Community discussions

MikroTik App
 
cybertron
newbie
Topic Author
Posts: 29
Joined: Tue Jan 06, 2009 7:37 am

RB450 help needed - basic 2 lan config

Mon Aug 31, 2009 7:54 am

Hey guys... I recently purchased a new RB450 and RB450G and had the pleasure of working with Dmitry to configure one of these units. But I'm trying to configure the second unit on my own and I'm running into some trouble. Hopefully this isnt basic stuff that I just missed in the manual--if so, my apologies.

I have the following ip addresses:
[admin@MikroTik] /ip address> print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 10.0.0.240/24 10.0.0.0 10.0.0.255 WAN-0
1 10.0.0.253/24 10.0.0.0 10.0.0.255 LAN-1
2 10.0.1.253/24 10.0.1.0 10.0.1.255 WiFi-2
3 D 10.0.0.46/24 10.0.0.0 10.0.0.255 WAN-0
[admin@MikroTik] /ip address>

but when I plug a cable into LAN-1 (1 being the port number...0-4) I'm unable to ping the ip or access ssh. The machine I'm working from does receive an ip from dhcp server though. How can I access ssh from the second port.. or any port for that matter?

I also cant get internet access even though I've added what I think is the right stuff, but I'll figure that out after I get access to the router from this side. I can post any more screens needs, but I'm new to this so not sure which are relevant.
 
SurferTim
Forum Guru
Forum Guru
Posts: 4636
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: RB450 help needed - basic 2 lan config

Mon Aug 31, 2009 1:53 pm

What is the ip/netmask of the interface of the other router that is connected to WAN-0? That should be the gateway, and I need that ip to help you finish the route. I would have used 10.0.0.1/24

BTW, you have two interfaces with duplicate networks on them (WAN-0 and LAN-1). And a dynamic assignment on WAN-0 (bottom entry).
 
cybertron
newbie
Topic Author
Posts: 29
Joined: Tue Jan 06, 2009 7:37 am

Re: RB450 help needed - basic 2 lan config

Mon Aug 31, 2009 4:56 pm

I knew i would leave info out... sorry.

The WAN is being connected to a comcast cable modem(DHCP) and has been configured with dhcp-client. the 10.0.0.46 port you see is reassigned(or is supposed to be) once i plug the unit into the cable modem. the 10.0.0.240 was just a static ip i set for configuring the unit. Is it possible for an interface to have 2 networks like that? I will remove that ip once I can figure out how to SSH into the unit from port2 (LAN-1)

On the LAN-1 interface, I went with 10.0.0.253 because my current router is .254 and I'll be changing that once this router is working successfully.

I assume the gatway will be assigned via dhcp on the wan side right?
 
SurferTim
Forum Guru
Forum Guru
Posts: 4636
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: RB450 help needed - basic 2 lan config

Mon Aug 31, 2009 5:04 pm

On the LAN-1 interface, I went with 10.0.0.253 because my current router is .254 and I'll be changing that once this router is working successfully.
Good idea, but that presents routing problems. That interface needs:
a separate localnet,
or
bridged to ether1, which means semi-public net on LAN-1, not private. 10.x.x.x net is all private.

If you change that interface to 10.0.2.1/24, and reassign your other router between the 10.0.0.254 and 10.0.2.254 as you move it from one net to the other, then it should work ok.
 
cybertron
newbie
Topic Author
Posts: 29
Joined: Tue Jan 06, 2009 7:37 am

Re: RB450 help needed - basic 2 lan config

Mon Aug 31, 2009 10:42 pm

..
How about SSH to the RB450 on LAN-1 (port 1 in 0-4)? Or should I have just made port 0 the LAN port?
 
SurferTim
Forum Guru
Forum Guru
Posts: 4636
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: RB450 help needed - basic 2 lan config

Mon Aug 31, 2009 11:05 pm

No problem as long as the interface networks are not identical. ether2 is ok for ssh into the router. It better be. That is what I use most of the time! Assign 10.0.2.1/24 to the LAN-1 interface. Then get on the LAN-1 interface with a 10.0.2.x/24 ip, and
ssh admin@10.0.2.1.
 
cybertron
newbie
Topic Author
Posts: 29
Joined: Tue Jan 06, 2009 7:37 am

Re: RB450 help needed - basic 2 lan config

Tue Sep 01, 2009 1:36 am

No problem as long as the interface networks are not identical. ether2 is ok for ssh into the router. It better be. That is what I use most of the time! Assign 10.0.2.1/24 to the LAN-1 interface. Then get on the LAN-1 interface with a 10.0.2.x/24 ip, and
ssh admin@10.0.2.1.
done and done. Thanks so much. Its working now on the LAN side. Now I just have to figure out how to setup NAT on the WiFi side. Is that even possible?
 
SurferTim
Forum Guru
Forum Guru
Posts: 4636
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: RB450 help needed - basic 2 lan config

Tue Sep 01, 2009 1:55 am

Yes it is. Easy.

/ip firewall nat
add chain=srcnat action=src-nat to-addresses=10.0.0.46

This will srcnat all localnet ips as 10.0.0.46. I normally would use "action=masquerade", but since there are two ips assigned to WAN-0 (ether1), that is unpredictable.

ADD: This applies only if 10.0.0.46/24 is a "persistent ip" (you always get that ip by dhcp).
 
cybertron
newbie
Topic Author
Posts: 29
Joined: Tue Jan 06, 2009 7:37 am

Re: RB450 help needed - basic 2 lan config

Tue Sep 01, 2009 4:37 am

Yes it is. Easy.

/ip firewall nat
add chain=srcnat action=src-nat to-addresses=10.0.0.46

This will srcnat all localnet ips as 10.0.0.46. I normally would use "action=masquerade", but since there are two ips assigned to WAN-0 (ether1), that is unpredictable.

ADD: This applies only if 10.0.0.46/24 is a "persistent ip" (you always get that ip by dhcp).
Alright, so I had already added "chain=srcnat action=maq..." and so on for what I thought was port 1 (of 0-4) only, but once I removed the static WAN ip, it looks like everything is working fine now.

So I have a dynamic WAN, and a LAN & WiFi with DHCP + NAT and all is able to get online now.

The last 2 questions I have are: can I set IP's based on MAC address? & how can i restrict access between the LAN and Wifi ports? or how can I allow traffic (for printing, etc) from the wifi port to the LAN?

I want to setup a hotspot but that can wait until I have more time tomorrow. Thanks again for all the help.
 
SurferTim
Forum Guru
Forum Guru
Posts: 4636
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: RB450 help needed - basic 2 lan config

Tue Sep 01, 2009 11:38 am

To make a dhcp lease static (not static ip assignment).

/ip dhcp-server lease
print
make-static X

Change X to the line number of the lease. Then that mac address will always be issued that ip. Some call this a "persistent ip".

If you want to restrict access, then you can do that with
/ip firewall filter
add chain=forward action=drop src-address=10.0.1.0/24 dst-address=10.0.2.0/24
add chain=forward action=drop src-address=10.0.2.0/24 dst-address=10.0.1.0/24

Who is online

Users browsing this forum: Bing [Bot] and 42 guests