Community discussions

MikroTik App
 
paulsb
just joined
Topic Author
Posts: 1
Joined: Thu Jan 07, 2021 4:47 am

GW on the other side of a radio-link, radios on bridged LAN

Thu Jan 07, 2021 5:45 am

Reasonably new to the Mikrotik world but hopefully at this stage not entirely clueless!
But I find myself stumped trying to configure to my particular set-up... I need my mikrotik to be the router for the subnet (I want its router functions for VPN and firewall stuff) but my gateway (a cell modem) is on the other side of a transparent-bridge radio link AND I need to be able to talk to the radio's themselves (their management host selves) on the LAN subnet.
So the question is how do I specify the WAN interface when the eth port is also part of the LAN bridge?
Untitled2.jpg
Maybe this is straight-forward and I've just been confusing myself.... is there a VLAN answer perhaps (I'm a vlan noob) which might mean I need a mikrotik over by cell modem to untag (presuming my cell can't natively do vlan stuff)?
The IP of the cell gateway can be whatever... could be on the same lan subnet (but I have a feeling thats a no-no if I'm telling all the clients the gateway is the tik (192.168.99.1) which would then route next hop to the cell on the same subnet) or something else.

Thanks for any insight.
You do not have the required permissions to view the files attached to this post.
 
sindy
Forum Guru
Forum Guru
Posts: 6655
Joined: Mon Dec 04, 2017 9:19 pm

Re: GW on the other side of a radio-link, radios on bridged LAN

Thu Jan 07, 2021 10:00 am

Technically, nothing prevents you from having two unrelated subnets in the same (V)LAN, it just isn't the best current practice.

A nice solution does include VLANs, but you can have the "WAN-side VLAN" as a native one (tagless) on the ether4 of the hEX and on the radios, and the "LAN-side VLAN" may be tagged there if the management interface of the radios can be moved to a VLAN, whereas on the LAN ports of the hEX, the LAN-side VLAN will be the native one (tagless) and the WAN-side one will not be allowed at all on them.

Or yet another nice solution, as you seem to be able to freely assign the cell modem network settings, you may keep ether4 off the bridge (so L2 separated, no VLANs needed), and put the radios' IP addresses to the same subnet like the ether4 and the cell modem's interface. This way, you'll still be able to access the radios' management as the hEX will route it. The only issue is that the radios will not be covered by the firewall on the hEX, so if someone hacks the cell modem, he'll be able to get to the radios from there (the radios' gateway will be ether4, not the cell modem, so they won't answer requests coming from the internet even if they pass through the cell modem).
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.

Who is online

Users browsing this forum: Bing [Bot], jojeguti and 190 guests