Community discussions

MikroTik App
 
notthetup
just joined
Topic Author
Posts: 1
Joined: Thu Jul 07, 2022 5:03 am

Enabling a secondary subnet on a simple network setup

Thu Jul 07, 2022 5:17 am

Hello folks!

I'm pretty new to Mikrotik and RouterOS. I have a very simple setup. Almost the default config that comes with RouterOS7 on a hEX Lite.

I've a single IP address range `10.30.0.1/24` assigned to the bridge that bridges across all the LAN interfaces (ether2-5).
/interface bridge
add auto-mac=no comment=defconf name=bridge
/ip pool
add name=dhcp-pool ranges=10.30.0.21-10.30.0.254
/ip dhcp-server
add address-pool=dhcp-pool interface=bridge name=dhcp-pool
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
/ip address
add address=10.30.0.1/24 comment="Office Network" interface=bridge network=10.30.0.0
I have a device (an appliance, so I don't get much control over its network settings) that doesn't have a DHCP server, and ONLY can be assigned static IPs in the `192.168.42.0/24` range. This appliance has to be connected to the hEX Lite and other devices on the `10.30.0.0/24` network need to be able to access the appliance.

I understand these requirements are esoteric and break many best practices for setting up networks. Is it possible to configure the hEX Lite/RouterOS to enable this? I tried setting up static routes and firewall rules, but I wasn't able to get anything to work.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Enabling a secondary subnet on a simple network setup  [SOLVED]

Thu Jul 07, 2022 6:31 pm

There's nothing special about it. If it's connected directly to RB, then remove the used port from bridge, assign 192.168.42.1/24 to this port (assuming that the device uses 192.168.42.1 as gateway) and you're almost there, only allow it through firewall if it isn't already. If it's not connected directly and it's behind another switch, then add 192.168.42.1/24 as second address to bridge. If the device doesn't have any default gateway (which would be kind of weird), you'd need to add srcnat rule like:
/ip firewall nat
add chain=srcnat dst-address=192.168.42.X action=masquerade

Who is online

Users browsing this forum: Bing [Bot], Egate, erlinden, InfraErik, johnson73 and 71 guests