I’ve recently installed a second hand routerboard 951-2n with latest OS with the help of a friend who has been using Mikrotiks for years. I have a moderate understanding of networking but some of the switching/bridging options are confusing me a bit.
My set up is simple:
Billion ADSL Router going out to the internet. DHCP/Wireless disabled (acting as a modem)
DHCP Server and wireless AP configured on Mikrotik. Working fine
ADSL Router plugged in Mikrotik Eth1 as gateway
PC and a small switch taking up Eth ports 2 & 3
Eth4 and Eth5 not currently in use but will be later on
Bridge created (“bridge-local)” contains all 5 Ethernet ports + wireless (“wlan1”)
I was then told to create a switch (“switch1”) which contains all 5 Eth ports. Mirror target is set to “switch1 cpu” and mirror source is set to “Eth5” (port is currently not in use)
I have no idea why this is necessary… lol.
I just want to use this mikrotik as a regular router - plug in machines/devices to available ethernet ports or connect via WLAN and have an IP assigned. I use queues to manage traffic and may configure a VPN and some routes later on, but nothing too fancy.
My question really is - do I need to be using a bridge and/or a switch in this scenario? Are there any advantages or even a need for either/both?
Your wan port should typically not be bridged or switched with your lan ports. Bridging is CPU intesive. Port mirroring should be unnecessary unless you want to sniff/monitor traffic with something like Wireshark. Here is the Wiki page on Mirroring. http://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features#Port_Mirroring
I would recommend making port 2 master and 3-5 slaves to port 2.You can bridge port 2 with WLAN1 and set your DHCP server to the bridge port.
Are you leaving the default firewall and NAT rules in place? If building your config from scratch make sure you put something in there. Let us know if you need help with that.
Apologies in advance for all the following questions. lol
So I’ll remove that switch altogether then?
If I make ports 3-5 slaves to port 2, can I still use port 2 as normal? I assume so if it’s bridged with wlan and DHCP is being pushed out via this bridge.
Also, do I need to do anything to eth port 1 (WAN) ?
Yes port 2 is still used as normal. Anytime you make configuration changes to port 2 it will affect all ports slaved to it (as far as I know). If you disable port 2 it disables all of the slaves as well. (I found that out the hard way). I don’t think NAT is usually used on a bridge. Delete your NAT rule. You can copy the code below and paste into the terminal and it will add it to your configuration.
You don’t edit the “switch” itself, you select a “Master Port”. If it is part of a switch, select the master port. If you want to remove from the switch, select none.
my interfaces/ports have both the switch and master port fields under the GENERAL tab. If I choose a master port, it does nothing to change the value of the “switch” field
The switch field never changes. It shows you on what physical switch chip that ethernet port is connected to. Some routerboards have switch1 and switch2.
To activate/deactivate the switch functionality you must set the “Marter Port”. Choose none to remove from switch funcionality.
I think we’re maybe missing a few details. This 192.168.0.0./16 makes it look like your WAN and LAN subnets overlap which is going to cause problems for the router. Usually a /24 (255.255.255.0) on the LAN side is normal. If 192.168.0.2 is your DSL modem (or router at the ISP) you are doing double NAT which isn’t a big deal unless you are trying to forward ports for access from the outside.
I think you will need to change your internal network IP range so it doesn’t conflict with the external. 10.0.0.0/24 is probably safe.
At this point it may be easier if you could post your config and remove any sensitive information. You can do this from the terminal using the export command. Paste the sanitized result using the Code button at the top of the forum.
The out-of-box config would’ve been adequate if all you want is a basic router.
With a factory reset your switch will be a basic router. Port 1 for WAN, Ports 2-5 for LAN. It should just work, nothing to configure.
If your modem’s IP is 192.168.0.2 then that means it’s not acting as just a modem, it’s a router as well. But not a big deal. Your Modem/Router needs to have a different subnet than the Mikrotik router. With default config, this is the case - the default subnet for the LAN (ports 2-5) is 192.168.88.0/24
To reset config to factory default, go to System > Reset Configuration. Or use the physical button on the device.
Also, only the wireless and port 2 should be bridged. You’ll see this with default config. This is because ports 3-5 are slaves and therefore already switched with port 2. This means Ports 2-5 can be used for your local network.
Thanks guys. I think I am the one that made it more difficult than it needed to be. But I appreciate your help and I’m at least learning the a bit about RouterOS which is a good thing. YOu have therefore not wasted your time on me.
I promise to leave you all alone after this… last question…
My internal LAN subnet is GOING to be 10.0.0.x (just at 192.168 for now) for various reasons .
My “modem” (which is indeed a router - ive just disabled DHCP and WLAN so its not doing much else right now) is going to sit on 10.0.0.2, while the mikrotik will be 10.0.0.253
Only thing I don’t get here is why they need to be on different subnets. My DHCP Pool would only be from say… .100-.200 so that isnt a reason
So question is - why is it an issue if my ADSL router (sitting on Eth1) has an IP of 10.0.0.2 and therefore same subnet as the rest of my network?
The world needs more people like you guys for real.
Now for example if 192.168.88.100 tries to send a packet to 192.168.88.101, the Mikrotik determines the packet should go out on bridge-local (bridge-local is ports 2-5 and wifi)
If 192.168.88.100 tries to send a packet to 8.8.8.8, the Mikrotik determines the packet should be forwarded to 10.0.0.1. Then it checks the route list again on where is 10.0.0.1 and determines it’s down ether1-gateway.
If your modem and mikrotik are both on the 10.0.0.0/24 subnet, then your route list will look like this:
dst-address: 0.0.0.0/0 Gateway: 10.0.0.1 reachable ether1-gateway
dst-address: 10.0.0.0/24 Gateway: ether1-gateway
dst-address: 10.0.0.0/24 Gateway: bridge-local
Now for example if 10.0.0.100 tries to send to 10.0.0.101, the packet matches both route rules equally. It is undefined on which the Mikrotik will pick so you can expect your network to not work correctly.
You can definately expect the internet to not work, because the modem is expecting 10.0.0.0/24 packets to be on its network and not forward them through your Mikrotik’s IP…
You can leave your modem as 192.168.0.1, set your Mikrotik ether1-gateway IP to 192.168.0.2 and then set 192.168.0.2 in the DMZ of the modem. Then don’t plug anything else into the modem, all devices should be connected through the Mikrotik. Setting your Mikrotik in the modem’s DMZ means you don’t have to do port forwarding twice if you wish to have inbound connections.
At the moment I’ve got my adsl router on eth1 and it has an IP on the same subnet as everything else (there’s only one subnet on this network atm) and everything works 100%
I’m guessing this is because my routes arent set to “best practise” at the moment - I only have 2 routes configured as per my previous post.
I’m just going to factory reset and do it myself from scratch.. I’m assuming the 3 routes you mentioned are there by default after a reset
Gonna give the ADSL router a strange IP as I need 192.168 for my work VPN and 10.0.0 for my LAN.
Just hope this setup allows me to manage the ADSL router’s web interface even though my PC and the router are on different subnets. I’m guessing the route rules will take care of this though.
Again worrth mentioning - it’s an ADSL router not a modem. Just has DHCP and WLAN disabled as Mikrotik is taking care of this now
If I’m wrong please correct me. Otherwise ignore. You’ve all been super helpful
What do I need to configure under routes for all other traffic to hit my ADSL router? (192.168.2.1)
I tried all sorts of combos but clearly I’m not quite grasping this.
Also, should the IP > DNS setting be set to my ADSL router’s IP under “Servers” (i.e. 192.168.2.1)
