RB2011 as two separate networks with separate gateways

lanham · August 13, 2014, 9:45pm

I like to create two separate networks each with it’s own gateway on an RB2011

I configured eth1 as a dhcp client. I configured eth2 as a master and slaved eth3-5
I setup an IP address of 192.168.88.1/24 on eth2
I setup DHCP server on eth2
I added NAT masquerading with source of 192.168.88.0/24 and outgoing port as eth1

I configured eth6 as a dhcp client. I configured eth7 as a master and slaved eth8-10
I setup an IP address of 192.168.0.1/24 on eth7
I setup DHCP server on eth7
I added NAT masquerading with source of 192.168.0.0/24 and outgoing port as eth6

The 192.168.88.0/24 network seems to work ok and I have internet access.

On the 192.168.0.0/24 network I cannot even ping 192.168.0.1 nor can I “see” the internet.

I verified I am getting IP addresses. I verified I am getting an address on eth6

So, a little understanding would be helpful. FWIW this was all done with winbox.

CelticComms · August 14, 2014, 4:19am

If you want two distinct routing environments consider assigning the interfaces into VRFs - or at least out the interfaces for the secondary group into a VRF.

http://wiki.mikrotik.com/wiki/Manual:Virtual_Routing_and_Forwarding

lanham · August 14, 2014, 2:23pm

I actually think I got it working. Found a couple of errors but with research VRF. Thanks.

lanham · August 18, 2014, 2:16pm

My configuration actually does not work. The local segment cannot “see” the internet. When I moved the wan and local pc between segments on the bench it seemed to work but not with both WAN’s plugged in at the same time.

/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway
set [ find default-name=ether2 ] name=ether2-public-master
set [ find default-name=ether3 ] master-port=ether2-public-master
set [ find default-name=ether4 ] master-port=ether2-public-master
set [ find default-name=ether5 ] master-port=ether2-public-master
set [ find default-name=ether6 ] name=ether6-gateway
set [ find default-name=ether7 ] name=ether7-local-master
set [ find default-name=ether8 ] master-port=ether7-local-master name=
ether8-slave-local
set [ find default-name=ether9 ] master-port=ether7-local-master name=
ether9-slave-local
set [ find default-name=ether10 ] master-port=ether7-local-master name=
ether10-slave-local
set [ find default-name=sfp1 ] name=sfp1-gateway
/ip neighbor discovery
set ether1-gateway discover=no
set ether6-gateway discover=no
set sfp1-gateway discover=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m
mac-cookie-timeout=3d
/ip pool
add name=dhcp_pool2 ranges=192.168.88.20-192.168.88.254
add name=dhcp_pool1 ranges=192.168.0.50-192.168.0.100
/ip dhcp-server
add address-pool=dhcp_pool2 disabled=no interface=ether2-public-master name=
dhcp2
add address-pool=dhcp_pool1 disabled=no interface=ether7-local-master name=
dhcp1
/port
set 0 name=serial0
/ip address
add address=192.168.88.1/24 interface=ether2-public-master network=192.168.88.0
add address=192.168.0.1/24 interface=ether7-local-master network=192.168.0.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1-gateway
add dhcp-options=hostname,clientid disabled=no interface=ether6-gateway
/ip dhcp-server network
add address=192.168.0.0/24 dns-server=192.168.0.1 gateway=192.168.0.1
add address=192.168.88.0/24 dns-server=192.168.88.1 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,4.4.4.4
/ip dns static
add address=192.168.88.1 name=router
add address=x.x.x.x name=unifi
/ip firewall filter
add action=drop chain=input dst-address=192.168.0.0/24 src-address=
192.168.88.0/24
add chain=input comment=“default configuration” protocol=icmp
add chain=input comment=“default configuration” dst-port=8291 protocol=tcp
add chain=input comment=“default configuration” connection-state=established
add chain=input comment=“default configuration” connection-state=related
add action=drop chain=input comment=“default configuration” in-interface=
ether6-gateway
add action=drop chain=input comment=“default configuration” in-interface=
ether1-gateway
add chain=forward comment=“default configuration” connection-state=established
add chain=forward comment=“default configuration” connection-state=related
add action=drop chain=forward comment=“default configuration” connection-state=
invalid
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1-gateway src-address=
192.168.88.0/24
add action=masquerade chain=srcnat out-interface=ether6-gateway src-address=
192.168.0.0/24
/lcd interface
set sfp1-gateway interface=sfp1-gateway
set ether1-gateway interface=ether1-gateway
set ether2-public-master interface=ether2-public-master
set ether3 interface=ether3
set ether4 interface=ether4
set ether5 interface=ether5
set ether6-gateway interface=ether6-gateway
set ether7-local-master interface=ether7-local-master
set ether8-slave-local interface=ether8-slave-local
set ether9-slave-local interface=ether9-slave-local
set ether10-slave-local interface=ether10-slave-local
/system clock
set time-zone-name=America/Denver
/system identity
set name=BlackCanyonMotel
/system ntp client
set enabled=yes mode=unicast primary-ntp=132.163.4.102 secondary-ntp=
192.43.244.18
/system scheduler
add interval=1d name=UpdateDynDNS on-event=“/system script run DynDns” policy=
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api
start-date=aug/14/2014 start-time=17:29:42
/system script
add name=DynDNS policy=
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api
source=“# Set needed variables\r
\n:local username "xx"\r
\n:local password "xx"\r
\n:local hostname "x.x.x"\r
\n\r
\n:global dyndnsForce\r
\n:global previousIP \r
\n\r
\n# print some debug info\r
\n:log info ("UpdateDynDNS: username = $username")\r
\n:log info ("UpdateDynDNS: password = $password")\r
\n:log info ("UpdateDynDNS: hostname = $hostname")\r
\n:log info ("UpdateDynDNS: previousIP = $previousIP")\r
\n\r
\n# get the current IP address from the internet (in case of double-nat)\r
\n/tool fetch mode=http address="checkip.dyndns.org" src-path="/" dst-pa
th="/dyndns.checkip.html"\r
\n:delay 1\r
\n:local result [/file get dyndns.checkip.html contents]\r
\n\r
\n# parse the current IP result\r
\n:local resultLen [:len $result]\r
\n:local startLoc [:find $result ": " -1]\r
\n:set startLoc ($startLoc + 2)\r
\n:local endLoc [:find $result "" -1]\r
\n:local currentIP [:pick $result $startLoc $endLoc]\r
\n:log info "UpdateDynDNS: currentIP = $currentIP"\r
\n\r
\n# Remove the # on next line to force an update every single time - useful
for debugging,\r
\n# but you could end up getting blacklisted by DynDNS!\r
\n\r
\n#:set dyndnsForce true\r
\n\r
\n# Determine if dyndns update is needed\r
\n# more dyndns updater request details http://www.dyndns.com/developers/spe\
cs/syntax.html\r
\n\r
\n:if (($currentIP != $previousIP) || ($dyndnsForce = true)) do={\r
\n :set dyndnsForce false\r
\n :set previousIP $currentIP\r
\n :log info "$currentIP or $previousIP"\r
\n /tool fetch user=$username password=$password mode=http address="mem
bers.dyndns.org" \\r
\n src-path="nic/update?system=dyndns&hostname=$hostname&myip=$curr
entIP&wildcard=no" \\r
\n dst-path="/dyndns.txt"\r
\n :delay 1\r
\n :local result [/file get dyndns.txt contents]\r
\n :log info ("UpdateDynDNS: Dyndns update needed")\r
\n :log info ("UpdateDynDNS: Dyndns Update Result: ".$result)\r
\n :put ("Dyndns Update Result: ".$result)\r
\n} else={\r
\n :log info ("UpdateDynDNS: No dyndns update needed")\r
\n}\r
\n”
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2-public-master
add interface=ether3
add interface=ether4
add interface=ether5
add interface=ether6-gateway
add interface=ether7-local-master
add interface=ether8-slave-local
add interface=ether9-slave-local
add interface=ether10-slave-local
add
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-public-master
add interface=ether3
add interface=ether4
add interface=ether5
add interface=ether6-gateway
add interface=ether7-local-master
add interface=ether8-slave-local
add interface=ether9-slave-local
add interface=ether10-slave-local
add
[admin@BlackCanyonMotel] >