RB450g comes with default configuration:

• dhcp-client on ether1
• ether2-ether4 switched together and running dhcp server
• masquerade on ether1 interface
• basic firewall rules to protect the router

so i need to change them a bit

• make ether1 -WAN1 work with static IP (here is static IP)
• make ether2 -WAN2 work with dhcp-client i get here public ip (here is cable modem for backup)
• make ether3-ether4 switched together and running dhcp server
• make failover - when WAN1 is not working then everything goes thru WAN2, and when WAN1 is again working everything going back that way

any suggestions? i was trying to figure it out but i’m total noob in mikrotik and i best learn by example but i did not manage to get it working so i’m writing here… I did not finde anything that could help me (i tryed a lot examples in manual and in forums)

now its on factory settings again … so i can start over

Any help?

TNX in advance

Yes, what you want to do is possible.

1.) You can disable the DHCP client on ether1, or move it to ether2. Each interface can be it’s own separate routed interface. This means each one can have it’s own Subnet, Services/Clients, etc. without affecting other interfaces.
2.) You’ll want to remove ether2 from the switch chip, this means set the master-port option on ether3 to none, and the master-port option on ether4 to ether3.
3.) Move your DHCP server and IP address that was on ether2 to ether3.
4.) Add in a 2nd NAT rule that specifies masquerade for an out interface of ether2.
5.) For fail over it depends on what you want to do. If you wanted to just do fail over, there are several examples in the Wiki. However if you have the bandwidth there why not use it? You can do load balancing with fail over. Read up on PCC in the forum and the Wiki, or look up policy based routing.
http://wiki.mikrotik.com/wiki/Category:Manual
http://wiki.mikrotik.com/wiki/MikroTik_RouterOS

ah i just noticed its little bit diferent - default setup

ether1-gateway with dhcp-client
192.168.88.1/24 is on bridge interface
dhcp-server is on bridge interface with address pool 192.168.88.10-192.168.88.254
masquerade on ether1-gateway

could this be the reason why i cant make it work with ether1 static ip and ether2 for cable modem with dhcp-client and then do just failover those two connection… i dont need load balancing cose ether1 is 100 mbits

can some one help me with commands to enter to make this work?

tnx in advanced …

i’m still diging and trying to make it work

What are the ports assigned to the bridged interface? But yes, if there is a bridge on Ether2, with other ports assigned to it, that could be a problem. Especially if you are trying to bridge interfaces and have the switch chip going at the same time.

Go ahead and delete the bridge, you will then have to move the IP address, DHCP server, etc. that was on the bridge to the appropriate interface. All easy to do via Winbox, just edit the setting and choose a different interface.

If the problem continues, supply an export of the following menus:

/interface export
/ip address print detail
/ip route print detail
/ip firewall export

i was looking how to remove bridge and have deafult config working as in RB750 ... there is everything like here but without bridge ...

i'll try to do this

but here is what you asked

(p.s. i'm config this connected to my pc ruter (thats why rb450h has 192.168.1.xx ip address cose i want my courent connection to the net working while i configure this router)

/interface export

jan/02/1970 00:33:58 by RouterOS 4.14

software id =

/interface bridge
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes comment="" disabled=no forward-delay=15s l2mtu=1524
max-message-age=20s mtu=1500 name=bridge priority=0x8000 protocol-mode=none transmit-hold-count=6
/interface ethernet
set 0 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment="" disabled=no full-duplex=yes l2mtu=1524
mac-address=00:0C:42:A4:A3:B6 master-port=none mtu=1500 name=ether1-gateway speed=100Mbps
set 1 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment="" disabled=no full-duplex=yes l2mtu=1524
mac-address=00:0C:42:A4:A3:B7 master-port=none mtu=1500 name=ether2-local speed=100Mbps
set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment="" disabled=no full-duplex=yes l2mtu=1524
mac-address=00:0C:42:A4:A3:B8 master-port=none mtu=1500 name=ether3-local speed=100Mbps
set 3 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment="" disabled=no full-duplex=yes l2mtu=1524
mac-address=00:0C:42:A4:A3:B9 master-port=none mtu=1500 name=ether4-local speed=100Mbps
set 4 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment="" disabled=no full-duplex=yes l2mtu=1524
mac-address=00:0C:42:A4:A3:BA master-port=none mtu=1500 name=ether5-local speed=100Mbps
/interface ethernet switch
set switch1 mirror-source=none mirror-target=none name=switch1 switch-all-ports=yes
/interface bridge port
add bridge=bridge comment="" disabled=no edge=auto external-fdb=auto horizon=none interface=ether3-local path-cost=10
point-to-point=auto priority=0x80
add bridge=bridge comment="" disabled=no edge=auto external-fdb=auto horizon=none interface=ether4-local path-cost=10
point-to-point=auto priority=0x80
add bridge=bridge comment="" disabled=no edge=auto external-fdb=auto horizon=none interface=ether5-local path-cost=10
point-to-point=auto priority=0x80
add bridge=bridge comment="" disabled=no edge=auto external-fdb=auto horizon=none interface=ether2-local path-cost=10
point-to-point=auto priority=0x80
/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=no
/interface ethernet switch port
set (unknown) vlan-header=leave-as-is vlan-mode=fallback
set (unknown) vlan-header=leave-as-is vlan-mode=fallback
set (unknown) vlan-header=leave-as-is vlan-mode=fallback
set (unknown) vlan-header=leave-as-is vlan-mode=fallback
set (unknown) vlan-header=leave-as-is vlan-mode=fallback
/interface l2tp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=default-encryption enabled=no max-mru=1460 max-mtu=1460 mrru=
disabled
/interface ovpn-server server
set auth=sha1,md5 certificate=none cipher=blowfish128,aes128 default-profile=default enabled=no keepalive-timeout=60
mac-address=FE:3E:5D:64:2B:84 max-mtu=1500 mode=ip netmask=24 port=1194 require-client-certificate=no
/interface pptp-server server
set authentication=mschap1,mschap2 default-profile=default-encryption enabled=no keepalive-timeout=30 max-mru=1460 max-mtu=
1460 mrru=disabled



/ip address print detail
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; default configuration
address=192.168.88.1/24 network=192.168.88.0 broadcast=192.168.88.255 interface=ether2-local actual-interface=bridge

1 D address=192.168.1.214/24 network=192.168.1.0 broadcast=192.168.1.255 interface=ether1-gateway


/ip route print detail
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
0 ADS dst-address=0.0.0.0/0 gateway=192.168.1.1 gateway-status=192.168.1.1 reachable ether1-gateway distance=1 scope=30
target-scope=10

1 ADC dst-address=192.168.1.0/24 pref-src=192.168.1.214 gateway=ether1-gateway gateway-status=ether1-gateway reachable
distance=0 scope=10

2 ADC dst-address=192.168.88.0/24 pref-src=192.168.88.1 gateway=bridge gateway-status=bridge reachable distance=0 scope=10

/ip firewall export

jan/02/1970 00:37:05 by RouterOS 4.14

software id = JG40-WX4B

/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s tcp-close-wait-timeout=10s
tcp-established-timeout=1d tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s tcp-syn-received-timeout=5s
tcp-syn-sent-timeout=5s tcp-syncookie=no tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=accept chain=input comment="default configuration" disabled=no protocol=icmp
add action=accept chain=input comment="default configuration" connection-state=established disabled=no in-interface=
ether1-gateway
add action=accept chain=input comment="default configuration" connection-state=related disabled=no in-interface=
ether1-gateway
add action=drop chain=input comment="default configuration" disabled=no in-interface=ether1-gateway
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" disabled=no out-interface=ether1-gateway
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061
set pptp disabled=no



TNX

To remove the bridge you can run this command:

/interface bridge remove [find]

That will remove all bridge interfaces, and should remove all ports from the bridge as well, but you can run this for good measure.

/interface bridge port remove [find]

With those two commands you will have your 450 with 5 separate routed interfaces. Now to get you to where ether3 and ether4 are switched together you set ether4’s master-port to ether3

/interface ethernet
set 3 master-port=ether3-local

This means all traffic between ether3 and ether4 use the switch chip and never touches the CPU. Ehter2-5 can be added to the switch chip if you desire as well, witch is the default configuration on a 750. However since you want ether2 separate for a DHCP client, don’t include it in the switch group. Once this is done you get your setup going the rest of the way.

Ether1 already has a static address and route.
Ether2 set up a DHCP client that will add a default route, with a weight/distance that is higher than 1
Ether3 set up your DHCP server, LAN IP, etc.
Add in a second masquerade NAT rule with an out-interface set to ether2

Read up on fail over and decide what way is best for you to implement, like relying on the built in check gateway function, netwatch, or making your own script.

tnx

i was trying to do that removed the bridge and so on … and i’ve lost connection to ruter and now cant connect

heh reset switch seams does not work

and i forgot … port 3-4-5 will be on switch .. not just 3 and 4

but now i have to find serial cable and connect thru it to rb cose when i try over mac id it times out with error on port 20xx something …

i’ll reset config when i do that and folow your suggestion…

rb750 with vpn server i managed to configure, but this with bridge gave me a headache .. well i’ll solve it

TNX

now i have to buy one more rb450g so i can lear on it while this one will stay for my net connection when i manage to get it up and running .. i have long way to go

next i hope to get one router board to replace my two WiFi AP

Ahh yes, sorry I forgot to mention, when you remove the bridge, any IPs or services associated with the the bridge will become invalid. Since you already had a static IP on ether1 you can use that port to get back into it.

Also winbox has an option to connect to the MAC of the device instead of it’s IP.

well i still did not have static ip on eth1

i get it from dhcp i was first trying to get eth2 working and everything else working …

cose eth1 and eth2 are “WAN” i cant telnet of ssh in it so i asume only serial cable …

with mac id just gives me error

If ether1 still has a DHCP client, get a simple switch, plug ethe1 into it, your computer, and your network (or if your modem/router has multiple LAN ports). Then do an IP scan or look at the leases table of your gateway and connect to it over that IP.

i did it thats why i said i need serial cable - i have PFSense … its been runing for a 2 years but its to big and it needs to much power

i tryed telnet and ssh but i think ports are closed on wan side i know i hade to open port on rb750 for vpn and for telnet

so now in rb750 i can manage config from remote location .. but here i cant

well tomorow i’ll get usb to serial adapter and then set ruter config as i’m runing on hackintosh (MacOSX) i’ll have to look how cose i never did this on macos x .. on windows i know how

Install serial adapter drivers, plug it in, open terminal, “screen /dev/tty.usbserial 115200”. Replace the device name as required if it installs as a different device. “man screen” for how to use screen.

ITS ALIVE

after few resets pings and soo on it finaly let me in on ethernet2 so i quickly made /system reset-configuration

so tomorow i’ll start from skratch

i hope i’ll document this … when i make a config so others can benefit from my troubles and mistakes

[quote=“Feklar”]To remove the bridge you can run this command:

/interface bridge remove [find]

That will remove all bridge interfaces, and should remove all ports from the bridge as well, but you can run this for good measure.

/interface bridge port remove [find]

With those two commands you will have your 450 with 5 separate routed interfaces. Now to get you to where ether3 and ether4 are switched together you set ether4’s master-port to ether3

/interface ethernet
set 3 master-port=ether3-local

this partialy worked

when i try to set master port for Ether4 and Ether5 it says its already in bridge!!! and i did delete bridge … i dont see it in WinBox and i dont see it on terminal

i manualy changed in WinBox DHCP server to ether3-local and when i connect to that port i get IP addres from DHCP but not on ether4 and ether5 …

why is it still saying that its in bridge?!

hope this helps

/ip address print detail
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; default configuration
address=192.168.88.1/24 network=192.168.88.0 broadcast=192.168.88.255 interface=ether3-local
actual-interface=ether3-local

1 D address=192.168.1.214/24 network=192.168.1.0 broadcast=192.168.1.255 interface=ether1-Fiber
actual-interface=ether1-Fiber


/interface export

jan/02/1970 22:32:34 by RouterOS 4.14

software id =

/interface ethernet
set 0 arp=enabled auto-negotiation=yes comment="" disabled=no full-duplex=yes l2mtu=1526 mac-address=
00:0C:42:A4:A3:B6 mtu=1500 name=ether1-Fiber speed=100Mbps
set 1 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment="" disabled=no full-duplex=yes l2mtu=
1524 mac-address=00:0C:42:A4:A3:B7 master-port=none mtu=1500 name=ether2-Cable speed=100Mbps
set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment="" disabled=no full-duplex=yes l2mtu=
1524 mac-address=00:0C:42:A4:A3:B8 master-port=none mtu=1500 name=ether3-local speed=100Mbps
set 3 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment="" disabled=no full-duplex=yes l2mtu=
1524 mac-address=00:0C:42:A4:A3:B9 master-port=none mtu=1500 name=ether4-local speed=100Mbps
set 4 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment="" disabled=no full-duplex=yes l2mtu=
1524 mac-address=00:0C:42:A4:A3:BA master-port=none mtu=1500 name=ether5-local speed=100Mbps
/interface ethernet switch
set switch1 mirror-source=none mirror-target=none name=switch1 switch-all-ports=no
/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=no
/interface ethernet switch port
set (unknown) vlan-header=leave-as-is vlan-mode=fallback
set (unknown) vlan-header=leave-as-is vlan-mode=fallback
set (unknown) vlan-header=leave-as-is vlan-mode=fallback
set (unknown) vlan-header=leave-as-is vlan-mode=fallback



/ip address print detail
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; default configuration
address=192.168.88.1/24 network=192.168.88.0 broadcast=192.168.88.255 interface=ether3-local
actual-interface=ether3-local

1 D address=192.168.1.214/24 network=192.168.1.0 broadcast=192.168.1.255 interface=ether1-Fiber
actual-interface=ether1-Fiber


/ip route print detail
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
0 ADS dst-address=0.0.0.0/0 gateway=192.168.1.1 gateway-status=192.168.1.1 reachable ether1-Fiber distance=1
scope=30 target-scope=10

1 ADC dst-address=192.168.1.0/24 pref-src=192.168.1.214 gateway=ether1-Fiber gateway-status=ether1-Fiber reachable
distance=0 scope=10

2 ADC dst-address=192.168.88.0/24 pref-src=192.168.88.1 gateway=ether3-local gateway-status=ether3-local reachable
distance=0 scope=10


/ip firewall export

jan/02/1970 22:35:33 by RouterOS 4.14

software id =

/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s tcp-close-wait-timeout=10s
tcp-established-timeout=1d tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s tcp-syn-received-timeout=5s
tcp-syn-sent-timeout=5s tcp-syncookie=no tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=accept chain=input comment="default configuration" disabled=no protocol=icmp
add action=accept chain=input comment="default configuration" connection-state=established disabled=no
in-interface=ether1-Fiber
add action=accept chain=input comment="default configuration" connection-state=related disabled=no in-interface=
ether1-Fiber
add action=accept chain=input comment="" disabled=no in-interface=ether1-Fiber
add action=drop chain=input comment="default configuration" disabled=no in-interface=ether1-Fiber
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" disabled=no out-interface=ether1-Fiber
add action=masquerade chain=srcnat comment="" disabled=no out-interface=ether2-Cable

The only thing that I can think of, is check the Bridge Port menu and see what it has listed in there. That shouldn’t matter since the bridge has been deleted, but it might.

it seams its a bug

http://forum.mikrotik.com/t/bug-on-routeros-4-11/40653/1

but here it is from the cli

/interface bridge> print detail
Flags: X - disabled, R - running


/interface bridge port> print detail
Flags: X - disabled, I - inactive, D - dynamic


and its solved

i created bridge in WinBox …
then manually removed first all the ports that wore in bridge

and then removed the bridge

now it works… writing this from ether4-local port