Hi fellow Tikers,
I have been working on a scenario with 2 ISP’s and 4VLAN’s that would like to setup. I would like to have VOIP vlan use ISP1 only(which is PPPOE) and the other 3 vlans to use ISP2. No failover(at this time) & no Shared bandwidth. I have added a brief description below…I have made so many changes to my config, I feel I have royally over complicated it. Any help would be greatly appreciated 
2011UiAS-2HnD
ISP 1 is PPPOE (Ether 10) 10.10.10.1 GW.254
ISP 2 is Static IP (Ether 9) 20.20.20.2 GW .254
VLAN 227 VOIP (uses ISP 1) (not available from other vlan’s) 10.48.227.x GW .254
VLAN 228 Admin (Uses ISP 2) Access VLAN 229-230 10.48.228.x GW .254
VLAN 229 Office (Uses ISP 2) Cannot access other vlan’s 10.48.229.x GW .254
VLAN 230 Guest (Uses ISP 2) Cannot Access other vlan’s 10.48.230.x GW .254
Ether 1 connected to Cisco 48 port Switch (vlan Trunks 227-230)
Ether 6 connected Premise PBX 10.48.227.5 GW .254 VLAN 227
Ether 7 connected to 8 port Switch with dedicated VOIP Phones (Temporary) VALN 227
Ether 8 has my computer connected directly to it vlan 227 (right now for PBX programming)
I have created Bridges for all vlans
I have created DHCP servers for all vlans
I have tried to use Mangle rules and IP Routes to separate traffic
I also require remote access through ISP 1
Currently ISP 2 seems to be working fine with VLAN 228-230, however ISP1 with vlan 227 I can call in but can’t call out since adding ISP 2. I am unable to remote access through ISP1 unless I remove the Routing mark in IP Route.
Thanks All Garbear
/ip firewall mangle
add action=accept chain=prerouting dst-address=216.57.183.191 in-interface-list=LAN1
add action=accept chain=prerouting dst-address=184.71.125.38 in-interface-list=LAN2
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ABC_PPPOE new-connection-mark=WAN1_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ether9 new-connection-mark=WAN2_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface-list=LAN1 new-connection-mark=WAN1_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface-list=LAN2 new-connection-mark=WAN2_conn passthrough=yes
add action=mark-connection chain=prerouting in-interface="Bridge LAN 227" new-connection-mark=WAN1_conn passthrough=yes src-address=10.48.227.0/24
add action=mark-connection chain=prerouting in-interface="Bridge LAN 228" new-connection-mark=WAN2_conn passthrough=yes src-address=10.48.228.0/24
add action=mark-connection chain=prerouting in-interface="Bridge LAN 229" new-connection-mark=WAN2_conn passthrough=yes src-address=10.48.229.0/24
add action=mark-connection chain=prerouting in-interface="Bridge LAN 230" new-connection-mark=WAN2_conn passthrough=yes src-address=10.48.230.0/24
add action=mark-connection chain=input in-interface=ABC_PPPOE new-connection-mark=WAN1_conn passthrough=yes
add action=mark-connection chain=input in-interface=ether9 new-connection-mark=WAN2_conn passthrough=yes
add action=mark-routing chain=output connection-mark=WAN1_conn new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN2_conn new-routing-mark=to_WAN2 passthrough=yes
/ip route
add distance=1 gateway=184.71.125.37 routing-mark=to_WAN2
add distance=1 gateway=ABC_PPPOE