Config to connect brand new routerboard to existing one

mbo42 · April 25, 2013, 10:07am

Hi All
I have a 750GL setup between my ADSL modem and my Linux Server / Firewall.
It has the standard ether1 for the WAN and 3 other ports set up to hand out addresses from my ISP provided extra IP’s.
There is no trace of the default 192.168.88.0 range left on this router
I’d like to be able to allocate the 5th interface for plugging in new routerboards (e.g. RB2011) so I can config. them from my local lan.
I.E it should be a DHCP client or have a fixed address in the 192.168.88.0/24 range.
I have tried both DHCP and fixed address methods, the dynamic routes get added, but there is no communication.
I can ping from my desktop to the routers interface 5 (192.168.88.253) but I cant see the RB2011.
What am I missing?

SurferTim · April 25, 2013, 10:29am

It might help if you post “/ip address” and “/ip route” for the 750.

mbo42 · April 25, 2013, 11:16am

Not sure how to get what you wanted out of /ip address and /ip route, so here's /export compact

[admin@TalcomMikroTik] > /export compact

jan/02/1970 00:22:37 by RouterOS 5.14

software id = 9BPH-G151

/interface ethernet
set 0 name=ether1-gateway
set 1 name=ether2-master-local
set 2 master-port=ether2-master-local name=ether3-slave-local
set 3 master-port=ether2-master-local name="ether4-Slave local"
set 4 name="ether5-DHCP client"
/ip pool
add name=default-dhcp ranges=192.168.88.0/24
add name="Telstra Pool" ranges=203.x.x.172/31
/ip dhcp-server
add address-pool="Telstra Pool" disabled=no interface=ether2-master-local name=default
/interface ethernet switch host
add ports="ether4-Slave local" share-vlan-learned=no switch=switch1 vlan-id=4294967295
add share-vlan-learned=no switch=switch1 vlan-id=4095
/ip address
add address=203.x.x.169/29 comment="Telstra IP Block" interface=ether2-master-local
/ip dhcp-client
add comment="default configuration" disabled=no interface=ether1-gateway
add disabled=no interface="ether5-DHCP client"
/ip dhcp-server network
add address=192.168.88.0/24 comment="default configuration" dns-server=192.168.88.1 gateway=192.168.88.1
add address=203.x.x.168/29 comment="Telstra allocated subnet" dns-server=203.x.x.169 gateway=203.x.x.169
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established
add chain=input comment="default configuration" connection-state=related
add action=drop chain=input comment="default configuration" in-interface=ether1-gateway
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" out-interface=ether1-gateway to-addresses=0.0.0.0
/system identity
set name=TalcomMikroTik
/tool mac-server
add disabled=no interface=ether2-master-local
add disabled=no interface=ether3-slave-local
add disabled=no interface="ether4-Slave local"
add disabled=no interface="ether5-DHCP client"
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface="ether4-Slave local"
add interface="ether5-DHCP client"
[admin@TalcomMikroTik] >

SurferTim · April 25, 2013, 11:20am

/ip address
add address=203.44.19.169/29 comment=“Telstra IP Block” interface=ether2-master-local

This is all in “/ip address”? Where is your ip assignment for 192.168.88.1/24 on ether5?

edit: Or whatever interface you have the 2011 connected to. Which is that?

mbo42 · April 25, 2013, 11:28am

Sorry, I'm new to this. I hope this is better ... The RB2011RM is on ether5

[admin@TalcomMikroTik] /ip address> print
Flags: X - disabled, I - invalid, D - dynamic

ADDRESS NETWORK INTERFACE

0 ;;; Telstra IP Block
203.x.x.169/29 203.x.x.168 ether2-master-local
1 D 110.x.x.3/24 110.x.x.0 ether1-gateway
2 D 192.168.88.251/24 192.168.88.0 ether5-DHCP client
[admin@TalcomMikroTik] /ip address> /ip route
[admin@TalcomMikroTik] /ip route> print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit

DST-ADDRESS PREF-SRC GATEWAY DISTANCE

0 ADS 0.0.0.0/0 110.142.214.254 1
1 ADC 110.x.x.0/24 110.x.x.3 ether1-gateway 0
2 ADC 192.168.88.0/24 192.168.88.251 ether5-DHCP client 0
3 ADC 203.x.x.168/29 203.x.x.169 ether2-master-l... 0

SurferTim · April 25, 2013, 11:37am

So ether5 is dhcp client and the 2011 issues that ip? What ip address is the RB2011 assigned on the connecting interface? 192.168.88.1/24? Can you ping that ip from the 750?

mbo42 · April 25, 2013, 11:51am

Yes, the 2011 issued the ip. The 2011 is at factory settings, all interfaces 192.168.88.1 (nothing plugged into eth1 yet)
I can ping the 750’s ether5 from the 2011 and the 2011’s 192.168.88.1 address from the 750.

mbo42 · April 25, 2013, 1:23pm

Thanks for your time, but I seem to have it working; the port needed masquerading.
This may be noob prattle, but I'll spell it out for other googlers.

To create a port on your Mikrotik that can be used to plug new routers into, so they can be configured from your usual desktop computer without the hassle of disconnecting or reconfiguring your day to day network / using a laptop etc.
Steps to set up:
On the main router (the 750, using ether5)
Assign a spare interface as a dhcp client and master = none
In Firewall add a rule - chain = srcnat, Out. Interface = TheOneYouChose, Action = Masquerade
The addresses and routes get setup automagically.
Now you can type the new routers default IP address into your browser and it will be able to find it.

Here are the printouts of the config. If someone sees a problem here please let me know.
[admin@TalcomMikroTik] /ip address> print

ADDRESS NETWORK INTERFACE

0 ;;; Telstra IP Block
203.x.x.169/29 203.x.x.168 ether2-master-local
1 D 110.x.x.3/24 110.x.x.0 ether1-gateway
2 D 192.168.88.251/24 192.168.88.0 ether5-DHCP client

[admin@TalcomMikroTik] /ip route> print

DST-ADDRESS PREF-SRC GATEWAY DISTANCE

0 ADS 0.0.0.0/0 110.x.x.254 1
1 ADC 110.x.x.0/24 110.x.x.3 ether1-gateway 0
2 ADC 192.168.88.0/24 192.168.88.251 ether5-DHCP client 0
3 ADC 203.x.x.168/29 203.x.x.169 ether2-master-l... 0

/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s tcp-close-wait-timeout=10s tcp-established-timeout=1d
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=accept chain=input comment="default configuration" disabled=no protocol=icmp
add action=accept chain=input comment="default configuration" connection-state=established disabled=no
add action=accept chain=input comment="default configuration" connection-state=related disabled=no
add action=drop chain=input comment="default configuration" disabled=no in-interface=ether1-gateway
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" disabled=no out-interface=ether1-gateway to-addresses=0.0.0.0
add action=masquerade chain=srcnat disabled=no out-interface="ether5-DHCP client"
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061 sip-direct-media=yes
set pptp disabled=no

Thanks