I have two internets and two intervlan. They are slow internet and fast internet. I want to share some Vlan users who have slow and some VLAN users who have fast internet. How to configure the mikroitk router. When I use mangle two VLAN connections lose.
under following is Right ?
To configure your MikroTik router with two internet connections (a slow and a fast connection) and two VLANs, where some VLAN users use the slow internet and others use the fast one, you’ll need to set up mangle rules carefully to avoid losing connectivity. Here’s how to configure it:
- Set Up VLANs on the Router
Connect the slow internet to ether1 and the fast internet to ether2.
For VLANs, assign them to a LAN interface (e.g., ether3):
Go to Interfaces > VLAN and create two VLAN interfaces:
VLAN10 with VLAN ID 10 (for users on the slow internet).
VLAN20 with VLAN ID 20 (for users on the fast internet).
- Assign IP Addresses to VLANs
Go to IP > Addresses and assign IP addresses to the VLAN interfaces:
VLAN10 with IP 192.168.10.1/24
VLAN20 with IP 192.168.20.1/24
- Set Up DHCP Servers for Each VLAN
Go to IP > DHCP Server and create DHCP servers for each VLAN:
For VLAN10: Set the address pool (e.g., 192.168.10.2-192.168.10.100).
For VLAN20: Set the address pool (e.g., 192.168.20.2-192.168.20.100).
- Configure NAT (Masquerade Rules)
Go to IP > Firewall > NAT and create two masquerade rules to enable internet access for both VLANs:
For slow internet: Chain: srcnat, Out. Interface: ether1, Action: masquerade
For fast internet: Chain: srcnat, Out. Interface: ether2, Action: masquerade
- Set Up Mangle Rules for VLAN Routing
To prevent VLAN connections from being lost, we will apply mangle rules only for traffic going to the internet and not for local inter-VLAN communication.
Go to IP > Firewall > Mangle and add the following rules:
Mark Connections for Slow Internet (VLAN10):
Chain: prerouting
In. Interface: VLAN10
Dst. Address: !192.168.0.0/16 (to exclude local addresses)
Action: mark connection
New Connection Mark: slow-conn
Passthrough: yes
Mark Routing for Slow Internet (VLAN10):
Chain: prerouting
In. Interface: VLAN10
Connection Mark: slow-conn
Action: mark routing
New Routing Mark: use-slow
Passthrough: yes
Mark Connections for Fast Internet (VLAN20):
Chain: prerouting
In. Interface: VLAN20
Dst. Address: !192.168.0.0/16 (to exclude local addresses)
Action: mark connection
New Connection Mark: fast-conn
Passthrough: yes
Mark Routing for Fast Internet (VLAN20):
Chain: prerouting
In. Interface: VLAN20
Connection Mark: fast-conn
Action: mark routing
New Routing Mark: use-fast
Passthrough: yes
- Set Up Routing Rules for Each Internet Connection
Go to IP > Routes and add routing rules based on the marks:
Route for Slow Internet:
Dst. Address: 0.0.0.0/0
Gateway: (gateway IP for the slow internet on ether1)
Routing Mark: use-slow
Route for Fast Internet:
Dst. Address: 0.0.0.0/0
Gateway: (gateway IP for the fast internet on ether2)
Routing Mark: use-fast
- Testing and Verification
Check connectivity by assigning users to the appropriate VLANs and verifying that users on VLAN10 route through the slow internet and VLAN20 through the fast internet.
Ensure that local inter-VLAN communication is not disrupted. If issues persist, review the Dst. Address exclusion (!192.168.0.0/16) in the mangle rules to ensure local traffic is not affected.