I have the following configuration, and I’m unsure about the correct way to set up the MikroTik router. Currently, I have it configured as a modem router, where it handles everything for the network. It assigns IP addresses through its DHCP server and acts as a firewall. I initially set it up this way because I had an older, weaker router. However, since I purchased the AX-1500, which has a triple-core CPU at 1.5GHz and 256MB RAM, I’m considering leaving the routing tasks to this device instead of the MikroTik.
In my current setup, the AX-1500 functions as a Wi-Fi access point and switch. I believe it would be better if I make it the main router instead of the MikroTik. The IP addresses for the entire network are within the same subnet, such as 192.168.1.x. This setup is convenient for accessing the device’s menu from a distance, so I’d like to keep these IPs the same for everything and only change the MikroTik’s IP. I think I should change it to something like 192.168.0.1.
Could you guide me on the changes I need to make to the RouterOS to use the LHGG solely as a 4G modem?
Should I disable DHCP, NAT, Firewall, etc. on the MikroTik and enable them on the AX-1500 router?
What are the correct settings to make this change?
Will I experience better performance after making these changes?
Correct me if I’m wrong - you want to use Mikrotik only as a modem and use the other device as “everything else” (DHCP server, firewall, router, NAT’ting)?
You have to passthrough WAN IP address from Mikrotik to AX-1500. Add another IP addresses for this passing (for example it can be the 192.168.0.1 and 192.168.0.2).
You have to get rid of those mentioned functionalities from Mikrotik and configure them on AX-1500.
At this point Mikrotik will be like “transparent” and everything will happen on your gateway.
You can also go in another direction:
Move functionalities (without NAT) to AX-1500, get rid of them from Mikrotik.
On AX-1500 add a static route 0.0.0.0/0 pointing out to Mikrotik, leave the same route on Mikrotik pointing out to WAN. Mikrotik will NAT masquerade as it does now.
In my opinion the first proposition is a better solution, but the second is easier to configure and understand.
If you are thinking about network segmentation, adding vlans and configure a VPN connection in the future, I recommend the first option.
I am not able to say anything about network performance after these changes.
EDIT: in the second scenario you should consider leaving firewall (or a part of it) also on Mikrotik. It’s hard to say without knowing your firewall rules
I am not sure which of these two cases is best for the performance and security of my network. As a less advanced user, I haven’t made any changes to the firewall rules on the Mikrotik router, so they are currently set to their default configuration. If I leave the firewall and NAT enabled on the Mikrotik, should I disable them on the AX1500 router instead? I feel a bit overwhelmed with the settings you mentioned. Could you please guide me step by step on how to set up the configuration?
Understood. “But being as this is a .44 Magnum, the most powerful handgun in the world, and would blow your head clean off, you’ve got to ask yourself a question: Do I feel lucky?” - sorry, couldn’t resist myself
If you are rather a beginner in networking you should rather be thinking about something else - do I want to learn and really change anything in my setup? I don’t know how to configure AX-1500 thus I cannot guide you step by step.
In Mikrotik you can look at CPU performance by clicking Dashboard → CPU usage, it shows up in the upper right corner. You can see there how CPU is doing. The same for memory. Maybe you should look at it and decide, maybe Mikrotik isn’t doing so bad and you don’t need to change anything at all?
Edit: I changed the Mikrotik ip to static 192.168.0.1 and then I created a route of destination address 0.0.0.0/0 with gateway 192.168.0.1. I also disabled the dhcp server.
Then I changed the AX1500 ip to static 192.168.0.2 and then it created automatically the bellow routes.
I disabled firewall on AX1500 and I have leave it enabled on Mikrotik. I left also enabled the NAT on Mikrotik, and I tried disabled it from the AX1500, but the internet stops responding when I do this. Why is this happening?
After finished the above configurations, I don’t have access on Mikrotik interface anymore, so I have to disconnect it from router’s WAN port and connect it straight to my pc with static ip on pc, in case I want to connect to interface. Is it any way to make it visible again without this process?
What else should I change? Are the above changes correct or have I make any mistakes?
Ps: Also for some unknown reason, Mikrotik ethernet connection is not recognized as 1000Mbs at AX1500’s interface, it seems as 100Mbs, although when I connect Mikrotik straight to the pc, it is connecting with 1000Mbs… Can this change by any RouterOS setting?
Edit: I changed the Mikrotik ip to static 192.168.0.1 and then I created a route of destination address 0.0.0.0/0 with gateway 192.168.0.1. I also disabled the dhcp server.
Did you create it only on AX-1500?
To be able to reach Mikrotik and network after disabling NAT on AX-1500 you have to add another route (on Mikrotik) - 192.168.1.0 with gateway 192.168.0.2 (AX-1500 address).
Ps: Also for some unknown reason, Mikrotik ethernet connection is not recognized as 1000Mbs at AX1500’s interface, it seems as 100Mbs, although when I connect Mikrotik straight to the pc, it is connecting with 1000Mbs… Can this change by any RouterOS setting?
Interfaces → interface where AX-1500 is connnected, e.g. ether1 → Ethernet tab - there you can check it.
It has created automatically by the AX1500 when I did the rest of the changes.
I will do the change you said at the Mikrotik too.
I will try to connect the MIkrotik straightly with my laptop, at the roof, to check if there is any issue with the long cable finally. When I left only the 1000Mbs setting at the mikrotik’s ethernet settings, I lost the mikrotik and I had to reset it to bring it back, so there is definitely something wrong either with the cable or the mikrotik. I hadn’t realize that it was at 100Mbs from the beginning…
It has created automatically by the AX1500 when I did the rest of the changes.
So you did IT on Mikrotik if I understand it corectly. It’s a mistake, it should point out WAN interface or IP address on your ISP router. If the network connection is still working after adding this route (pointing to 192.168.0.1) - you don’t need it at all because you obtain it dynamicly from ISP.
I hadn’t realize that it was at 100Mbs from the beginning…
If you are experiencing bad network performance it’s probably because of this connection. For Gigabit Ethernet all 8 wires in the cable are required. If you used the same cable (test 1 - plug out from AX-1500 and plug in your computer network card) and it negotiate 1000Mbps it means cable and Mikrotik are “okay” and problem exists on the AX side.
If you used another cable to connect your computer to Mikrotik - perform the test 1. If you will obtain 100Mbps it means that cable has to be replaced. Maybe a bit more precisesly but it’s what BartoszP has suggested.
I had changed only the IP of Mikrotik that moment and I disabled the dhcp, so somehow the AX1500 created by itself those route settings.
As about the cable, I tested it with my cable tester and all the pairs are as it should be. The cable is 24 meters long and I have use PET type, so it has no issues with corrosion, the plugs are perfect and the connection from one side to the other is ok. The tester shows that all the pairs are working fine, so I don’t understand why the mikrotik connects as 100Mbps when using this cable, but when using an 1 meter short one, it works as 1Gbps… Can this be an issue of the cables copper quality?
The LTE speed is not greater than 90Mbits, so I hadn’t noticed that there was an issue with the ethernet speed until now.
The cable is an outdoor UTP Cat5E.
I had changed only the IP of Mikrotik that moment and I disabled the dhcp, so somehow the AX1500 created by itself those route settings.
What I mean is that such a route shouldn’t be present on Mikrotik. If it’s not there, it’s okay.
From the description it looks like cable isn’t causing it. Do you want more advices how to find out why it is behaving like that? Or the routing part is done so “let’s leave it”?
Yes of course, I would like to know how to fix this issue too.
I don’t think is cable’s fault too, but what could cause it then? If I go to mikrotik’s ethernet settings and remove the 10 and 100Mbps from the list, by leaving only 1Gbps, then I don’t have access anymore, until I do reset again…
plug out the cable from AX1500 and plug into your laptop (with static IP). If it’s 1000Mbps go to step 4, if 100Mbps - step 2.
plug your laptop with a different cable into Mikrotik (the same port where AX1500 is connected). If it’s 1000Mbps it’s cable fault, you should change it. If it’s 100Mbps - step 3.
make sure that port is configure in auto negotiation, you can plug the connection with AX into another port, where your laptop get’s 1000Mbps. It’s possible you will have to make some changes in your config - reassign IP address to new interface, add it to bridge, change some firewall rules - cannot tell precisely without knowing your config. This step will be probably the last one, Mikrotik is causing problem.
do the same from the other side of the cable - plug out from MT, plug into laptop. If it’s 100Mbps the reason lies in the AX1500 configuration - it should auto negotiate with 1000Mbps possibility. If it’s 1000Mbps on the laptop - next step.
if you are here I really don’t know what is causing it. The only thing what I can think of is trying to get rid of autonegotiation and configure “static” 1000Mbps (on both sides starting with Mikrotik). It has to be changed on both sides before eventually resetting Mikrotik. Or maybe doing a firmware update on both devices will help.
Maybe I didn’t clarify this, but I have already used a different cable of 1 meter long from the Mikrotik to laptop straightly and the connection is 1Gbit. So there must be copper quality issue of the long cable, as the connectors and the tester shows that everything is in position, all the pairs communicate each other and the plugs are correctly patched, so I don’t know why it connects as 100Mbit with this one. The problem is that it is hard to change this now, as I have nailed it on the wall from inside to the roof…
Understood. It’s a pity, but still isn’t that bad because your internet connection isn’t faster.
EDIT: btw. did the changes in config improve performance?
I haven’t finished them, as I lost the Mikrotik connection twice and I had to go to the roof to reset it, but the weather these days is so hot that I desided to restore it to the previous condition for now. I will try again when the heat will stop.
I keep a reservation about the internet connection, as I haven’t test it without this problematic cable, so maybe the speed can do better than 90Mbit max. I will test it with the laptop on the roof soon.
