLAN-aware switches instead of routers on the picture. The L3 isolation is automatically provided by the "L2.5" isolation, i.e. the VLANs: as the tagging and untagging is provided by the switches and only one VLAN is permitted on each port except the trunk one facing towards the remote switch, there is no way how the three L3 subnets could talk to each other even if some device connected to one of the access ports was clever enough to handle tagged frames.

In fact, in such a setup you need a router to allow communication between the VLANs, not to block it.

yes am a step ahead.. in time zone too...

I always thought Moscow time was ahead of Athens time (at least during winter).

I am an engineer not a software person wires, wifi and fiber I can understand the programming side of things I struggle with.

@richard_s, for me, "programming" means expressing algorithms (something like if condition then action_x else action_y). Stay assured that you don't need programming in this sense to obtain your goal. Speaking in hardware language, as a frame is being received from the wire via a switch port which is configured as an access one to a VLAN, four bytes (a VLAN tag) get inserted into its header if the destination port isn't an access one to the same VLAN; in the mirror scenario, if the received frame contains a VLAN tag whose VLAN ID part matches the one of the destination port, the four bytes of the tag get removed. So on the cable between the two sites, frames belonging to each VLAN are sent with tags, and on the access port to each VLAN the tags are added/removed so the connected equipment doesn't know anything about their existence. The only difference as compared to three separate cables is that the VLANs share (in other words, compete for) the common bandwidth of the interconnecting link.

If you have a device with at least an 8237 switch chip (when talking about the Mikrotik production), such as hAP ac², you can set it up so that the VLAN tagging and untagging really happened in hardware, so the CPU wouldn't have to touch the frames at all.

In fact, in such a setup you need a router to allow communication between the VLANs, not to block it.

Yup... That right there. If no switch is layer 3 or a router... You are not getting from one subnet to the others.

And like xvo posted...
I see managed switches when I see this diagram.

Yeah, you are right, that's your feature - jumping to conclusions based on your imagination only.

You call imagination the fact that i can see with my eyes 3 different subnets on the provided photo ?
Really ?
I ve seen many times as well enginneers not seeing the obvious... no offense too....
since you use VLANs with different subnets in some point of time for some reason you will need a L3 isolation... so yes am a step ahead.. in time zone too...
So i am twice ahead

Whatever.
You can continue to pretend that you still don't understand in what context me and others are talking about not needing routers in the provided picture.
Obviously you do understand, so I don't see a point to continue arguing about it.

Thanks all for your input I have been looking at it the wrong way (the hard one) it is looking simpler than I thought. Will set up on the bench and get working then deploy.