Help! Replace Cisco to Mikrotik RB3011UiAS (arm)

niggel · October 5, 2017, 3:27pm

Hi there,

I need to replace this router Cisco 800 to Mikrotik RB3011 and need know how configure with the same config file like cisco.. This is the config on cisco.. Please help me for the correct function and management

_Building configuration…

Current configuration : 2025 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ro-internet
!
boot-start-marker
boot-end-marker
!
enable password
!
username techadmin privilege 15 secret 5 $1$zyGy$Ue/TSBE/drAK6pj25qrva.
no aaa new-model
ip subnet-zero
ip dhcp excluded-address 192.168.4.254
ip dhcp excluded-address 192.168.3.254
ip dhcp excluded-address 192.168.5.1
ip dhcp excluded-address 192.168.5.254
ip dhcp excluded-address 192.168.4.1 192.168.4.40
ip dhcp excluded-address 192.168.3.1 192.168.3.40
!
ip dhcp pool lan4
network 192.168.4.0 255.255.255.0
dns-server 200.85.32.2 200.85.32.3
default-router 192.168.4.1
!
ip dhcp pool lan5
network 192.168.5.0 255.255.255.0
dns-server 200.85.32.2 200.85.32.3
default-router 192.168.5.1
!
ip dhcp pool lan3
network 192.168.3.0 255.255.255.0
default-router 192.168.3.1
dns-server 200.85.32.2 200.85.32.3
!
!
ip domain name cisco.internet
!
!
!
!
!
!
!
interface Ethernet0
ip address 192.168.2.1 255.255.255.0
ip nat inside
!
interface Ethernet1
ip address 181.40.125.50 255.255.255.252
ip nat outside
duplex auto
!
ip default-gateway x.x.x.x
ip classless
ip route 0.0.0.0 0.0.0.0 172.22.136.181 name gw
ip route 192.168.3.0 255.255.255.0 192.168.2.254
ip route 192.168.4.0 255.255.255.0 192.168.2.254
ip route 192.168.5.0 255.255.255.0 192.168.2.254
no ip http server
no ip http secure-server
!
ip nat inside source list internet interface Ethernet1 overload
!
!
ip access-list extended internet
permit ip 192.168.2.0 0.0.0.255 any
permit ip 192.168.0.0 0.0.255.255 any
permit ip any any
!
control-plane
!
!
line con 0
password
login
no modem enable
transport preferred all
transport output all
line aux 0
transport preferred all
transport output all
vf
!
scheduler max-task-time 5000
end_

Thanks you for all.!

JimmyNyholm · October 5, 2017, 7:42pm

Have you Started winbox trying to replace your config?
What it says is that you have a nat all open no security wan outside lan inside with two more black networks behind another router on lan.

The design is extremly simple to do, point and click in webb or using winbox gui even mt shell is nice if you are a cli kind of guy. Have Winbox on the side to get the navigational fell in cli…

What I would recommend though is that on one specific segment do not mix clients/server with routers so move your other router to another interface and reconfigure a route segment there.
Then all computers being (clients/servers/wifi…) will have one (1) default gw on its segment that finds all else. As of your config now you either set default to internet and get first miss error on all other internal machines with icmp redirect host routes on every machine or if you do default to lan router first miss for all internet stuff. Bad in both ways.

We can give you scripts for this but it’s you who will need to know this and how to operate/maintain it. Think Linux IPTables when you get to the nat and firewall stuff.
Try it out when you fail ask specific question giving the information on what you have tried and in witch way it failed.

Good Luck.