Community discussions

 
User avatar
laithmikrotik
Member
Member
Topic Author
Posts: 413
Joined: Wed Apr 13, 2011 3:18 pm

How to access 2 routerboards without conflict between them by using vlan

Fri Aug 10, 2018 7:42 pm

hi every one
just see to the image down please.....
I want to /
access RB1 and RB2 through ether1
ether2 never see ether 3 ( RB1 NEVER SEE RB2 )
that mean /
ether1 can see each RB1 + RB2
but RB1 never see RB2-------( RB1 NEVER CONFLICT WITH RB2 )
NOTE/ the ethers 1+2+3 of rb433 are bridged together
i can do the plan above depending on horizon feature in mikrotik system ..but i would like to perform the plan above depending on VLAN ...how can i do that ? which steps i have to do by VLAN ???

with thanks to all

Image
Last edited by laithmikrotik on Sat Aug 11, 2018 9:52 am, edited 4 times in total.
I LIKE MIKROTIK
 
Sob
Forum Guru
Forum Guru
Posts: 3576
Joined: Mon Apr 20, 2009 9:11 pm

Re: How to access 2 routerboards without conflict between them by using vlan

Sat Aug 11, 2018 1:59 am

Few more details would be helpful. Your RB1 and RB2 have completely different subnet each, it's not clear what are other addresses on RB433 and PC, what exactly you do with bridge, what you want to do with vlans, why don't you just keep ether2 and ether3 as separate interfaces with routing and firewall filter bettween them, ...
 
User avatar
laithmikrotik
Member
Member
Topic Author
Posts: 413
Joined: Wed Apr 13, 2011 3:18 pm

Re: How to access 2 routerboards without conflict between them by using vlan

Sat Aug 11, 2018 9:43 am

Few more details would be helpful. Your RB1 and RB2 have completely different subnet each, it's not clear what are other addresses on RB433 and PC, what exactly you do with bridge, what you want to do with vlans, why don't you just keep ether2 and ether3 as separate interfaces with routing and firewall filter bettween them, ...
thank you very much
i changed the image of my post .so as you see
the ip address of rb433 = 10.10.10.1/24 -----the ether1+ether2+ether3 are bridged together
the ip address of RB1 = 10.10.10.2/24
the ip address of RB2 = 10.10.10.3/24
the ip addresss of my pc = 10.10.10.x ( with the samerange of subnet )
i want to access the RB1 and RB2 each through ether1 using my pc
but ----- RB1 NEVER SEE RB2 ..that mean ether2 never see ether3
not/ i succeeded to perform the plan with using HORIZON FEATURE AND BRIDGE PORT FILTERING ...i just asked if i can perform the plan with vlans ???
I LIKE MIKROTIK
 
User avatar
laithmikrotik
Member
Member
Topic Author
Posts: 413
Joined: Wed Apr 13, 2011 3:18 pm

Re: How to access 2 routerboards without conflict between them by using vlan

Sun Aug 12, 2018 10:00 am

this is my rb433 bridge vlan settings....what is the wrong?
/interface bridge
add name=bridge1
/interface vlan
add interface=ether1 name=vlan100 vlan-id=100
add interface=ether2 name=vlan200 vlan-id=200
add interface=ether3 name=vlan300 vlan-id=300

/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=vlan100
add bridge=bridge1 interface=vlan200
add bridge=bridge1 interface=vlan300
/ip address
add address=10.10.10.1/24 interface=bridge1 network=10.10.10.0
I LIKE MIKROTIK
 
Sob
Forum Guru
Forum Guru
Posts: 3576
Joined: Mon Apr 20, 2009 9:11 pm

Re: How to access 2 routerboards without conflict between them by using vlan

Thu Aug 16, 2018 8:03 pm

Quite a lot, I'd say. You're bridging physical interfaces with vlans defined on those exact interfaces. And even all physical interfaces are in same bridge. I can't say for sure what exactly it will do, but it can't be anything good.

About the original question, I currently don't see how to add vlans in any useful way, if you want to keep L2 connectivity between ether1-2 and ether1-3.
 
User avatar
xvo
Member
Member
Posts: 321
Joined: Sat Mar 03, 2018 1:12 am
Location: Moscow, Russia

Re: How to access 2 routerboards without conflict between them by using vlan

Thu Aug 16, 2018 8:48 pm

If you want to have one subnet, everything connected on L2, but not this 2 ports, vlans won't help you to achieve both at the same time.

You can use bridge filter.

...or remove the bridge and use firewall, connecting on L3.

...or use bridge horizon after all :)
Seriously, what's wrong with it?

Or there is yet another possibility:
https://wiki.mikrotik.com/wiki/Manual:S ... _isolation
 
User avatar
laithmikrotik
Member
Member
Topic Author
Posts: 413
Joined: Wed Apr 13, 2011 3:18 pm

Re: How to access 2 routerboards without conflict between them by using vlan

Fri Aug 17, 2018 10:17 am

If you want to have one subnet, everything connected on L2, but not this 2 ports, vlans won't help you to achieve both at the same time.

You can use bridge filter.

...or remove the bridge and use firewall, connecting on L3.

...or use bridge horizon after all :)
Seriously, what's wrong with it?

Or there is yet another possibility:
https://wiki.mikrotik.com/wiki/Manual:S ... _isolation


you are right ....i just asked if i can perform my idea by using VLANS .....so, lets we say that VALN generally is not used to isolate the ports in mikrotik system ???
I LIKE MIKROTIK
 
User avatar
xvo
Member
Member
Posts: 321
Joined: Sat Mar 03, 2018 1:12 am
Location: Moscow, Russia

Re: How to access 2 routerboards without conflict between them by using vlan

Fri Aug 17, 2018 12:03 pm


you are right ....i just asked if i can perform my idea by using VLANS .....so, lets we say that VALN generally is not used to isolate the ports in mikrotik system ???
VLANs are definitely used to isolate parts of the network from each other, and you can configure your router in the way, where each of the ports will be in its own VLAN.
But in your situation it makes no sense - you can achieve the same result simply by removing the bridge.
And that won't be the result described on your drawing.

To achieve exactly what is drawn on your picture use port isolation or bridge filter or bridge horizon.
 
User avatar
laithmikrotik
Member
Member
Topic Author
Posts: 413
Joined: Wed Apr 13, 2011 3:18 pm

Re: How to access 2 routerboards without conflict between them by using vlan

Fri Aug 17, 2018 1:49 pm

If you want to have one subnet, everything connected on L2, but not this 2 ports, vlans won't help you to achieve both at the same time.

You can use bridge filter.

...or remove the bridge and use firewall, connecting on L3.

...or use bridge horizon after all :)
Seriously, what's wrong with it?

Or there is yet another possibility:
https://wiki.mikrotik.com/wiki/Manual:S ... _isolation

last question please ....what do mean by your saying ( remove bridge and use ip firewall connecting on L3 ) ?? i mean how will you do that if you have this drawing idea ??
thanks to all
GOD pless you
I LIKE MIKROTIK
 
User avatar
xvo
Member
Member
Posts: 321
Joined: Sat Mar 03, 2018 1:12 am
Location: Moscow, Russia

Re: How to access 2 routerboards without conflict between them by using vlan

Fri Aug 17, 2018 2:02 pm


last question please ....what do mean by your saying ( remove bridge and use ip firewall connecting on L3 ) ?? i mean how will you do that if you have this drawing idea ??
thanks to all
GOD pless you
This solution also doesn't completely satisfy your initial request (you will end up with 3 different subnets, not one).
I suggested it only because it will have the same result, that your idea with VLANs.

So, to summarise:
1) No bridge: eth2 and eth3 separated, but different subnets. +-
2) VLANs setup: eth2 and eth3 separated, but different subnets. +-
3) Bridge horizon: eth2 and eth3 separated, one subnet. ++
4) Bridge filter: eth2 and eth3 separated, one subnet. ++
5) Port isolation: eth2 and eth3 separated, one subnet. And possibly even hardware offloaded, though I'm not sure. ++(+)

Who is online

Users browsing this forum: No registered users and 55 guests