I’m struggling. Please help me if you could or just point me in the right direction.
Here is what I’m doing:
wlan1 is connected to ISP1 - 2.4GHz chain
wlan2 is connected to ISP2 - 5GHz chain
[routes, dhcp client, DNS - 8.8.8.8 and 8.8.4.4 pushed to clients]
Three scenarios:
I have the connectivity when I’m using only one interface (let’s say wlan1 is on and wlan2 is down and vice versa) - it works just fine.
When I’m turning both on - only one interface is being used. Period. Almost no traffic on other interface.
When I’m trying to use both on + load balancing (PCC doesn’t work and same with just 2 simple subnets - 192.168.86.1-126 is Group A - wlan1 and 192.168.86.129-253 is Group B-wlan2) - it doesn’t work.
What’s happening: the DNS (or routes) works on only one interface. So when I’m on scenario 3 and I’m in Group B - I can’t ping anything except the gateway of wlan2. Unless I will create a static route to let’s say 8.8.4.4 - this way I can ping 8.8.4.4 from wlan2.
Clients on wlan1 are fine. They can go anywhere.
Please let me know if you need any additional info (configs or something else) - I will be happy to post it.
You will need to properly setup load balancing using Mangle.
Check out this presentation, it should cover what you need to know: https://youtu.be/67Dna_ffCvc
Feel free to skip to around 6:30 - that’s when the Mangle stuff starts.
tomaskir - great slides, but actually I’ve been doing it accordingly to your slides even before you posted the link… So I guess I’m doing something wrong.
3 X chain=prerouting action=mark-routing new-routing-mark=Group_A
passthrough=yes src-address=192.168.86.0/25 log=no log-prefix=“”
4 X chain=prerouting action=mark-routing new-routing-mark=Group_B
passthrough=yes src-address=192.168.86.128/25 log=no log-prefix=“”
/ip route> print
DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 S 0.0.0.0/0 192.168.1.254 1 <-----Group A mark
1 A S 0.0.0.0/0 192.168.0.1 1 <----- Group B mark
2 ADS 0.0.0.0/0 192.168.0.1 1
3 A S 8.8.4.4/32 wlan2 1
4 ADC 192.168.0.0/24 192.168.0.13 wlan2 0
5 ADC 192.168.86.0/24 192.168.86.1 bridge_local 0
That Mangle config is quite simple - I’m using it for testing…
That config is completely wrong, so no wonder it doesn’t work
Implement proper Mangle as in either of the presentations, then test.
If it still doesn’t work after, please post the Mangle export and what doesn’t work.
Mangle miss-configuration
Rule 10 - you are missing negation signs.
“dst-address-type=!local” and “dst-address-list=!Connected”
If you are doing bandwidth-based load-balancing, you will also need the Traffic Monitors which switch the routing mark on the main load-balancing Mangle rule.
Pings
You can’t just select interface for ping.
You have to select the right interface AND the right routing table (it’s in the Advanced tab).
Thank you Tomas! I fixed mangle rule #10, now there is no connection on my clients… (e.g. no ping to anywhere except 2 gateways). I guess I’m going in the right direction, but my initial issue is still there… Also thank you for heads-up regarding pings (am I doing it wrong again? pinging from wlan1… ) Please have a look at 2 screenshots below.
Screenshot one - 0 counters on some rules…
Screenshot two - pings.
When I’m pining from clients I got “request timed out” but DNS seems to be fine…
As I mentioned previously, you will need to have the Traffic Monitor scripts in place to load balancing using bandwidth-based load-balancing.
Refer to the presentation.
Another note - do not use FastTrack with this.
FastTrack on purpose doesn’t let packets into Mangle (and multiple other RouterOS facilities), that’s how it achieves perf. improvements.
In ping, do not set source address.
Just set interface, and routing table.
Thank you for your help sir, I guess FastTrack was causing that. I will check and update the post accordingly a bit later. I haven’t really used traffic monitor because I couldn’t get any traffic. If disabling FastTrack will solve the riddle - will do for sure.
So FastTrack disabled, still no connection, clients can’t go anywhere, but 2 GWs
Can’t ping from “sub-ordinary interface”. Only from “main” - wlan2
Weird part:
wlan1 set as interface, can ping from routing table ISP1_route AND ISP2_route, main
wlan2 set as interface, can’t ping at all. ISP1_route, ISP2_route, main.
I have no idea how and why wlan2 has become “dominant” interface. So when wlan2 is down, wlan1 is being used. When I’m turning “dominant” wlan2 on, wlan1 is not active. Is that because of my route list?
With FastTrack being turned off the following counters are at “0”: - screenshot.
My goal for now is to fix that crap, I will take care of load balancing and traffic mon a bit later - when my clients would have connectivity…
All the things highlighted in your screenshot have different meanings, the 0 are fine.
Highlighted rule 1 simply says there is no WAN->LAN traffic through wlan1.
Highlighted rules 2 and 3 are 0 because the main load-balancing rule isn’t routing any traffic through wlan2.
You can see that in the config - it’s marking all the traffic into ‘ISP1_Route’ routing table.
Your Mangle is fine - to me it seems like your issue will be somewhere else in the config.
How does the firewall filter and NAT look like?
Even better - post your full ‘/export hide-sensitive’.
thank you for your time and help - I really appreciate it. You’re the only one who decided to give me a hand. Please have a look at my config (attached)… I know it doesn’t look good, but please let me know if I’m doing something weird or stupid
) Please have a look at 2 screenshots below.