Community discussions

MikroTik App
 
MasterWayZ
just joined
Topic Author
Posts: 2
Joined: Mon Apr 25, 2022 10:16 pm

How to set up a passthrough of the WAN network to a VLAN on the LAN side

Mon Apr 25, 2022 10:22 pm

I currently own a MikroTik RB3011UiAS-RM.

This is my current set up on the switch:

ether1 = WAN
ether2-10 and sfp1 (bridge) = LAN

Only ether1 (WAN) and ether2 (LAN) are in use. Soon this will be ether1 (WAN) and sfp1 (LAN).

What I would like to is have the WAN network available on a tagged VLAN on the LAN bridge side, such as VLAN 4050. So that this way when a device on the LAN side is set to this VLAN, that they can access the network the WAN port is plugged into.

Is this possible and if yes, how can this be done?
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: How to set up a passthrough of the WAN network to a VLAN on the LAN side

Tue Apr 26, 2022 2:39 am

Your explanation is lacking.......... do you want the vlan to be assigned a public IP address?
Or you simple want users on that vlan to be able to access the internet.??
 
MasterWayZ
just joined
Topic Author
Posts: 2
Joined: Mon Apr 25, 2022 10:16 pm

Re: How to set up a passthrough of the WAN network to a VLAN on the LAN side

Tue Apr 26, 2022 12:59 pm

Your explanation is lacking.......... do you want the vlan to be assigned a public IP address?
Or you simple want users on that vlan to be able to access the internet.??
My bad. I'd like systems on this VLAN to be able to access the WAN network directly, so each system could set its own static public IP address, no features from the router other than passing through traffic.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: How to set up a passthrough of the WAN network to a VLAN on the LAN side

Tue Apr 26, 2022 3:42 pm

Best way IMO would be to convert your current WAN+LAN setup to all-VLAN setup. So you would add all ports (including current WAN port to same bridge and use one VLAN for WAN and another VLAN for LAN. Your current WAN port (ether1) would be access port for WAN VLAN, some ports would be access ports for LAN VLAN or WAN VLAN or trunk ports for both VLANs ... all of this very much depends on how your LAN infrastructure looks like (any smart switches, where do various devices connect, etc.).

If you don't know how to do VLANs, here's tutorial. Setup will work, but suboptimal on your hardware since explained setup runs entirely on CPU. You could setup similar config using switch chip VLAN handling, it's slightly more complex and easier to lock self out of device. You can start off using bridge config and later convert it to switch chip if the perfornance will not be satisfactory.

If other LAN infrastructure doesn't require trunk ports (because RB is only switch and all devices connect directly or intended WAN devices connect either directly or to dedicated switch), then you can go with two bridges, one for WAN and another for LAN. A gotcha: one switch chip can only offload single bridge, your RB has two switch chips (one running ports ether1-ether5, the other running ether6-ether10), so you should group ports carefully. If you want to use RB ad firewall also for WAN devices, those ports can't be offloaded anyway so you can even go with a software-run bridge (if traffic between the WAN devices won't be huge).

If there's a switch for WAN devices, then you can connect it between ISP and RB. This setup completely bypasses RB for other WAN devices, so RB's firewall won't protect them.
 
rkullolli
just joined
Posts: 3
Joined: Tue Jan 17, 2023 11:22 am

Re: How to set up a passthrough of the WAN network to a VLAN on the LAN side

Tue Jan 17, 2023 4:17 pm

Hi MasterWayZ,

I am on the same situation with this setup. Did you found any solution?
This is my current set up on the router: rb750
ether1 = WAN
ether2-5 (bridge1) = LAN

while dhcp, gateway and scnat for clients is at bridge1 I want to add a vlan x on all ether 2-5 ports to extend the WAN subnet over this vlan. (so this means ether2-5 ports will be hybrid).

So all clients get the dhcp and access internet on untagged native vlan 1
and special clients get the ip on wan address range via tagged vlan x

so far I have tried multiple combination with vlan on ether1 and include to the bridge1. vlan on bridge1 and second bridge2 with ether1 but its not working.

thanks,
robert

Who is online

Users browsing this forum: Bing [Bot] and 85 guests