Hello forum!
Long time nerd/networker, but first time MikroTik user here!
So, i bought a CRS125-24G-1S-RM given that it seemed to represent a very good value for money.
It does, however, scare the crap out of me from a feature perspective given then price.
Anyhow, I have got it pretty basic now. ether1-gateway to my fiber connection, and local access on the rest of the ports.
I have added some dstnat, set up uPnP/SNTP, found and modified a NO-IPscript and general housekeeping
Now, i need to get creative, and I cannot get the “Eureka!” moment to figure it out.
From my fiber i have one CAT5e to my patch closet. Now i need to hook up the providers Zyxel-box to get VoIP working.
So, i would need to set up a VLAN (i guess) to sort this out. I know i could definit a three port block for this, and then run one cable to the fiber, one to the zyxel, and one to ether1-gateway.
But, surely there must be a way to bridge ether1-gateway and another port and hook my zyxel there? Or some other cleverness.
Yes, the provider gives me several public IP’s so that is covered
In the attached file, the “top half” is the function that I desire, and the “bottom half” is how I would like to wire it.
You should create a bridge and add 2 ports. One coming from the ISP and the second one connected to the Zyxel.
Let your ISP give you an public IP on that bridge for internet.
+1… whenever you have an interface inside of a bridge you need to set ips, firewall rules, etc… to use the bridge instead of any of the interfaces contained within it.
We distribute both Mikrotik and ZyXEL so hopefully we can help.
How is your Internet IP service delivered to you ? Has your provider given you a /29 subnet where First (or last) usable address is the Gateway you use ?
e.g 203.171.1.0/29
ISP GW 203.171.1.1
1st User host = 203.171.1.2,
2nd User host = 203.171.1.3
etc ?
If so then I would use Mikrotik ether1 as your WAN and assign a usable address to it such as 203.171.1.1/24 to it. Note some ISP’s need a VLAN for Fibre so if you do simply add a vlan to ether1 and assign the WAN address to that.
Create a src-nat rule out-interface=ether1(or vlan) action=masquerade to NAT the hosts behind your Mikrotik.
Modify ether2 and set it’s master port = ether1. Now anything attached to ether2 is directly connected to the WAN in parallel to the Mikrotik as a switch.
Two things to note here.
You say you have a CRS125, so be sure no other ports are in the same switch group (see picture) as ether1 & 2 .
The reason we use a switch and not a bridge is ideally we want the traffic to not go through the Mikrotik CPU. If your Mikrotik did not have switch functionality (such as CCR1016 or CCR1036) you would have to use a bridge instead.
This should let your ZyXEL connect for VoIP and the Mikrotik will also have internet access without needing a separate switch.
Ok, rebooting this question as the installation did not really occur as I had expected.
The scenario is the same, but the zyxel ata-adapter is no longer connected to the Mikrotik. I have a switch elsewhere in the house to which the ATA is connected.
In the attached drawing I want to obtain a setup which gives me the functionality of the “dashed line”. In other Words, i want the VOIP-adapter behind the zyxel switch (A Zyxel GS1900-8 but that should not really matter) to have a L2-connection to my internet provider.
Also, i want my “general local network” to be accessible on both switches?
