Hi,
I have an RB4011 as my main WAN router connected to my LAN 192.168.1.0 with DHCP. Right now I have my ASUS router as AP getting a DHCP IP from the Mikrotik.
I would like to run my ASUS in Router mode (default: 192.168.50.0) as well, so I can actually use the parental controls of the ASUS. I’d like to be able to ping from each side.
Still kinda newbie here. How would I setup the RouterOS and ASUS to connect the two? Do I add a subnet on the mikrotik router, a static route?
Cheers
Torsten
Hi.
Few details. If you want to have communication between them, see the Bridge - ports settings in mikrotik. Select an unused port, e.g. 9, and remove it from the bridge. Then tab IP->addresses, add
192.168.50.2/24 (other IP than Asus) and assign it to port 9. In ip routes add new routing:
DST. address 192.168.50.0/24
Gateway: 192.168.50.1 (asus IP).
Connect asus (LAN port) and mikrotik port 9 together, they should start communicating.
Piotr, thank you. What other details should I add?
Ok as far as I understood Mikrotik is directly connected to the internet and at the same time you want to use asus and its parental features. The simplest solution is Asus as AP and network for children. So you connect the WAN port to Mikrotik, it gets the network and treats it as an exit to the world, which is probably how you have it solved now.
See if the parental function will work if you disable the DHCP server on the ASUS, disconnect the WAN port from Mikrotik, and connect it to the LAN ports (mikrotik and asus). It should work so that ASUS will advertise its WiFi, but when connecting to it, the client will get the address from the mikrotik server 192.168.1.X.
When in AP mode, ASUS disables a bunch of features, inlc. all filtering and parental controls.
I have done what you described above.
When I remove the ether-8-asus from the bridge it’s not working. The Asus doesnt get an IP. Here are my mikrotik & asus settings.
Let’s actually start from scratch. I have Rb4011 port 7 that is unused. Let’s use 7 for the wifi in router mode.
[admin@wantik] /interface> pr
Flags: D - dynamic, X - disabled, R - running, S - slave
# NAME TYPE ACTUAL-MTU L2MTU
0 ether1-MGMT ether 1500 1592
1 ether2 ether 1500 1592
2 ether3 ether 1500 1592
3 ether4 ether 1500 1592
4 ether5 ether 1500 1592
5 ether6 ether 1500 1592
6 ether7-ASUSWIFI ether 1500 1592
7 RS ether8-ASUS-AP ether 1500 1592
8 RS ether9-DMZ ether 1500 1592
9 R ether10-ONT ether 1500 1592
10 RS sfp-sfpplus1 ether 1500 1600
11 R BR_LAN bridge 1500 1592
12 R ipip-tunnel1 ipip-tu... 1480 65535
13 X ovpn-out1 ovpn-out
14 X sstp-out1 sstp-out
[admin@wantik] /interface bridge port> pr
Flags: X - disabled, I - inactive, D - dynamic, H - hw-offload
# INTERFACE BRIDGE HW PVID PR PATH-COST INTERNA... HORIZON
0 ether9-DMZ BR_LAN yes 1 0x 10 10 none
1 sfp-sfpplus1 BR_LAN yes 1 0x 10 10 none
2 ether8-ASU... BR_LAN yes 1 0x 10 10 none
[admin@wantik] /ip address> pr
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
0 10.10.1.2/16 10.10.0.0 ether1-MGMT
1 192.168.1.1/24 192.168.1.0 BR_LAN
2 192.168.2.2/32 192.168.2.1 ipip-tunnel1
3 D 76.x.x.x/22 76.x.x.x ether10-ONT[
[admin@wantik] /ip route> pr
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 192.168.2.1 1
1 ADS 0.0.0.0/0 76.214.232.1 1
2 DC 10.10.0.0/16 10.10.1.2 ether1-MGMT 255
3 ADC 76.x.x.x/22 76.x.x.x ether10-ONT 0
4 ADC 192.168.1.0/24 192.168.1.1 BR_LAN 0
5 ADC 192.168.2.1/32 192.168.2.2 ipip-tunnel1 0
[admin@wantik] /ip pool> pr
# NAME RANGES
0 dhcp_pool1 76.x.x.x-76.x.x.x
76.x.x.x-76.x.x.254
1 dhcp_pool2 192.168.1.220-192.168.1.254
/code]
sorry, i messed up a bit. See these three scenarios.
Option 1 I assume you had at the beginning. Asus WAN plugged into mikrotik. There was no communication because by default ASUS did not accept incoming connections from the WAN. It gave parental control for its WiFi clients and 50.x networks
Option 2
You turn off DHCP on Asus, connect its LAN port to LAN with DHCP on mikrotik. In this variant ASUS clients should get address 1.x from mikrotik. I don’t know if parental control for them will work here.
Option 3
Asus as the main gateway to the Internet, mikrotik behind it. For VPN-type services to work, you should add mikrotik to Asus DMZ. Protection should cover both 50.x and 1.x networks
https://www.asus.com/support/FAQ/1011723/
I hope one of these scenarios meets your expectations.
The variant with port 8 should look like that you connect port 8 to ASUS LAN - then you can access ASUS from mikrotik network. Remember to route and change the dhcp scope on asus to free up the 50.2 address for mikrotik.
Let me know if it worked.
Regards 
Thank you very much for trying to work with out with me.
Option1 is what I need. Options 2 and 3 dont work for me. I have fiber, so the RB4011 needs to be in front to make the Dot1x handshake.
OK. So we have clarity.
You can set on unused port IP - dhcp client - port 7, Add Defoult Route Yes, Advanced , Default route change 1 to 5 and connect them to LAN Asus port. Now you should have access to them.
Or you can try it: