Community discussions

MUM Europe 2020
 
Eliminateur
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 96
Joined: Thu Jun 28, 2007 7:38 am

Complex 3-site connection

Thu Jun 28, 2007 8:08 am

Hello,
i'm running my head intoa wall firguring how to make this work:
as you see in the schematic, i have 3 sites, Site A and B have microtik as main routers and site C has a normal hardware router. each site has it's own internet connection.
the goal here is that site C and B need to be bridged and will have the same private address space.
Site A and B need to have routed access, and site A and C don't need to have any kind of access between them(just like the scheme implies).

the wireless part will be handled by separate microtiks.

now the questions is ¿how do i do this?, can i do it with this architecture?.

i was thinking of setting the wlan portion as WDS mesh, as that's the only way to tie the wireless part transparently, but that would not give site C bridge with site B, ¿or i can configure on the same interface on the wireless-microtik two different bridges with different IPs on the ETH side?

int he gateway microtik, can i do a bridge for some IP and routed for others?(so between site C and B i'd have LAN-Wbridge-Gbridge-LAN)

any help is appreciated
You do not have the required permissions to view the files attached to this post.
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6283
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: Complex 3-site connection

Thu Jun 28, 2007 8:48 am

utik B2 uses only wireless connections?
 
Eliminateur
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 96
Joined: Thu Jun 28, 2007 7:38 am

Re: Complex 3-site connection

Thu Jun 28, 2007 1:36 pm

yes, the inner microtiks all are wlan only as they are RB133c-series.
and it's only one antennae for both sites, not separate WLAN cards
 
galaxynet
Long time Member
Long time Member
Posts: 648
Joined: Fri Dec 17, 2004 2:52 pm
Contact:

Re: Complex 3-site connection

Thu Jun 28, 2007 4:39 pm

Eliminateur -
Without a LOT of very finely tuned routes and routing rules I don't believe you can this the way you intend...that being said, my first question is - what is it you are trying to accomplish? You have separate WAN connections for each site, why do you need to bridge/route between B & C and yet still have some kind of connectivity between B & A?

I'd suggest you let us in on what you are trying to do - perhaps someone has a better way to do it - you know, a better mouse trap, or let's not re-invent the wheel.....


Thom
 
Eliminateur
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 96
Joined: Thu Jun 28, 2007 7:38 am

Re: Complex 3-site connection

Thu Jun 28, 2007 6:44 pm

Glaxynet,
site C is my house, site B is a friend's house and site A is my friend's workplace.

since we want 100% transparent function because of lan games and stuff that refuses to work with different address space, we need transparent bridge between mine and his house.

now, he also needs to access his office and viceversa(but i don't) but don't require transparent accesss between him and the office.

Right now the link between him and the office is running just like the schematic, my end is still not built.

Another thing is that either my network or his network must be able to use the internet connection on the other end without reconfiguring routers/gateways(just by pointing each PC to the router of the other end), IMHO that is accomplished inherently by transparent bridging
 
HellMind
Member Candidate
Member Candidate
Posts: 146
Joined: Mon Jun 26, 2006 11:58 pm

Re: Complex 3-site connection

Thu Jun 28, 2007 8:53 pm

:shock: Lan games?
:lol: It's a waste of your and our time!
:lol:
 
NickW
just joined
Posts: 16
Joined: Thu Jun 28, 2007 6:12 pm

Re: Complex 3-site connection

Fri Jun 29, 2007 12:40 pm

B - C bridged. (an EoIP tunnel would work well here)
A - B VPN

Pick a range of addresses to have in B and a range to go in C, set up simple firewall rules that disallow the traffic from C range to go into the VPN.

A 192.168.1.0 /24
B/C 192.168.2.0/24

Use a division like this in the firewall rules, and for assigning addresses in your network.
B 192.168.2.0/25
C 192.168.2.128/25

Disallow 192.168.2.128/25 from accessing the VPN connection.

Shouldn't be that much work..
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6283
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: Complex 3-site connection

Fri Jun 29, 2007 1:02 pm

as i understand, then B2 is AP that all points are connecting to,

if so you can create VirtualAP in your AP and connect to this Virtual AP and be on one network

while you can configure simple routing that your friend can get to his work.
 
Eliminateur
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 96
Joined: Thu Jun 28, 2007 7:38 am

Re: Complex 3-site connection

Fri Jun 29, 2007 2:57 pm

Nickw, yeah, that looks like the solution, the problem is thhe mikrotik gateway behind each wireless bridge, can a dual-bridge be done?(all the wireless utiks will be WDS mesh so the main problem is the mikrotiks behind them), or using EoIP solves that on the B-1 gateway?
 
NickW
just joined
Posts: 16
Joined: Thu Jun 28, 2007 6:12 pm

Re: Complex 3-site connection

Fri Jun 29, 2007 3:46 pm

EoIP by definition, can make a connection between two separate networks allowing them to bridge... so you could jump the whole B2 router, and make an EoIP tunnel which bridges from the internal interface of the B1 router and the internal interface of the C router...

That way you can share the 192.168.2.0/24 subnet (for example)...

I'm not sure exactly how A2 and B2 are configured, but an L2TP VPN from A1 to B1 would be the easiest way to connect the two different LANs in routing. As a plus, it's secure, and runs on IP, you can make firewall rules for it pretty easily.
 
Eliminateur
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 96
Joined: Thu Jun 28, 2007 7:38 am

Re: Complex 3-site connection

Fri Jun 29, 2007 7:46 pm

A2, B2 (and C maybe) will probably be mesh-WDS so that they act like a wire for all purposes and intents.

i wonder if running WDS i can also set a EoIP tunnel on the C mikrotik...

Also, EoIP supports transparent tunneling?(i.e. if i choose 192.168.0.x/24 for both site B and C, will it be able to forward everything?, remember that the PCs on site C WON'T be using the microtik as default gateway).

and if i use EOIP, is there a need to use WDS mesh on the wireless?
 
NickW
just joined
Posts: 16
Joined: Thu Jun 28, 2007 6:12 pm

Re: Complex 3-site connection

Sat Jun 30, 2007 12:39 pm

Think of the EoIP tunnel as a Cat-5 cable.

Who is online

Users browsing this forum: Google [Bot] and 84 guests