Good day, I sincerely hope that someone has ran into a similar issue or knows a workaround for the following:
I need to implement a new gateway which overlaps my existing network's IP range, and figure my easiest solution to the problem is if I can find a way to force communication to the new gateway with a specific IP address. I fear changing the server and all printer's ^ PC's IP's, as this will be tedious and costly, and I have too few IP's available. (130+ devices, 61 available IP's)
At a different school where the IP ranges don't overlap I simply added the IP address to the WAN interface (10.4.#.150), srcnat (to 10.4.#.150), and route (DST:10.0.241.226 > GW:10.4.#.129), and lastly I configured transparent proxy on the Mikrotik (Specifying the squid proxy as the Parent Proxy), and adding NAT redirect rule (port 80,8080 [443-Gave some issues]). This worked perfectly.
The current configuration is as follows:
ADSL Router 1 - 192.168.1.1/29 (connected to ether1) PCC1
ADSL Router 2 - 192.168.2.1/29 (connected to ether1) PCC2
LAN - 10.1.1.1/8 (connected to ether5)
- To be added
Fibre Gateway - 10.4.#.129/26 (connected to ether5)
Fibre Proxy (Squid) = 10.0.241.226
Brief Description:
A Fibre uplink has been installed, and we have been given a /26 subnet meaning only 61 devices can communicate with this gateway. This is the first major problem as there are 130+ computers on this network, secondly they require us to route through their Squid Proxy. I cannot request that they change their IP's as all the schools are being slotted into a 10.4.#.#/26 network range, so that means I have to make the change on my end. The fibre is in a different part of the school and has therefore been connected directly into one of the switches, and communicates with the same port as the LAN devices.
Majority of the devices are configured for DHCP on the network and so I tried changing the IP address and DHCP config to hand out /16 addresses which appeared to work until I rebooted a PC, then it would get IP and DNS configuration but no gateway, and was unable to ping IP's in the subnet at all. (Also the fibre address 10.4.#.150, assigned to Mikrotik showed up as the DHCP server)
Re: Overlapping Subnets Routing / DHCP Issue
As a start, configure a VLAN on your switches, make the port where the fiber is connected an untagged
member of that VLAN and the port where your MikroTik is connected a tagged member. Any connecting
ports between switches have that VLAN as a tagged member.
Then create a VLAN interface on the MikroTik, with parent the ethernet port to the network and the
same VLAN tag.
Then at least you have your fiber network on a separate interface and you can make routing decisions
without interference from their DHCP etc.
member of that VLAN and the port where your MikroTik is connected a tagged member. Any connecting
ports between switches have that VLAN as a tagged member.
Then create a VLAN interface on the MikroTik, with parent the ethernet port to the network and the
same VLAN tag.
Then at least you have your fiber network on a separate interface and you can make routing decisions
without interference from their DHCP etc.
Re: Overlapping Subnets Routing / DHCP Issue
Thanks for the reply. VLAN is still a grey area for me, however I am eager to learn it so I will read up on it. Just 2 quick questions:
1) What happens to the tagged vlan traffic if there are unmanaged switches between? e.g. TL-SG1024D.
2) does it matter that the IP ranges still will overlap, or will the seperation of interfaces possibly resolve that too?
1) What happens to the tagged vlan traffic if there are unmanaged switches between? e.g. TL-SG1024D.
2) does it matter that the IP ranges still will overlap, or will the seperation of interfaces possibly resolve that too?
Re: Overlapping Subnets Routing / DHCP Issue
Most "dumb" switches will just pass tagged VLAN traffic. However, you should never use that
kind of switches in a large network except to connect workstations to a managed switch.
The use of a VLAN itself does not solve your problem but it will make it much clearer what is happening
and where.
I recommend to talk to the provider because they apparently expect every device to have a unique IP
(or they would have given you a smaller subnet) but it is not large enough for you. You require a /24
from them.
kind of switches in a large network except to connect workstations to a managed switch.
The use of a VLAN itself does not solve your problem but it will make it much clearer what is happening
and where.
I recommend to talk to the provider because they apparently expect every device to have a unique IP
(or they would have given you a smaller subnet) but it is not large enough for you. You require a /24
from them.
Re: Overlapping Subnets Routing / DHCP Issue
Yes, do this again. (Of course your WAN inrterface would be ether5)At a different school where the IP ranges don't overlap I simply added the IP address to the WAN interface (10.4.#.150), srcnat (to 10.4.#.150), and route (DST:10.0.241.226 > GW:10.4.#.129), and lastly I configured transparent proxy on the Mikrotik (Specifying the squid proxy as the Parent Proxy), and adding NAT redirect rule (port 80,8080 [443-Gave some issues]). This worked perfectly.
Then just make sure that no devices share any IP addresses regardless of subnet.
Read this to see why the overlapping of subnets does not have a negative impact: http://networkengineering.stackexchange.com/a/19853
Re: Overlapping Subnets Routing / DHCP Issue
Thanks Bennn, That resolved the issue 100%, and thanks for the link, it really helps to understand.Yes, do this again. (Of course your WAN inrterface would be ether5)
Then just make sure that no devices share any IP addresses regardless of subnet.
Read this to see why the overlapping of subnets does not have a negative impact: http://networkengineering.stackexchange.com/a/19853