Community discussions

MikroTik App
 
Konrad
just joined
Topic Author
Posts: 18
Joined: Wed Feb 01, 2017 10:01 pm

LAN over VLAN via WAN - two routers

Sun Nov 06, 2022 1:04 pm

Hello,
I have a situation in which I could be able to create LAN between my server and my home office by VLANs.
Generally, I need it to have access to my home NAS to do the backups from containers (server),
best way will be if my PC will see all of the containers and the whole server, so it will be LANs via VLANs.
My ISP told me it is possible to do it with VLANs, I never use VLANs before.
Both routers (home and server) see gateways (ISP) for each other probably it is the same device.
Image: https://ibb.co/K7G4JNb
 
sindy
Forum Guru
Forum Guru
Posts: 9899
Joined: Mon Dec 04, 2017 9:19 pm

Re: LAN over VLAN via WAN - two routers

Sun Nov 06, 2022 1:56 pm

I'm not sure I understand how ISP is related here unless you have the same ISP at home and where the server is and that ISP is willing to configure VLANs for you to link the two locations. And even if they did, your traffic would flow through someone else's network in plaintext.

Unless you really need L2 transparency between the server site and your home office site, a single encrypted L3 tunnel with routing and some firewall rules is a better approach (you separate the devices into distinct subnets and VLANs at each end but all the traffic shares the same L3 tunnel between the sites). But if you absolutely need L2 transparency, you can use the L3 tunnel to deliver transport packets of EoIP or, in RouterOS 7, VxLAN. You can also use BCP if you only need to tunnel a single VLAN of if you don't need to tag/untag the frames - BCP is not compatible with vlan-filtering on the bridge.
 
Konrad
just joined
Topic Author
Posts: 18
Joined: Wed Feb 01, 2017 10:01 pm

Re: LAN over VLAN via WAN - two routers

Sun Nov 06, 2022 2:16 pm

I'm not sure I understand how ISP is related here unless you have the same ISP at home and where the server is and that ISP is willing to configure VLANs for you to link the two locations. And even if they did, your traffic would flow through someone else's network in plaintext.
Yes Indeed the ISP is the same for my home and my basement so I have 2 links from the same ISP but with different IPs, for the basement, I'm using public IP, and for the home internal. But both are provided by one ISP.
Unless you really need L2 transparency between the server site and your home office site, a single encrypted L3 tunnel with routing and some firewall rules is a better approach (you separate the devices into distinct subnets and VLANs at each end but all the traffic shares the same L3 tunnel between the sites). But if you absolutely need L2 transparency, you can use the L3 tunnel to deliver transport packets of EoIP or, in RouterOS 7, VxLAN. You can also use BCP if you only need to tunnel a single VLAN of if you don't need to tag/untag the frames - BCP is not compatible with vlan-filtering on the bridge.
I don't need an encrypted connection internally all of my stuff is going via SSH, HTTPS, etc.
 
sindy
Forum Guru
Forum Guru
Posts: 9899
Joined: Mon Dec 04, 2017 9:19 pm

Re: LAN over VLAN via WAN - two routers

Sun Nov 06, 2022 3:22 pm

Yes Indeed the ISP is the same for my home and my basement so I have 2 links from the same ISP but with different IPs, for the basement, I'm using public IP, and for the home internal. But both are provided by one ISP.
Ah, it wasn't obvious from the description (althoung the mentioning of the gateway being the same device for both uplinks should have rung a bell). So if the ISP is ready to bridge some VLANs between your two uplinks, you can indeed enable vlan-filtering on the LAN bridge, make the WAN interface just another VLAN on that bridge, set the uplink interface as an access (untagged) one for that "WAN VLAN" and permit the VLANs you want to extend from home to the basement on that interface (all of that on both your devices). And you have to coordinate the VLAN IDs between your two routers of course. The ISP may tell you which particular VLAN IDs to use, and maybe they will even tell you to keep the WANs tagged as well.

There is a great article on VLANs here. The debugging may be a bit of a challenge, but as your ISP is so flexible that they have offered you the VLAN approach (larger ISPs usually avoid anything that doesn't fit to their pre-defined products), they should be able to cooperate well. And of course you can come back here if something doesn't go as expected.
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 2390
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: LAN over VLAN via WAN - two routers

Sun Nov 06, 2022 3:50 pm

 
Konrad
just joined
Topic Author
Posts: 18
Joined: Wed Feb 01, 2017 10:01 pm

Re: LAN over VLAN via WAN - two routers

Sun Nov 06, 2022 5:06 pm

make the WAN interface just another VLAN on that bridge...
vlan_1.PNG
So VLAN is under the eth1 so this port is WAN
bridge_1.PNG
VLAN filtering is set to the LAN bridge
You do not have the required permissions to view the files attached to this post.
 
sindy
Forum Guru
Forum Guru
Posts: 9899
Joined: Mon Dec 04, 2017 9:19 pm

Re: LAN over VLAN via WAN - two routers

Sun Nov 06, 2022 6:31 pm

It is not just this. You have added a vlan interface to ether1, but you haven't made ether1 a member port of the switch, which suggests you either haven't read the article on VLANs I've suggested or you haven't understood it.

If you post the export of configrations of both your routers (open a [Terminal] window and see my automatic signature for a hint) and I'll give you some script commands to apply on both routers.

Who is online

Users browsing this forum: moeinfrozen and 13 guests