Hi, I am totally new to networking when it comes to configuring devices ( especially when it comes to mikrotik), I have a few question hoping someone could help me out…
RouterOS v6.48.6 (long-term) model:CRS354-48G-4S+2Q+
1.Is there any way to connect 2 Routers so that when 1 Fiber link is down, other link would start working ( as backup line, but not simultaneously) ?
2.Is there any way to connect 2 Routers from different location so that all both networks would share same DHCP pool (over built in vpn maybe)?
3.Is there any way to configure DHCP server, that when a new device is connected it is redirected to some sort of authentication page(for example Login/Password with AD users)?
#2 Well the routers are remote from each other (different cities for example), so i want to be able to link them up so that they would be under the same network, but if internet malfunction happens, they would still have their own DHCP pool… if that makes sense what am I trying to tell you ? #3 Indeed something like RADIUS would be nice, but the idea is having DHCP pool, you plug the cable and you wont get internet access unless that device gets approved by admin( hence the authentication requirement).
Lets get this straight, the CRS series are SWITCHES not routers. They can be used as routers but throughput is very much less then pure routers.
Provide a diagram as your requirements are not fully understood and seem to be changing with each post.
Besides diagram
a. identify users/device including admin requiring traffic
b. identify what traffic they should be able to achieve.
c. identify the WAN inputs to each device getting ISP traffic ( type of ISP, number of connections
d. identify if multiple WANs how each wan is to be used and if there is failover or LB involved.
DHCP relay should work on a IPSEC tunnel, not easy-peasy, but doable, some old reference: http://forum.mikrotik.com/t/dhcp-realy-over-ipsec-tunnel/37077/1
Then, you might need some scripting (possibly even a Netwatch might be able to trigger the script) that switches to the local DHCP server.
The problem might be that the local DHCP server will have no idea of which addresses have already been assigned to the local devices from the remote DHCP server (and viceversa when connection is re-established the remote one won’t have any idea of which addresses have already been assigned), so you might need to divide the network, i.e. if using a /24 have 0-127 on the remote pool and 128-254 on local pool or use a /23 and have pools remote x.x.0.x and local x.x.1.x.
Sorry for not being clear… as I mentioned pretty new…
Either diagram A or B would work fine as long as failover can work(failover comes from non-remote location with 2 seperate fibers.), So Remote location has 1gbps fiber,and non remote location has 10gbps connected via SFP ports.
A: Not sure i get this question right, but if user is not authenticated it should not have WAN access.
B: If user is not authenticated, only LAN access.
C: Same ISP on 2 locations different subnets however, single fiber SFP remote location 1gbps, normal 10gbps.
D: So in non remote location 2 WANs (want to have 1 as backup, SAME ISP), remote location same ISP different WAN due to different subnet.
