I need some help on configuring my RB2011 19" Mikrotik device.
Software is 5.22
I would connect my All IP Broadband Internet to my local lan, but this woulnd work proberly.
So what I have/Specials:
T-Home All IP VDSL 50/10. Special on that is, that pppoe dial in is vlan 7 tagged and the is a vlan 8 interface for IPTV traffic.
I have setup the router, after successfully login I have used the standart configuration and have expandet this.
my VDSL Model (IP 192.168.16.250) is connectet to Lan Port 1 and the Port is configured with 192.168.16.1/24. This is for administration access for the Modem. On the Lan Interface 1 I have set up 2 vlan, 7&8, on top. Vlan 8 is DHCP client.
As I setup the pppoe connection Dial In succeed successfully and it get optained a IP adress of my provider. Vlan 8 gets his IP via dhcp, is bondet correctly. From Terminal i can ping domains on the web, also the router gets ntp information and the clock is set correctly.
on the switchport my computer is connected and get optained its IP 192.168.1.25 correctly from the router.
I can connect to router with winbox.
So, my problem is now: I coulnd reach google oder other pages from my browser. I tried at least all I have in mind, but no chance. From Winbox Terminal I can ping everything, from my PC it just won´t work.
I see… will post the output tommorow, ´cause the router is not locate on my site.
Also I have forgot some explanations:
IPTV (vlan8) is routed with IGMP Proxy and should be from there be routet to wlan and 2 Interfaces on device in a other vlan, ´cause otherwise there could occour multicast storms on the normal net.
Then there are just a few other things which should be set up, but first there need to be Internet access
MMM MMM KKK TTTTTTTTTTT KKK
MMMM MMMM KKK TTTTTTTTTTT KKK
MMM MMMM MMM III KKK KKK RRRRRR OOOOOO TTT III KKK KKK
MMM MM MMM III KKKKK RRR RRR OOO OOO TTT III KKKKK
MMM MMM III KKK KKK RRRRRR OOO OOO TTT III KKK KKK
MMM MMM III KKK KKK RRR RRR OOOOOO TTT III KKK KKK
MikroTik RouterOS 5.22 (c) 1999-2012 http://www.mikrotik.com/
[admin@TKGN01LTB01R01] > /export compact
# jan/01/2002 02:00:52 by RouterOS 5.22
# software id = 26CV-WFXI
#
/interface bridge
add admin-mac=hidden auto-mac=no l2mtu=1598 name=bridge-local \
protocol-mode=rstp
add name="IPTV Network"
/interface ethernet
set 0 disabled=yes name=sfp1-gateway
set 1 name="VDSL Modem Uplink"
set 2 name="VoIP PBX Net" speed=1Gbps
set 3 name="Uplink GB Backbone"
set 4 name="Up WiFi"
set 6 name=ether6-master-local
set 7 master-port=ether6-master-local name=ether7-slave-local
set 8 master-port=ether6-master-local name=ether8-slave-local
set 9 master-port=ether6-master-local name=ether9-slave-local
set 10 name=MnGNet
/interface vlan
add disabled=yes interface="VDSL Modem Uplink" name="T-Online DialIn V7" \
vlan-id=7
add disabled=yes interface="VDSL Modem Uplink" name="IPTV Net" vlan-id=8
/interface pppoe-client
add add-default-route=yes disabled=no interface="T-Online DialIn V7" name=\
"VDSL MediaNet Dial" password=hidden user=\
UserID@t-online.de
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m
/ip pool
add name=TKGN01LTB01 ranges=192.168.1.10-192.168.1.150
add name=TKGN01IPTV01 ranges=192.168.10.10-192.168.10.20
/ip dhcp-server
add address-pool=TKGN01LTB01 disabled=no interface=bridge-local lease-time=12h \
name=TKGN01LTB01
add address-pool=TKGN01IPTV01 disabled=no interface="IPTV Network" lease-time=\
1w name=TKGN01IPTV01
/tool user-manager customer
add backup-allowed=yes disabled=no login=admin password="" \
paypal-accept-pending=no paypal-allowed=no paypal-secure-response=no \
permissions=owner signup-allowed=no time-zone=-00:00
/interface bridge port
add bridge=bridge-local interface="VoIP PBX Net"
add bridge=bridge-local interface="Uplink GB Backbone"
add bridge=bridge-local interface="Up WiFi"
add bridge=bridge-local interface=ether5
add bridge=bridge-local interface=ether6-master-local
/interface ethernet switch port
set 6 vlan-mode=check
set 7 vlan-mode=check
/interface ethernet switch vlan
add ports=ether6-master-local,ether7-slave-local switch=switch2 vlan-id=10
/ip address
add address=192.168.1.1/24 comment="default configuration" interface=\
bridge-local
add address=192.168.16.1/24 interface="VDSL Modem Uplink"
/ip dhcp-client
add comment="default configuration" interface=sfp1-gateway
add comment="default configuration" interface="VDSL Modem Uplink"
add default-route-distance=0 disabled=no interface="IPTV Net" use-peer-ntp=no
add default-route-distance=0 interface="T-Online DialIn V7" use-peer-dns=no \
use-peer-ntp=no
/ip dhcp-server network
add address=192.168.1.0/24 comment="TKGN01LTB01 Local Net LTB Main" dns-server=\
192.168.1.1 gateway=192.168.1.1
add address=192.168.10.0/24 comment="IPTV Network on LTB01 Site" dns-server=\
192.168.10.1 gateway=192.168.10.1 ntp-server=192.168.1.1
/ip dns
set allow-remote-requests=yes cache-size=8192KiB servers=\
208.67.220.220,208.67.222.222
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established
add chain=input comment="default configuration" connection-state=related
add action=drop chain=input comment="default configuration" in-interface=\
sfp1-gateway
add action=drop chain=input comment="default configuration" in-interface=\
"VDSL Modem Uplink"
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=sfp1-gateway
add action=masquerade chain=srcnat comment="default configuration" \
out-interface="VDSL Modem Uplink" to-addresses=0.0.0.0
/ip neighbor discovery
set "VDSL Modem Uplink" disabled=yes
/ip service
set www-ssl disabled=no
/routing igmp-proxy
set quick-leave=yes
/routing igmp-proxy interface
add interface="IPTV Net" upstream=yes
add interface="IPTV Network"
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name=TKGN01LTB01R01
/system lcd
set contrast=0 enabled=no port=parallel type=24x4
/system lcd page
set time disabled=yes display-time=5s
set resources disabled=yes display-time=5s
set uptime disabled=yes display-time=5s
set packets disabled=yes display-time=5s
set bits disabled=yes display-time=5s
set version disabled=yes display-time=5s
set identity disabled=yes display-time=5s
set "IPTV Network" disabled=yes display-time=5s
set "VDSL MediaNet Dial" disabled=yes display-time=5s
set "IPTV Net" disabled=yes display-time=5s
set "T-Online DialIn V7" disabled=yes display-time=5s
set bridge-local disabled=yes display-time=5s
set MnGNet disabled=yes display-time=5s
set ether9-slave-local disabled=yes display-time=5s
set ether8-slave-local disabled=yes display-time=5s
set ether7-slave-local disabled=yes display-time=5s
set ether6-master-local disabled=yes display-time=5s
set ether5 disabled=yes display-time=5s
set "Up WiFi" disabled=yes display-time=5s
set "Uplink GB Backbone" disabled=yes display-time=5s
set "VoIP PBX Net" disabled=yes display-time=5s
set "VDSL Modem Uplink" disabled=yes display-time=5s
set sfp1-gateway disabled=yes display-time=5s
/system leds
set 0 interface="VDSL Modem Uplink" leds="(unknown)" type=interface-activity
add interface="VoIP PBX Net" type=interface-activity
/system ntp client
set enabled=yes primary-ntp=192.53.103.104 secondary-ntp=192.53.103.103
/system ntp server
set broadcast=yes broadcast-addresses=192.168.1.1 enabled=yes multicast=yes
/system routerboard settings
set cpu-frequency=750MHz
/tool mac-server
add disabled=no interface="VoIP PBX Net"
add disabled=no interface="Uplink GB Backbone"
add disabled=no interface="Up WiFi"
add disabled=no interface=ether5
add disabled=no interface=ether6-master-local
add disabled=no interface=ether7-slave-local
add disabled=no interface=ether8-slave-local
add disabled=no interface=ether9-slave-local
add disabled=no interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface="VoIP PBX Net"
add interface="Uplink GB Backbone"
add interface="Up WiFi"
add interface=ether5
add interface=ether6-master-local
add interface=ether7-slave-local
add interface=ether8-slave-local
add interface=ether9-slave-local
add interface=bridge-local
[admin@TKGN01LTB01R01] >
OK, so what I need is:
Ethernet (gB)1: Up to VDSL Modem, IP 192.168.10.1 (used for backward admin access)
on this Interface, there must be vlan 7 with pppoe dial IN (for Internet and VoIP) and also vlan 8 as a dhcp client, to receive multicast IPTV traffic. This traffic should be routet to 2 Ports at its own, that Multicaststorms coulnd occour. Also the IPTV traffic needs to be routed to seperate wlan to broadcast signal for wlan adapter on set top box. Also this net needs a dhcp server for deliver the SetTop boxes the correct IP to use IPTV.
Ethernet (gB) 2: Up to VoIP - here is my asterisk appliance, this should reach internet
Ethernet (gB) 3: Up to Wlan: self descriping
This is the basis. Now, internal lan should reach admin interface of vdsl modem, internet,voip but no Multicast access for IPTV. 2 Ports - on fe - should be seperated for serve the IPTV Set Top boxes and also (i.e. vlan on wlan) should be toghether for IPTV. So that IPTV (vlan route to part of wlan and 2 ethernet ports seperately, also with its own subnet.
Before looking at anything else could you get rid of the 0.0.0.0 . 0.0.0.0/0 and 0.0.0 are not the same thing. Note that your other masquerade has no to-addresses limitation.
I think that you must have selected source NAT on that rule at some point thus the to-addresses setting appeared. I don’t think it is actually causing problems because the action is masquerade.
However, having read through the config it looks to me as if you are not masquerading the PPPoE client interface “VDSL MediaNet Dial” , so you need a rule to masquerade outbound traffic on that interface.
need to tell the router that it must masquerate traffic not for eth1, but for vlan 7, because vlan 7 is logically an independant interface. Then I have to tell him to route traffic for 192.168.10.0/24 to eth1 as it is the management traffic and for vlan 8 to eth 6&7 and vlan on wlan for IPTV.
right?
so this is the first step before configuring other thinks, does I got it?
From your config it looks as if the PPPoE client “VDSL MediaNet Dial” uses VLAN7. The VLAN is just defining the broadcast domain for the PPPoE connection. It is the PPPoE client which will ultimately carry your local LAN subnet traffic to the ISP so it is the PPPoE client interface “VDSL MediaNet Dial” which needs to have masquerade set.
On the IGMP proxy upstream interface temporarily add 0.0.0.0/0 under alternate subnets since there is a good chance that the servers are not on the same subnet. Once you see where the traffic comes from you can provide suitable limits.
as configured on eth1 the vlan 8 is dhcp client which will get als routes from there. But I will separate the 2 IPTV boxes from normal net, so I configured them in a seperate vlan as shown in config above.
Look in the IGMP Proxy settings under interfaces. On that upstream interface add 0.0.0.0/0 as an alternative subnet - you will see a place for that entry. I am suggesting this because you don’t know what addresses the IPTV provider will be streaming from yet…
OK, done. This will work. But what about the Set Top Boxes? I will do them on Eth 6-7, so I have gone to “Switch” and have set Port 6&7 to vlan 10 “Check”
So I guess that this will be in their own “Lan”, also they should use 192.168.10.0/24 instead of 192.168.1.0/24 ´cause otherwise there could occour Multicast Storms in the Network. For that, I have Set Up an DHCP Server for serving also this network, but it shows up red and won´t work. So what have to be done to get this thing realized?
Oh man, I got it: the same ip is on eth1 for management…
ok, so i set up vlan as a interface, give him a valid ip, create a valid pool and set it as a new dhcp server. On switch I set up eth 6&7 as vlan according to above as “check” and the thing should be done?
Also: If I will have management access on eth 1 connected modem, I have to set up a nat route or a arp entry to reach this network?
Also, i have had an issue when changing the default lan to something different, i get no internet. Found out that i needed to get rid of the static DNS which stays as 192.168.88.1.. Once i remove that i get internet access.
yeah, same at me. Also the DHCP Server has served that DNS IP… But I´m not using the DNS of my provider, I use OpenDNS and that are the servers the cache gets its information.
After a long search, I found an seperate underpoint on which I could get rid of the false entry and this have solved the first problem.
Now I can access the Internet, but need to configure IPTV IGMP settings to watch TV and also have to configure configuration access, on which my mentioning above belongs to…
Ja, the VDSL Modem is in bridge mode, without NAT. It´s management Interface is reachable through 192.168.10.250, connected to eth1 which is configured as 192.168.10.1/24 and provide vlan 7&8 also for internet and iptv. On eth1 the pppoe interconnects internet through vlan 7 and as dhcp client on vlan 8 for IPTV. I need management access because to see the dampings and so of the xDSL interconnection.
route to part of wlan and 2 ethernet ports seperately, also with its own subnet.