Hello I am a newb and I need help… : (,
I have been trying to create a back up internet with my RB951UI-2HnD v 6.23 and for the life of me
I can’t seem to figure it out. I have tried every script and terminal text I can get my hands on but nothing seems to work. Everything just comes back with errors
I was able to create a secondary wan, or atleast I think I did. I was able to get internet through it anyways.
Any Help would be amazing!
You didn’t write anything about your actual environment and used configuration nor described your problem precisely. None is able to effectively help you without this.
Thank you Jarda for the reply,
I will try and get more info,
I can’t get the configuration print out right now but I will as soon as I can!
I can give an idea what I want and a layout of what devices
I am trying to create a single failover for a
RB/951G-2HnD which is connected via VPN to another router down the street which houses our 3cx VoIP server. I’d like this setup to instantly switch ISP when the first goes down and keep all devices and VPN connections in check or at least reconnect quickly. So two ISPs, one as main and one as a instant back up with hopefully the same LAN and VPN setup.
I currently
have one RB/951G-2HnD router as my main router which has one wan port connected to a time warner cable modem
I then have a Sprint mifi 500 mobile hot spot connected via wifi to a separate RB/951-2HnD router set in Cpe mode to capture and reproduce the mifi internet across the Ethernet ports of the RB/951-2HnD.
I then have a cable running from the 2nd routers Ether2 port to the main routers ether5 port which I have set up as a wan 
or at least I think it’s set up a wan. I can get internet from wan 2, after disabling wan1 and restarting the router but that isn’t automatic and it changes all the LAN devices ip addresses after those devices are disconnected and reconnected.
I hope this helps you understand
MMM MMM KKK TTTTTTTTTTT KKK
MMMM MMMM KKK TTTTTTTTTTT KKK
MMM MMMM MMM III KKK KKK RRRRRR OOOOOO TTT III KKK KKK
MMM MM MMM III KKKKK RRR RRR OOO OOO TTT III KKKKK
MMM MMM III KKK KKK RRRRRR OOO OOO TTT III KKK KKK
MMM MMM III KKK KKK RRR RRR OOOOOO TTT III KKK KKK
MikroTik RouterOS 6.20 (c) 1999-2014 http://www.mikrotik.com/
[?] Gives the list of available commands
command [?] Gives help on the command and list of arguments
[Tab] Completes the command/word. If the input is ambiguous,
a second [Tab] gives possible options
/ Move up to base level
.. Move up one level
/command Use command at the base level
[admin@RGroceryStore] > /export compact
/interface bridge
add mtu=1500 name=bridge1
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-onlyn country="united states"
disabled=no frequency=auto l2mtu=2290 mac-address=D4:CA:6D:C8:5A:CD mode=
ap-bridge radio-name=D4:CA:6D:C8:5A:CD wireless-protocol=802.11
/interface ethernet
set [ find default-name=ether5 ] mac-address=D4:CA:6D:C8:5A:C8 name=ether1
set [ find default-name=ether4 ] mac-address=D4:CA:6D:C8:5A:C9 name=ether2
set [ find default-name=ether3 ] mac-address=D4:CA:6D:C8:5A:CA
set [ find default-name=ether2 ] mac-address=D4:CA:6D:C8:5A:CB name=ether4
set [ find default-name=ether1 ] mac-address=D4:CA:6D:C8:5A:CC name=wan2
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
set 3 default-vlan-id=0
set 4 default-vlan-id=0
set 5 default-vlan-id=0
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk group-ciphers=
tkip,aes-ccm mode=dynamic-keys supplicant-identity=MikroTik
unicast-ciphers=tkip,aes-ccm wpa-pre-shared-key=rgrocery2012
wpa2-pre-shared-key=rgrocery2012
/ip dhcp-server
add interface=ether1 lease-time=3d name=dhcp1
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
/ip pool
add name=dhcp ranges=192.168.0.100-192.168.0.200
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge1 lease-time=2h name=dhcp2
/interface l2tp-client
add add-default-route=no allow=pap,chap,mschap1,mschap2 connect-to=96.xx.xx.xxx
dial-on-demand=no disabled=no keepalive-timeout=60 max-mru=1450 max-mtu=
1450 mrru=1600 name=MainVPN password=Xxxxxx profile=default user=store
/system logging action
set 0 memory-lines=100
set 1 disk-file-name=log disk-lines-per-file=100
set 2 remember=yes
set 3 src-address=0.0.0.0
/interface bridge port
add bridge=bridge1
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=wan2
add bridge=bridge1 interface=wlan1
/interface wireless access-list
add mac-address=30:59:B7:10:6B:60
add mac-address=AC:81:12:55:E6:6E
add mac-address=5C:8D:4E:7F:58:C8
add mac-address=10:A5:D0:0A:FB:97
add mac-address=74:D0:2B:DF:1D:EA
add mac-address=68:A3:C4:0B:BD:C1
add mac-address=CC:3A:61:29:3A:63
add mac-address=FC:C2:DE:7A:EC:74
/ip address
add address=192.168.0.1/24 interface=ether2 network=192.168.0.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server lease
add address=192.168.0.198 client-id=1:c:3e:9f:27:94:87 mac-address=
0C:3E:9F:27:94:87 server=dhcp2
add address=192.168.0.100 client-id=1:0:12:4e:13:f:c9 mac-address=
00:12:4E:13:0F:C9 server=dhcp2
add address=192.168.0.146 always-broadcast=yes client-id=1:68:a3:c4:b:bd:c1
mac-address=68:A3:C4:0B:BD:C1 server=dhcp2
add address=192.168.0.197 always-broadcast=yes client-id=1:88:53:2e:a8:f6:a1
mac-address=88:53:2E:A8:F6:A1 server=dhcp2
add address=192.168.0.103 client-id=1:0:12:4e:13:8:c1 mac-address=
00:12:4E:13:08:C1 server=dhcp2
add address=192.168.0.187 client-id=1:64:27:37:57:1a:64 mac-address=
64:27:37:57:1A:64 server=dhcp2
add address=192.168.0.102 client-id=1:0:b:82:57:88:f2 mac-address=
00:0B:82:57:88:F2 server=dhcp2
add address=192.168.0.184 client-id=1:74:d0:2b:df:1d:ea mac-address=
74:D0:2B:DF:1D:EA server=dhcp2
add address=192.168.0.147 client-id=1:8c:89:a5:37:12:31 mac-address=
8C:89:A5:37:12:31 server=dhcp2
add address=192.168.0.199 client-id=1:0:7:63:3c:df:c7 mac-address=
00:07:63:3C:DF:C7 server=dhcp2
add address=192.168.0.107 client-id=1:0:30:67:e4:6c:52 comment=
"Jess's Computer/QuickB Data" mac-address=00:30:67:E4:6C:52 server=dhcp2
add address=192.168.0.136 client-id=1:0:7:e9:a9:ea:b6 mac-address=
00:07:E9:A9:EA:B6 server=dhcp2
add address=192.168.0.108 client-id=1:0:12:4e:13:f:49 mac-address=
00:12:4E:13:0F:49 server=dhcp2
add address=192.168.0.192 client-id=1:ec:9a:74:92:fd:fd mac-address=
EC:9A:74:92:FD:FD server=dhcp2
add address=192.168.0.170 client-id=1:e0:cb:4e:c9:c3:7f mac-address=
E0:CB:4E:C9:C3:7F server=dhcp2
add address=192.168.0.106 always-broadcast=yes client-id=1:10:bf:48:4f:15:36
mac-address=10:BF:48:4F:15:36 server=dhcp2
add address=192.168.0.196 client-id=1:0:1a:a0:32:2a:89 mac-address=
00:1A:A0:32:2A:89 server=dhcp2
add address=192.168.0.114 client-id=1:0:8:a1:78:7f:a5 mac-address=
00:08:A1:78:7F:A5 server=dhcp2
add address=192.168.0.104 client-id=1:0:b:82:63:12:d5 comment=
"Main Office EXT 104" mac-address=00:0B:82:63:12:D5 server=dhcp2
add address=192.168.0.119 always-broadcast=yes client-id=1:8c:58:77:50:ec:0
mac-address=8C:58:77:50:EC:00 server=dhcp2
add address=192.168.0.112 client-id=1:10:a5:d0:a:7c:5f mac-address=
10:A5:D0:0A:7C:5F server=dhcp2
add address=192.168.0.120 always-broadcast=yes client-id=1:0:b:82:63:12:d6
mac-address=00:0B:82:63:12:D6 server=dhcp2
add address=192.168.0.105 client-id=1:0:b:82:63:12:d7 mac-address=
00:0B:82:63:12:D7 server=dhcp2
add address=192.168.0.118 client-id=1:0:b:82:63:12:d9 mac-address=
00:0B:82:63:12:D9 server=dhcp2
add address=192.168.0.80 client-id=1:0:b:82:63:3e:59 comment=
"Grand Central Phone Adapter ext 109" mac-address=00:0B:82:63:3E:59 server=
dhcp2
add address=192.168.0.82 client-id=1:0:b:82:63:3e:55 comment=
"Grand Central Phone adapter Replace Ext 102" mac-address=00:0B:82:63:3E:55
server=dhcp2
add address=192.168.0.83 client-id=1:0:b:82:63:3e:54 comment=
"Grand Central Phone Adapter Fax Store" mac-address=00:0B:82:63:3E:54
server=dhcp2
add address=192.168.0.81 client-id=1:0:b:82:63:3e:58 comment=
"Grand Central Phone Adapter Warehouse 106" mac-address=00:0B:82:63:3E:58
server=dhcp2
add address=192.168.0.152 client-id=1:ac:81:12:55:e6:6e mac-address=
AC:81:12:55:E6:6E server=dhcp2
/ip dhcp-server network
add address=192.168.0.0/24 dns-server=8.8.8.8 gateway=192.168.0.1 netmask=24
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1 to-addresses=0.0.0.0
/ip firewall service-port
set h323 disabled=yes
set sip disabled=yes
/ip ipsec policy
set (unknown) dst-address=0.0.0.0/0 src-address=0.0.0.0/0
/ip proxy
set cache-path=web-proxy1
/ip route
add distance=2 gateway=wan2
add check-gateway=ping distance=1 dst-address=192.168.1.0/24 gateway=MainVPN
add check-gateway=ping distance=1 dst-address=192.168.3.0/24 gateway=MainVPN
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=bridge1 type=internal
add interface=ether1 type=external
/snmp
set trap-community=public
/system clock
set time-zone-name=America/New_York
/system identity
set name=RGroceryStore
/system leds
add interface=ether1 leds="" type=interface-activity
add interface=ether2 leds="" type=interface-activity
add interface=ether3 leds="" type=interface-activity
add interface=ether4 leds="" type=interface-activity
add interface=wan2 leds="" type=interface-activity
/system logging
add topics=wireless,debug
/system ntp client
set enabled=yes primary-ntp=155.101.3.115 secondary-ntp=199.102.46.73
[admin@RGroceryStore] >
Anyone?
Jarda, is that enough info?
Ok.
You do not have 6.23 as you mentioned at the beginning, but 6.20. Never mind. You should update to 6.23. If you realise strange errors that happen during the runtime, consider downgrade to 6.18.
Naming of the ports is strange and confusing. I suggest to keep original names.
I suggest not to leave visible passwords when pasting config to the public forum.
The export seems to be not consistent, as it contains twice /ip dhcp-server blocks (and those are confusing also).
Adding all ports to bridge is nonsense - you want two independent wan lines and the rest to be lan, as I understood.
And there are many other things that make real mess.
My suggestion is to fully remove all config, check with export command (no need to write compact as in 6.x the export is compact by default) that there is nothing set and start with setting from scratch.
Create wans, put dhcp client on them or set IPs manually.
Create bridge for lan, add only lan ports to the bridge (not any wan ports).
Assign ip to the bridge (not to any lan ports).
Set the pool for lan, network and dhcp server. Use only one address range at the beginning.
Set the wifi, add it to the bridge.
Set masquerade rule for both wans.
Check how routing looks like, solve the dual wan failover functionality and routing - this could be quite complex depending on your needs.
Set at least some basic security rules against wan ports - RouterOS accepts everything by default!
Thank you very much for the reply, I will try these things and see where it gets me.
I believe I made a mistake in the version by remembering the wrong routers version.
This router was originally set up by our voip provider… it was pretty chaotic and our system was down constantly when he was doing this.
I will have to make sure i keep a copy of this messy config, just in case.
P.s. is there a way to remove the passwords and wan ip addresses when creating a config for all to see? Or do I just go through and remove them manually?
try command:
export hide-sensitive