Split Traffic into VLANs Based on Source IP
Posted: Mon Jul 24, 2017 11:25 am
Hi all,
I have an unusual network requirement. I have been doing a lot of research on the topic, but I'm unsure if what I want to do is in fact possible.
Basically, I want to take traffic that is coming in over one of several PPPoE tunnels to a MikroTik router and then, based on the source IP address, forward this traffic to next hop on a particular VLAN interface. Effectively, I want to route traffic onto a specific VLAN interface based on it's source IP address. The reason for this is we wish to put a UTM/Nextgen firewall in between the PPPoE termination device (a RouterBoard) and the core router that will in fact route internet traffic (also a RouterBoard). To add complexity to the configuration, we also need to ensure that each host/IP address that arrives in on the PPPoE server/router can not route to other hosts/IP addresses that are on the same router without first going through the relevant VLANs to the core router.
The attached network diagram better illustrates what we're trying to do.
I am quite network and RouterOS savvy, so happy to talk at a fairly high level.
I have an unusual network requirement. I have been doing a lot of research on the topic, but I'm unsure if what I want to do is in fact possible.
Basically, I want to take traffic that is coming in over one of several PPPoE tunnels to a MikroTik router and then, based on the source IP address, forward this traffic to next hop on a particular VLAN interface. Effectively, I want to route traffic onto a specific VLAN interface based on it's source IP address. The reason for this is we wish to put a UTM/Nextgen firewall in between the PPPoE termination device (a RouterBoard) and the core router that will in fact route internet traffic (also a RouterBoard). To add complexity to the configuration, we also need to ensure that each host/IP address that arrives in on the PPPoE server/router can not route to other hosts/IP addresses that are on the same router without first going through the relevant VLANs to the core router.
The attached network diagram better illustrates what we're trying to do.
I am quite network and RouterOS savvy, so happy to talk at a fairly high level.