Community discussions

MikroTik App
 
User avatar
spr41178
Member Candidate
Member Candidate
Topic Author
Posts: 106
Joined: Tue Apr 01, 2014 11:11 pm
Location: Rhodes - Greece

Connect Two different Subnets

Fri Apr 16, 2021 3:40 pm

Good afternoon.

I have one RB1100 installed at a hotel that is used as a hotspot system for giving access to internet to its clients.
The hotspot range is 172.21.0.0/16

What is needed now is as follows.

On their management side they have a Server and a seperate subnet 192.168.30.0/24 that doesn't have any router installed just a local network for their hotel application and a modem to access internet from their ISP.

They now want to pass through the access points that give internet to the customers an application that will communicate from the hotspot antennas to their local network.
The app will be installed on tablets that have to somehow pass from the hotspot range to the management range and communicate with each other.

Is this possible? To link the 172.21.0.0/16 with the 192.168.30.0/24 external range?

If so can you show me an example of how to do it please?

Thanks in advance.
When you reach the end of your rope, tie a knot and hang on.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 8404
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Connect Two different Subnets

Fri Apr 16, 2021 10:29 pm

Please give me the name of the hotel, I wish to be paid directly.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
User avatar
Znevna
Member
Member
Posts: 345
Joined: Mon Sep 23, 2019 1:04 pm

Re: Connect Two different Subnets

Fri Apr 16, 2021 11:30 pm

I'm sure @mozerd could fix this if he could read labels.
MTKEK Certified by IRC
 
JelleM
just joined
Posts: 10
Joined: Fri Aug 31, 2018 1:33 pm

Re: Connect Two different Subnets

Sat Apr 17, 2021 2:44 pm

So these are completely separate network? If so you are going to have to create a link (cable) between the management network and the RB1100. Add a dhcp client on the interface, configure src-nat masquerade and allow traffic from 172.21.0.0/16 to the server IP and back. Be very careful to not give the entire hotspot range access to the management network though. Also make sure that you do that on non-bridge interfaces, if you link them with a bridge you get some nasty DHCP conflicts probably. Better idea would be to just add a port on that server and link that to your 172.21.0.0/16 hotspot network if the server supports that.
 
User avatar
spr41178
Member Candidate
Member Candidate
Topic Author
Posts: 106
Joined: Tue Apr 01, 2014 11:11 pm
Location: Rhodes - Greece

Re: Connect Two different Subnets

Sat Apr 17, 2021 3:51 pm

So these are completely separate network? If so you are going to have to create a link (cable) between the management network and the RB1100. Add a dhcp client on the interface, configure src-nat masquerade and allow traffic from 172.21.0.0/16 to the server IP and back. Be very careful to not give the entire hotspot range access to the management network though. Also make sure that you do that on non-bridge interfaces, if you link them with a bridge you get some nasty DHCP conflicts probably. Better idea would be to just add a port on that server and link that to your 172.21.0.0/16 hotspot network if the server supports that.
Thank you for the time and effort to answer me.

Before reading your answer I did set up three RB951's in my house and implemented what it would be like to follow that scenario of what i mention above.

One 951 as an access point, the other as the rb1100 and the 3rd as a seperate network that i want to link to.
It worked fine for me linking ports not bridged of course and i see the 3rd subnet from the access point.

I also implemented VLANS with VirtualAP to seperate the Guest WiFi from the Tablet WiFi.

Thanks again
When you reach the end of your rope, tie a knot and hang on.
 
User avatar
spr41178
Member Candidate
Member Candidate
Topic Author
Posts: 106
Joined: Tue Apr 01, 2014 11:11 pm
Location: Rhodes - Greece

Re: Connect Two different Subnets

Sat May 15, 2021 12:53 pm

@JelleM Sorry to bother you again but i am facing an issue.

Will explain what i did and if you can tell me what is wrong i will appreciate it.

I took a link cable and added it on a free interface on the rb1100 lets say ether10 which is on its own and not bridged with the hotspot network
I added a free address from the seperate network range ie 192.168.30.80/24 on ether10
I used srcnat masquerade ether10.

the rb 1100 has a range of 172.21.0.0/16 which is a hotspot and 192.168.100.0/24 as a vlan address pool for the access points.

From the rb 1100 and its access points i can ping 192.168.30.0/24 but not the other way around 192.168.30.0/24 can't ping 172.21.0.0/16 nor 192.168.100.0/24

I haven't added a dhcp server as you say on ether10 as the other network has its own dhcp server coming from the isp router.
I haven't added any other firewall rules or routes. Maybe a route is missing?
The only access i have available is the rb1100 i can't alter anything on the management network.
Thanks in advance
When you reach the end of your rope, tie a knot and hang on.
 
JelleM
just joined
Posts: 10
Joined: Fri Aug 31, 2018 1:33 pm

Re: Connect Two different Subnets

Fri May 21, 2021 3:17 pm

Well yeah, you can't directly reach the addresses of the hotspot clients and accesspoints from the management network due to the masquerade (and it will not work without masquerade as the management network has no route back for your subnets). You stated that you wanted the hotspot clients to reach a specific server on the management network, and that they should be able to do now (the replies come back as they are tracked by the NAT). So basically the management network can REPLY to client connections but cannot INITIATE connections to hotspot clients (sort of like how it works with internet access. A random webserver cannot directly access your pc behind NAT either.)

Do not forget to add a firewall to only allow traffic to the specific server in the management network! Without any other rules your entire management network is reachable by hotspot clients.
 
shafiqrahman
Frequent Visitor
Frequent Visitor
Posts: 85
Joined: Wed Apr 12, 2017 1:42 am

Re: Connect Two different Subnets

Sat May 22, 2021 8:16 pm

Please give me the name of the hotel, I wish to be paid directly.
Nice one :))
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 8404
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Connect Two different Subnets

Sat May 22, 2021 11:46 pm

Please give me the name of the hotel, I wish to be paid directly.
Nice one :))
I was serious LOL,
Go through all the posts from this chap.
He is being paid to do work clearly and yet doesnt want to pay someone for their expertise, or do the proper thing
of taking courses, getting books and being actually accredited to actually profess to be competent, so my fuse is short.
If I had clients, I wouldn't ask for advice on so many threads, I would hire a consultant with such a load of unresolved knowledge.
Business is business, I am just a homeowner trying to help other homeowners ............... and barely qualified to do that, other than I have tripped over my mikrotik laces enough times, which I think gives me some modicum of experience worthy of warning others not to trip too..........
Last edited by anav on Sun May 23, 2021 2:29 am, edited 1 time in total.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
shafiqrahman
Frequent Visitor
Frequent Visitor
Posts: 85
Joined: Wed Apr 12, 2017 1:42 am

Re: Connect Two different Subnets

Sun May 23, 2021 12:28 am

Please give me the name of the hotel, I wish to be paid directly.
Nice one :))
I was serious LOL,
Go through all the posts from this chap.
He is being paid to do work clearly and yet doesnt want to pay someone for their expertise, or do the proper thing
of taking courses, getting books and being properly accredited to actually profess to be competent, so my fuse is short.
If I had clients, I wouldn't ask for advice on so many threads, I would hire a consultant with such a load of unresolved knowledge.
Business is business, I am just a homeowner trying to help other homeowners ............... and barely qualified to do that, other than I have tripped over my mikrotik laces enough times, which I think gives me some modicum of experience worthy of warning others not to trip too..........
Nicely said, I couldn't agree more.

Who is online

Users browsing this forum: Bing [Bot], Google [Bot], nichky and 219 guests