I am looking to extend our existing network (192.168.20.X) by adding a new subnet (192.168.21.X). I need all devices on both subnets to be able to communicate with each other by default.
Ideally, I would like the choice of which internet uplink to use to be set centrally or individually per client. We have two uplink devices: a ZTE MC888 5G router and a ZTE H1600 ADSL router, both provided by our internet service providers.
We use two Mikrotik antennas to connect two physical locations that are 3km apart. The antenna at 192.168.20.63 is configured as a “PTP Bridge AP” in Quick Set on Webfig, with the gateway set to 192.168.20.2. The antenna at 192.168.20.43 is configured as a “PTP Bridge CPE” in Quick Set on Webfig, also using 192.168.20.2 as the gateway.
My idea is to have all clients use the HAP ac3 as their gateway, which would manage traffic between the two subnets and potentially balance the load between the uplinks.
I have some technical knowledge but am not an expert, and I’m finding the configuration options in Winbox and Webfig on the HAP to be a bit overwhelming. The HAP is running firmware version 7.12.1 and RouterOS.
Any help or guidance would be greatly appreciated. Thanks!
Let me understand a bit better
You have two private IP WAN inputs to the Mikrotik Router.
192.168.21.2 from the ZTE MC888
192.168.20.205 from the ZTE H1600
APPROACH ONE:
These are WAN networks with respect to the Mikrotik NOT subnets or LAN networks.
First you need one bridge and one subnet on the Mikrotik lets make it 192.168.88.0/24.
Hence you can have as many device as you wish on this subnet.
Since both gateways for 192.168.21.1 and 192.168.20.2 exist on the MT, any traffic from 192.68.88.0/24 users will easily reach those devices.
So that direction is taken care of.
If you want users behind both routers to reach MT users, they need to know where to send traffic.
b] create static routes[/b] dst-address=192.168.88.0/24 gateway=192.168.20.205 (on H1600) and dst-address=192.168.88.0/24 gateway=192.168.21.2 (on MC88)
in this way any users heading to users behind the MT will be sent to the LANIP of the MT on their respective router LAN subnet.
+++++++++++++++++++++++++++++++++++++++++++++++
If internet from BOTH sources is not a primary requirement and one is more concerned about ensuring users can access each other, then the alternative
is to setup the HAPAC3 as an AP.switch. A bit trickier but possible.
Very likely I am not understanding the OP requirements, wouldn’t two subnets 192.168.20.1/24 and 192.168.21.1/24 with the requirement that each device needs to communicate with every other device a larger subnet 192.168.20.1/23?
What you ask for is not exactly a beginner task. The thing is that for an automatic failover between two WAN uplinks, you have basically two options:
to deploy VRRP on the two the ZTE routers, with two virtual addresses on a common subnet as @jaclaz suggests, each of those addresses being up on another one of the ZTE routers and moving to the other one when its preferred router fails or loses internet connection, which may not be possible to configure on the ZTEs
to make the hAP ac3 the single gateway for a common LAN subnet (and possibly also use two VRRP addresses on it to allow the LAN hosts to prefer one or the other uplink whenever both are available) and make the two ZTE devices its uplinks in other subnets, but for that, you need that the “black ZTE” would support VLANs or you’d have to add a VLAN-aware switch to that site, as the SXTsq only has a single Ethernet port.
which speed has the connection between them via the SQT?
how many clients do you expect on site A and on site B?
how is the ethernet cabling on the two sites?
If the links to internet (both the DSL and the LTE) are much slower than the throughput of the SQT link, and number of devices/interlan traffic is modest then the whole idea makes sense, but if - say - you have a NAS on site B used mainly by users on site A, you risk having no or extremely slow internet connection on. one site when using the modem on the other site.
The second option sindy proposed seems to me much better, I don’t think you actually need 510 IP addresses and there are cheap VLAN aware switches such as the RB260gs so, even if the ZTE doesn’t support them, it would only. add a few tens of dollars/euros to the budget or - if the needed speeds/traffic are low enough even - say - a hap Ax lite used as switch might do (to have RoS instead of SWos).
First of all,
thanks for the suggestions so far. I will still have to go through everything in detail.
Since my post i watched “An Introduction to MikroTik RouterOS for Newbies!” https://www.youtube.com/watch?v=rwjtRLQjMjA&t=1169s which helped a lot and i decided to reset the HAP and rethink the layout. This is the setup right now …
My PC that i use for testing the 5G side is physically located on the left location (i surrounded the 2 physical locations with the light blue boxes) and as a first step i am able to
reach devices in the 192.168.20.X network and also able to reach the internet through the ZTE MC888 5G router.
When connecting via WLAN to the HAP with my phone, the same.
There is a weird thing though, as i run a speedtest via speedtest.net, i can see the traffic generated clearly going through the POE/ether5 port.
As is start a download of a big file via a download manager, the traffic generated clearly goes through the WAN/ether1 port.
This is the winbox setup so far …
Disabling the 192.168.20.205 address doesn’t change that behaviour, only when i disable the ether5 port all traffic goes through ether1.
So there is clearly some issue, maybe missing some NAT setup? There is currently only one NAT Rule. Chain: srcnat, Out. Interface: ether 1 - Action: masquerade
Or maybe my PC still uses some chached route to 192.168.20.2?
To answer some of the questions: 1) which speed has the DSL modem/router on site “A”?
On a good day 20Mbps Down / 2Mbps Up 2) which speed has the LTE modem/router on site “B”?
It is a 5G modem but currently only works in NSA 5G/4G mode - i get 100Mbps Down / 10Mbps Up … still figuring out the best placement 3) which speed has the connection between them via the SQT?
The bandwidth test between the 2 antennas returns ~200Mbps Rx / ~130Mbps Tx 4) how many clients do you expect on site A and on site B?
Between 20-30 on each side. I know that 2 subnets are not necessary, i just thought i give it a try if i can achieve it.
So far - before i got the 5G router - everything was in the 192.168.20.X network. And working fine. 5) how is the ethernet cabling on the two sites?
Mostly Cat6, maybe some Cat5e.
And: Let me understand a bit better You have two private IP WAN inputs to the Mikrotik Router.
192.168.21.2 from the ZTE MC888
192.168.20.205 from the ZTE H1600
Yes.
In the meantime i changed the ZTE MC888 to 172.20.0.1 and it connects now to ether 1 WAN port on the HAP.
192.168.20.205 should be the HAPs static address in the 192.168.20.X network, from the ZTE H1600.
So my next milestone goal is to get the routing setup properly on the left side, the 192.168.21.X side.
Being able to connect to the 192.168.20.X subnet and the internet uplink via the ZTE MC888 working.
Then the next step would be to get the devices on the 192.168.20.X subnet to be able to reach everything on the 192.168.21.X subnet but ideally with the internet uplink via the ZTE H1600 still intact.
The ultimate goal should be to be able to have the choice between the ZTE MC888 or the ZTE H1600 for WAN/Internet connection. The ZTE MC888 is nice and fast and advertised as “Unlimited” but has a supposed monthly 2TB cap after that the speed gets reduced to 20Mbps. Also the signal is not stable yet all the time, Signal to noise varies a lot.
The ZTE H1600 has true unlimited traffic but suffers from an old incoming copper phone line and recently there have been quite some outages.
Good, so the SXT link exceeds actual ISP internet speeds.
And the number of devices is so small that you can well do with a single /24 subnet.
Now imagine that you have instead of the 2 SXT’s, two Cube Pro’s, you are then allowed to call the link “wireless wire”.
If you do so, all you have (conceptually) is a single, cabled at 100 MB or so, local network, i.e. the same standard situation most people have in their homes or offices.
You can of course have all the fun you want with multiple subnets, VLANs and what not, but I cannot see any reason why a simple, normal, KISS, single /24 network with two gateways in failover wouldn’t work (you might want to decide which one is the primary and which one is the secondary, the DSL seems a little slower, so if you have an unlimited plan on the 4/5G and you don’t have congestion issues at certain times, probably the 5G is to be preferred).
Or maybe you want to attempt some form of load balancing between the two connections?
If you want people to be able to check your configuration and possibly give you some advice, Winbox screenshot are not the best way, you should post your configuration as text, a handy howto is here: http://forum.mikrotik.com/t/forum-rules/173010/1
to call the link “wireless wire”.