Hi,
I’m trying to set up a Hotspot: Dual WAN + PCQ based QoS.
Dual WAN + PCQ based QoS itself worked OK, meaning load balancing & fail over are working.
But, as soon as I start Hotspot on top of this set up, Router fails to work.
If I pull out one of the WANs then it starts work. But, it fails again as soon as both WANs plugged in.
I appreciate your help in advance…
Here is my set up.
HW: RB1200 as well as CCR-1016 with v6.4 OS
WAN1: 10.10.0.0/24 GW 10.10.0.1
WAN2: 10.20.0.0/24 GW 10.20.0.1
DNS: 210.220.163.82,219.250.36.130 for both WAN1 and WAN2
Hotspot: 172.16.0.0/24 GW 172.16.0.1
First, I reset the router to factory default
/system reset-configuration
Once system boot up, ran the following script to set up dual WAN + PCQ.
/interface bridge
add name="bridge1" mtu=1500 l2mtu=65535 arp=enabled disabled=no
settings set use-ip-firewall="yes"
/interface bridge port
add bridge=bridge1 interface="ether3" disabled=no
add bridge=bridge1 interface="ether4" disabled=no
add bridge=bridge1 interface="ether5" disabled=no
/ip address
add interface="ether1" network=10.10.0.0 address=10.10.0.2/24 disabled=no comment="WAN1"
add interface="ether2" network=10.20.0.0 address=10.20.0.2/24 disabled=no comment="WAN2"
add interface="bridge1" network=172.16.0.0 address=172.16.0.1/24 disabled=no comment="LAN"
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=5000KiB max-udp-packet-size=512 servers=210.220.163.82,219.250.36.130
/ip pool
add name=ip-pool1 ranges=172.16.0.20-172.16.0.254
/ip dhcp-server
network add address=172.16.0.0/24 gateway=172.16.0.1 dns-server=210.220.163.82,219.250.36.130
add name=dhcp1 interface=bridge1 lease-time=24h address-pool=ip-pool1 authoritative=after-2sec-delay bootp-support=static disabled=no
config set store-leases-disk=5m
#------ Use PCQ to control throttle up/down traffic per IP ---------------------
/ip firewall mangle
add chain=prerouting action=mark-packet in-interface="bridge1" new-packet-mark="client_up"
add chain=prerouting action=mark-packet in-interface="ether1" new-packet-mark="client_d1"
add chain=prerouting action=mark-packet in-interface="ether2" new-packet-mark="client_d2"
/queue type
add name="PCQ_d1" kind=pcq pcq-rate=5M pcq-limit="50" pcq-total-limit="1000" pcq-classifier="dst-address"
add name="PCQ_d2" kind=pcq pcq-rate=5M pcq-limit="50" pcq-total-limit="1000" pcq-classifier="dst-address"
add name="PCQ_up" kind=pcq pcq-rate=5M pcq-limit="50" pcq-total-limit="1000" pcq-classifier="src-address"
/queue tree
add parent=global queue="PCQ_d1" packet-mark="client_d1"
add parent=global queue="PCQ_d2" packet-mark="client_d2"
add parent=global queue="PCQ_up" packet-mark="client_up"
/queue simple
add target=172.16.0.0/24 queue=PCQ_up/PCQ_d1 packet-marks=client_d1,client_up
add target=172.16.0.0/24 queue=PCQ_up/PCQ_d2 packet-marks=client_d2,client_up
#------ Dual WAN fail over & load balancing set up -----------------------------
/ip firewall mangle
add chain=input in-interface="ether1" action=mark-connection new-connection-mark=WAN1_conn
add chain=input in-interface="ether2" action=mark-connection new-connection-mark=WAN2_conn
add chain=output connection-mark=WAN1_conn action=mark-routing new-routing-mark=to_WAN1
add chain=output connection-mark=WAN2_conn action=mark-routing new-routing-mark=to_WAN2
add chain=prerouting dst-address=10.10.0.0/24 action=accept in-interface="bridge1"
add chain=prerouting dst-address=10.20.0.0/24 action=accept in-interface="bridge1"
add chain=prerouting dst-address-type=!local in-interface="bridge1" \
per-connection-classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface="bridge1" \
per-connection-classifier=both-addresses-and-ports:2/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes
add chain=prerouting connection-mark=WAN1_conn in-interface="bridge1" action=mark-routing new-routing-mark=to_WAN1
add chain=prerouting connection-mark=WAN2_conn in-interface="bridge1" action=mark-routing new-routing-mark=to_WAN2
#------ Set up Routing, Firewall, So on... -----------------------------
/ip route
add dst-address=0.0.0.0/0 gateway=10.10.0.1 routing-mark=to_WAN1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.20.0.1 routing-mark=to_WAN2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.10.0.1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.20.0.1 distance=2 check-gateway=ping
/ip firewall nat
add chain="srcnat" action="masquerade" out-interface="ether1"
add chain="srcnat" action="masquerade" out-interface="ether2"
Up to here is OK. Everything works fine: load balancing & fail over.
Once I run script below to start Hotspot, the router becomes unstable.
/ip hotspot profile
add name="hsprof1" hotspot-address=172.16.0.1 html-directory="hotspot" \
login-by="http-chap,cookie" http-cookie-lifetime=3d
/ip hotspot
add name="hotspot1" profile="hsprof1" interface=bridge1 address-pool=ip-pool1 \
idle-timeout="none" keepalive-timeout="none" addresses-per-mac="1" disabled="no"
/ip hotspot user profile
add name="hsOkUser" shared-users=100 address-pool=ip-pool1 session-timeout=8h \
idle-timeout=30m add-mac-cookie="yes" mac-cookie-timeout=3d
/ip hotspot user
add server="hotspot1" name="hsuser" password="sdfgxcvb" profile="hsOkUser" disabled=no
It appears that this script works only for for one WAN, not both.
I’d like to have both WANs working.
Please help…
Thanks,
