Today set my Dual WAN Fallover (WAN Backup), and used this code to get that working. Ether1 is working as PPPoE client, and Ether2 is using LAN connection from another router near me. The both connections are totally different between. Different bandwidth etc.. Ether1 is getting adress from 10.103.0.1 and Ether2 is getting DHCP from 192.168.1.1 . Both interfaces Ether1 and Ether2 are into “WAN” list.
With just this code added, i didnt get internet on Ether2 (When ether1 is down), until i add DHCP Client manually for Ether2 interface. The WAN Fallover works, but, into DHCP Client window Ether1 stuck on “Searching” into status as shown bellow:
Can someone tell me if i do something wrong with my setup, and for that DHCP Client stuck, and didnt release IP adress? Thanks
Yep, then it is normal, as the pppoe-out1 is “standing on the shoulders” of ether1, if you disable ether1 you disable also pppoe-out1, so that devices loses the connection to the DHCP server (and the DHCP client on the Mikrotik waits forever).
What is connected physically to eher1 ?
A fiber or dsl modem/adapter by the ISP?
The failover should then be simulated in three ways:
the cable between your Mikrotik ether1 and the ISP device physically disconnected (this will as well result in ether1/pppoe-out1 having no more an IP from the DHCP server)
the connection on the other side of the ISP device physically disconnected (depending on how the device works/it is configured, the DHCP server may also not provide an IP anymore, but is relatively rare)
replace the 8.8.8.8 (or whatever) canary with an actually unreachable address and see what happens
As you can see, your ether1 “never” gets an IP, it is the pppoe-out1 that gets one 10.103.X.248 when the ether1 interface is enabled.
Usually a DHCP server (from the ISP device) also provides a route, which being dynamic will have a distance of 0 and take precedence over yours (that seem like having both distance=1?).
Check (when everything is connected and running normally with ISP1 as working connection) and if needed post for comment the output of:
1`. Here is problem1 add bridge**=F* interface=pppoe-out1
Do not add the pppoe interface to the bridge!!!
Here is problem2 /ip dhcp-client
add comment=defconf interface=ether1
This should be disabled or removed, the client settings for wan are dealt with in the pppoe settings!!
Problem number 3 /interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 name=pppoe-out1 use-peer-dns=yes user=cvetanovski.dean
You are attempting to use default routes and its likely interfering with the manual routes you are setting up for failover.
Set this to disabled…
Removed all previous Routes i have entered before , and insert your as was writen. For now works just fine.
Just one more question.. When open speed test for server it show IP adress from Secondary backup Line (ether2), and i think it not should show that, but from PPPoE connection i think? This is image from routes currently:
Sorry need to see script not pics.
/export file=anynameyouwish (minus router serial number, any WANIP public information, keys, passwords )
The pic does show that the first recursive is active, and the second recursive not being used and the backup not being used.
Thus nothing strange from that at least.
Configuration i have posted before. The strange is that when make a speedtest it detect that External IP is from second WAN from pool 46.x.x.x, and should be from first main WAN and from pool 15.10.x.x
But then you reported changing some settings, so the posted configuration is not the one currently running (or you lied when you said you changed it ) , anav wants to see the current one.
There is always the concrete possibility that EITHER:
the description of the changes you made is not accurate enough
OR:
the changes you actually made are even slightly different from the description.
Posting the situation “as is” eliminates the risk of misunderstandings or miscommunication.
The failover configuration looks good to me, and it is coherent with the pic you previously posted of the route list.
The ether2 route is only S (static) whilst the “good” ones via pppoe-out1 and 8.8.8.8 are AS (Active Static).
The result of speednet must be an artifact (or could it be browser cache)?
In any case, if you try, while doing another speedtest, to simply disconnect the cable from ether2, you will be sure that ether2 is NOT used.
Nothing I can see thus far that would cause any issues.
Couple of things seem off.
The second NAT rule seems to be doing nothing, you identify a source address but what is being source natted too???
So perhaps you should explain why you have the second rule ( intent-purpose ??) /ip firewall nat
add action=masquerade chain=srcnat comment=“defconf: masquerade”
ipsec-policy=out,none out-interface-list=WAN add action=masquerade chain=srcnat comment=AdGuardHome src-address=
192.168.34.0/24
Please explain the purpose of this rule: set use-ip-firewall=yes ???
If you simply thought this was required because you have a bridge, then remove it…
Nope, this is not part of any default setting, its on the config you provided, and the only way it is enabled is if you made it so, but in any case no biggie, just disable it.
( mostly used for queuing I believe ). /interface bridge settings
set use-ip-firewall=yes
The reason is because you currently have two ECMP routes with distance 1 (the two routes with + at the top of the route table), one of them has 192.168.1.1 as gateway, which goes through ether2. You should go to IP → DHCP Client and set Add Default Route to no for the entry associated with ether2.
In addition to that, currently your static default routes are missing “check-gateway=ping”. You can update/replace the content of the static routes with this:
Use check-gateway=ping on the two main WAN routes with destination 0.0.0.0/0
No needs to change distance on the recursive route with destination 208.67.222.222/32
Target scope of the recursive routes only needs to be 10 (value of the scope of the connected routes)
Explicitly set the scope of the recursive routes to be at least 1 above target-scope, in this case 11
Set target-scope of the two static default routes that reference those recursive routes to be at least this value, in this case 11
Set scope of the two static default routes that reference those recursive routes to 30, the default value for static routes, although technically an effective value of 12 is already enough.
The manually added default route with distance 4 that uses Telekom WAN can use 192.168.1.1 as gateway, because that’s the gateway that the dynamic route (added when Add Default Route = yes) listed. It’s better than only specifying ether2.
In WinBox you can turn on the visibility of the two Scope and Target Scope columns of the route table for a better picture.
As alternative for the manually added “Telekom WAN Backup” route, you can remove it, and instead set Add Default Route back to yes for the DHCP client instance attached to ether2, but this time, also go to the Advanced tab and change the value of Default Route Distance to 4.
Yes Disabling “Default Route to NO” for Ether2 DHCP Client makes the change do not see mixed External IP when open speedtest or other sites where external IP is exposed ! But if just disable “Default Route to NO” when disable Ether1 intereface, the recursive to Ether2 not happens. Why? To makes recursive, must keep “Default Route to Yes” for Ether2, and add “Default Route Distance” to “4” from Advanced Tab. Added PING tag to Routes too, that was missed.
Thank you Anav, your comments help me a lot in resolving this. Disabling “Default Route = Yes” for Ether 2 DHCP Client makes recursive do not work for some reason. Was needed to set "Default Route Distance to 4, and keep “Default Route = Yes” to start working. Now dont see mixed External IP.
One question more.. I know that is not topic for this, but when use first WAN my IPTV constantly buffers and stop playing.. When disable first WAN, and switch to second one, it works without buffering, even it is with much smaller speed then previous one. For examl. First one is 50/50 DL/UL respectively, and second one is 10/1 (Yes ADSL is still alive in some areas in 2025 year :F )
Yes, I prefer to turn off the default route in IP DHCP Settings so its clear to the reader what the routes are doing, clearly in this case the default route, if still in place for WAN2, with the same distance as the PRIMARY, would act like ECMP and thus get some of the sessions. Turning it off and using the manual route or changing its distance from default 1 to 4 accomplish the same thing.
As stated I prefer the manual route as its more flexible to make changes later. For example if you want a vpn service or to forward a port to the lan via WAN2, then one has to ensure the WAN2 is also up and thus one applies recursive to it and then one just modifies the existing manual route accordingly.
As to IPTV buffering, no clue… It may be best to use IPTV solely with WAN2?
Others more versed in traffic flow irregularities should be able to point you in the right direction
when you said you changed it 
) , anav wants to see the current one.
