New to MikroTik, confused about load balancing

Carmanet · February 24, 2022, 2:57pm

Hi,

Got a customer who owns an apartment building and currently has ubiquiti Edge equipment with an ER-X as the router and two edgeswitches.

ER-X does load balancing across the 3 WAN ports but is freezing up randomly almost every day so i am replacing it with a HexS.

need to get this replaced asap and have been reading documentation and following examples on and off for two days now and can't seem to get it to work.

Currently i'm back to a basic config, 3 WAN ports and 2 LAN ports, 1 to each switch. Ideally the switches should not be able to see each other, all ports on switches are isolated but not at the router level.

I think most of my confusion comes from the 3 WAN ports being DHCP. I found the Lease Script and somewhat understand how to update routes when the public IP address changes but i hit all sorts of other questions when following examples. Maybe some confusion also because a lot of examples are for previous ROS versions, i'm on 7.1.3.

I know it's asking alot but can anyone give me a quick list of commands to accomplish PCC load balancing on this configuration. gotta get the customer up and running today.

For example, when following RouterOS - RouterOS - MikroTik Documentation all the public IP addresses are static and i need DHCP. i see how to update my ip route with the Lease script but its the very first section for setting the default routing that gets me confused now.
/ ip firewall mangle
add chain=prerouting dst-address=10.111.0.0/24 action=accept in-interface=LAN
add chain=prerouting dst-address=10.112.0.0/24 action=accept in-interface=LAN

How do i set the dst-address to my DHCP wan subnets.

heres by basic config the only extra here is the example of the Lease Script i found.

[admin@MikroTik] > /export compact

jan/02/1970 07:02:39 by RouterOS 7.1.3

software id = AGAI-ZLID

model = RB760iGS

/interface ethernet
set [ find default-name=sfp1 ] disabled=yes
/interface list
add name=local
/interface lte apn
set [ find default=yes ] ip-type=ipv4
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=192.168.102.10-192.168.102.254
add name=dhcp_pool1 ranges=192.168.101.10-192.168.101.254
/ip dhcp-server
add address-pool=dhcp_pool0 interface=ether5 name=dhcp1
add address-pool=dhcp_pool1 interface=ether4 name=dhcp2
/port
set 0 name=serial0
/interface bridge port
add ingress-filtering=no interface=ether2
/ip neighbor discovery-settings
set discover-interface-list=local
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface list member
add interface=ether4 list=local
add interface=ether5 list=local
/ip address
add address=192.168.102.1/24 interface=ether5 network=192.168.102.0
add address=192.168.101.1/24 interface=ether4 network=192.168.101.0
/ip cloud
set update-time=no
/ip dhcp-client
add interface=ether1 script=":if ($bound=1) do={\r
\n /ip route set [find where comment="eth1"] gateway=$"gateway-address"
_disabled=no\r
\n} else={\r
\n /ip route set [find where comment="eth1"] disabled=yes\r
\n}"
add interface=ether2 script=":if ($bound=1) do={\r
\n /ip route set [find where comment="eth2"] gateway=$"gateway-address"
_disabled=no\r
\n} else={\r
\n /ip route set [find where comment="eth2"] disabled=yes\r
\n}"
add interface=ether3 script=":if ($bound=1) do={\r
\n /ip route set [find where comment="eth3"] gateway=$"gateway-address"
_disabled=no\r
\n} else={\r
\n /ip route set [find where comment="eth3"] disabled=yes\r
\n}"
/ip dhcp-server network
add address=192.168.101.0/24 dns-server=192.168.101.1 gateway=192.168.101.1
add address=192.168.102.0/24 dns-server=192.168.102.1 gateway=192.168.102.1
/ip dns
set allow-remote-requests=yes
/ip firewall filter
add action=accept chain=input comment="accept established,related"
connection-state=established,related
add action=drop chain=input connection-state=invalid
add action=drop chain=input comment="block everything else" in-interface=ether1
add action=drop chain=input comment="block everything else" in-interface=ether2
add action=drop chain=input comment="block everything else" in-interface=ether3
add action=accept chain=forward comment="accept established,related"
connection-state=established,related
add action=drop chain=forward connection-state=invalid
add action=drop chain=forward comment=
"drop access to clients behind NAT from WAN" connection-nat-state=!dstnat
connection-state=new in-interface=ether1
add action=drop chain=forward comment=
"drop access to clients behind NAT from WAN" connection-nat-state=!dstnat
connection-state=new in-interface=ether2
add action=drop chain=forward comment=
"drop access to clients behind NAT from WAN" connection-nat-state=!dstnat
connection-state=new in-interface=ether3
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
add action=masquerade chain=srcnat out-interface=ether2
add action=masquerade chain=srcnat out-interface=ether3
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set api disabled=yes
/ip ssh
set strong-crypto=yes
/system clock
set time-zone-name=America/Toronto
/tool bandwidth-server
set enabled=no
/tool mac-server
set allowed-interface-list=local
/tool mac-server mac-winbox
set allowed-interface-list=local

Thanks in advance