Hi All, I’m quite new to MIkrotik aside from basic config.
Kindly need your suggestion or kindly point me to the right thread/post on how may i make my network works. Currently its separately connected to its own ISP and Router’s 1 LAN (Bridge LAN) still cannot connect/ping to Router’s 2 LAN (Bridge LAN) even-though I already connected both Routers via each own Ether 3. (Ping resulted time out)
My network as below :
and the Ether as below :
What I want to do is each LAN can connect to each other while each PC under LAN of ISP 1 cannot use ISP 2 bandwidth But all of PC under ISP2 may use ISP 1 bandwidth as a failover.
I also attaching my configurations on both Routers - non-sensitive for your references.
I know its quite complicated…
also Pardon my English.
2000 lines of config … long reading and searching.
Maybe also having an export without the “verbose” would make it readable.
Now I see BGP and OSPF … and on the other hand just a simple routed network. Is there a need for full redundant connection to the internet as a AS, or will load balancing and failover be enough.
Too much information in the config to weed out for me.
Hi there, sorry my mistake. I already attached new compact config (only 100+ lines each) and without verbose. Kindly help to advice
Also, I already tried simple routing as you may see in my config but it cannot seems to work though. I can only ping each other LAN Gateway such as 192.168.3.1 from Router 2 and viceversa.
I think its something wrong with my routing?
Yes I think load balancing and failover will be enough…
Thanks for the shorter config files. It becomes readable.
Amazingly enough, even with all the details and nice diagrams given, there is a lot to ask before one could start with a usable configuration.
Because you are mixing many things that should not be used together.
A segment of your LAN is either routed or switched (bridged). You bridge and use multiple subnets. Can be done for a reason, Difficult to guess what you need.
The WAN-bridge can be there for a reason, but I don’t see why. If there is only one interface (port) on the bridge, why use one?
Firewall filter rules are strange. /ip firewall filter
add action=accept chain=forward out-interface=BRIDGE-LAN
means allow all traffic from anywhere (internet and LAN) to access your LAN network.
Don’t understand what internet connection you have. Did you get a full C-class address range (94.36.4.0/24) or just 36.94.4.160 , with the ISP gateway at 36.94.4.1 ?
Where is 36.94.4.161 ?
.0 (zero) device address is not allowed: add address=192.168.3.0/24 interface=BRIDGE-LAN network=192.168.3.0
Remember that if you bridge everything then “router1 - router 2 - switch 2 - switch 3” is all one broadcast domain. Everything can talk to everything if they are on the same IP subnet.without routing.
The extra subnet used for the switches is confusing. You want to route (use separate subnets) somewhere, but it is unclear.why. and where.
To route the 2 routers together, the ether3 should not be a port of the LAN bridge if you do not want one broadcast domain.
Sorry for the many questions … you gave your solution, even in full detail … but I don’t know what your solution is for.
Hi thank you so much for the insight. I know it may seems like irregular to be using a bridge wan and bridge lan, but this is my predecessor’s left me, and its working fine originally with 1 ISP only. Right now we are adding a new ISP with a private IP and we need to make it as a failover as well.
Would you care to share your thought for more elegant approach to it? I could also start over from scratch as well, if necessary and needed.
thank you in advance.
I see no ether3 on the bridge-LAN anymore, that’s fine. The subnets disappeared from the IP address list as well. Excellent.
Now we have to route the traffic between the 2 routers. Default route is via the ISP and that’s not what we need for the LAN connection.
In Router1 we need an IP route to 192.168.8.0/24
In Router2 we need an IP route to 192.168.3.0/24 and 192.168.4.0/24
One could make a special small subnet for the ether3 interfaces, with static IP addresses and use that as gateway.
Lets use 192.168.200.1/24 for router1 and 192.168.200.2/24 for router2 (addresses for ether3)
Then we need following routes
in Router1
add comment=“LAN switch3” distance=1 dst-address=192.168.8.0/24 gateway=192.168.200.2
distance must be smaller than or equal to the distance of the default route to take priority
I hope not to have made some stupid mistake.
If we make an extra default route with longer distance in Router2 we have an initial failover solution
In Router2 (this route will become active if the other default route is down)
add comment=“failover internet route” distance=5 dst-address=0.0.0.0/0 gateway=192.168.200.1
Yes, its working now. thank you so much… I really appreciate it @bpwl
I’m very glad it worked. This was the easy part. Now you have failover in the case the ISP2 gateway or interface is failing.
What if ISP 2 has some upstream problem? E.G. the gateway works and is reachable, but you have no overall internet.
This too can be configured with some simple IP routes in Router2 and remote gateway checks. The difficult part is to understand how this “recursive route” in Mikrotik does the magic, in closing down a connection if some remote internet check point (like 8.8.8.8 ) is not reachable. It has to do with the “distance” and “scope”. Not easy to grasp, I always have to refer to a working exemple to configure it.
