Dual wan

wireles1234 · February 4, 2018, 12:45pm

hi
I am new in mikrotik configuration and I use to configure a dual wan where my wan1 is the ether1 and the wan2 is an LTE modem
I already have a configuration where I do the dual wan but it works if I disconnect the WAN1 cable and this is not what I want since I want to make the change when in WAN1 I do not have internet and when I have the internet make the change again to WAN1

greeting..

sindy · February 4, 2018, 2:46pm

This is a very nice answer to this. Instead of checking whether the interface itself is up or down, you monitor reachability of reference IPs via that interface.

wireles1234 · February 8, 2018, 2:41pm

I want to do the same but I do not do it

sindy · February 8, 2018, 2:55pm

Go to command line (“Terminal” in the menu) and paste here the output of
“/ip route export verbose”
There is a good chance that it will be some minor issue with “scope” or “target-scope”.

wireles1234 · February 9, 2018, 6:21pm

I already managed to do the configuration thanks to the link that you passed me, now I have a doubt that an ethernet can be disabled when it is on the wan2 and that when the internet of the wan1 is back on again that ethernet

sindy · February 9, 2018, 7:02pm

The priority between two routes with identical destinations is determined by their “distance” parameter - the higher the value of distance, the lower the priority of the route. So when route with distance=1 is available, route to the same destination with distance=2 is not used.

But a route with a more specific destination (longer mask) always wins over a route with less specific destination, regardless their distance parameters. So e.g. a route to 172.16.0.0/24 with distance=2 will be chosen even if route to 172.16.0.0/12 with distance=1 exists.

wireles1234 · February 9, 2018, 9:12pm

I think you do not understand my query I’ll explain again
I have wan1 and wan2, wan1 is a wired conexion and wan2 is an LTE modem, I want that when the wan2 is active I turn off the ethernet 3 this ethernet 3 is my wireless network where many devices are connected and there is a high consumption of data and I want to avoid this consumption when this activates the wan2

you understand what I want to do?

sindy · February 9, 2018, 9:31pm

now I have a doubt that an ethernet can be disabled when > it > is on the wan2

Your second explanation was more clear than the one above

But still, I assume that what you actually had in mind by “when wan2 (lte) is active” was “when the backup route via wan2 is active”, because you want to permit only priority traffic when the primary connection is down, am I right?

If so, and if you do not need that ether3 goes physically down, it would be enough to use policy routing - you would use ip firewall mangle rule to attach a routing mark to packets which come in through ether3, and set an own default route through the wan1 interface for packets with this routing mark. This way, even when internet would not be accessible via wan1, packets coming from ether3 would not be routed out via wan2.

If you do want the ether3’s physical state to follow the availability of internet via wan1, you would have to periodically run a script checking the result of route availability checking which the dual-wan setup uses and set ether3 up or down according to the result.

wireles1234 · February 9, 2018, 9:39pm

if that’s what I want to do when I wan1 is down and wan2 up ethernet 3 is down or does not receive packages since my plan is limited and all data will be consumed quickly

sindy · February 9, 2018, 9:58pm

I assume that all your currently configured routing rules have no routing mark configured, which means that they implicitly use routing mark “main”.

So simply use

/ip firewall mangle add chain=prerouting in-interface=ether3 action=mark-routing routing-mark=wan1-only

and then

/ip route add routing-mark=wan1-only gateway=x.x.x.x

where x.x.x.x is the directly accessible gateway in the subnet of wan1 (not one of the recursive ones).

A packet with routing mark assigned (by the mangle rule) can only use routes with the same routing mark. Routes without explicitly assigned routing mark use routing mark “main”, so the packets from ether3 will not be able to use any other route than the one permitted for them.

wireles1234 · February 9, 2018, 10:15pm

I created the rule but look at the message it gives me

sindy · February 9, 2018, 10:22pm

What is your firmware version? If you configure ether3, does it have a “master interface” set (probably ether2-master)?

wireles1234 · February 9, 2018, 10:26pm

version 6.41.1
I think the problem is because that interface is on a bridge where the ether is 2,3,4, and 5

sindy · February 9, 2018, 10:36pm

I wasn’t sure whether the problem exists also when the ethernet interface is a direct slave of a bridge or only in the old model where several ethernets were slaves of another one and handled commonly in a bridge.

Ok, so you’ll have to remove ether3 from the bridge, and assign it its own IP address from a new dedicated subnet and probably also DHCP pool and network for that subnet, for the devices connected via ether3.

wireles1234 · February 9, 2018, 10:52pm

doing that I will have a problem since I manage everything on my wireless network and I have devices that will be on another ethernet to which I have to access remotely

sindy · February 9, 2018, 11:04pm

If you need to access devices connected via ether3 from the wlan, that should not be a problem, except that we’ll need to change the mangle rule to add the routing mark only to packets which go to any other destination than the original LAN subnet (dst-address=!192.168.88.0/24) so that local routing between the two LAN subnets would use the “main” table.

If you have in mind that you manage the Mikrotik itself via ether3, then yes, it would require to keep ether3 in bridge-LAN and create another bridge-LAN2 and move all other ports to it.

wireles1234 · February 9, 2018, 11:13pm

for example in Bridge1 would be Ethernet 2,4 and 5 with IP 190.168.50.1 and in Bridge 2 that would be Ethernet 3 with IP 192.168.40.1 as I do to access a PC that will be connected by Bridge1?

sindy · February 9, 2018, 11:22pm

Yes. Try that with the mangle rule disabled at first, when you see it works, we can proceed. Check the dhcp server settings and copy them proportionally - you’ll need own “pool” and “dhcp server network” which contains the settings like default gateway, dns etc., copy all that from the existing items with appropriate modifications. Then attach a new dhcp server to ether3 (or bridge2 if you want to have a separate bridge for ether3 rather than using it directly without a bridge) and set it to use the new pool. The network is matched automatically.

sindy · February 9, 2018, 11:53pm

Wow, it seems you can use in-bridge-port instead of in-interface in the mangle rule. So maybe the whole exercise with a new bridge & subnet is not necessary.

wireles1234 · February 10, 2018, 12:33am

good friend I already have the first step working and separate the ethernet 3 only with a different dhcp and a different gateway and when there is no internet in the wan1 the ethernet 3 is without internet as wanted and when the wan1 returns the ethernet 3 grab internet

now I need to have communication between bridge1 and ether3