RB2011 + IPTV STB: How to assign separate public IP to STB?

RouterOS General
1

Good evening all,

Recently I have received a great present for my birthday RB2011 :slight_smile: It was not so easy, but after few evenings all is up and running. So far so good.

At the moment I have following structure at home:
1.png
As you can see from the diagram, one cable is coming to home and it is split by switch for LAN and for IPTV. Both these (LAN and IPTV) receives separate public IPs.

OK, now to the point. I want to get rid of the switch which is provided by ISP as too much power outlets are in use :slight_smile: All I want to do is to have 1 port to act as a gateway for the LAN (6 remaining ports out of :sunglasses:, and another port dedicated to IPTV. The issue is that I do not know how to assign Public IP to port dedicated for IPTV through eth1-gateway:
2.png
Hope it is clear enough. Shortly - eth1-gateway should be default gateway for RB2011 and it should assign public IP for eth2 (IPTV), and public IP for eth3-eth8 that are bridged for LAN.

Here is a legend for above diagrams:
legend.jpg
Any ideas or suggestions would be appreciated.

2

Simply speaking, as far as I understand - ports ETH1 and ETH2 have to be sweatched, while all the rest (ETH3-ETH8) will be bridged. Regarding switching - I can achieve this, but how can I make that BRIDGE1 (ports ETH3-ETH8) will have ETH1 as a gateway?
net.png

3

Anyone?

4

Put 2 IP public address in ether1gateway create the respective routes and a mark routing for each one. The u can separate segment ej ether2 to ether5 switch or bridge 192.168.0.x and ether6 to ether10 switch or bridge 192.168.1.x then mangle each range of IP whit mark routing.

Enviado desde mi XT925 usando Tapatalk 2

5

I have a similar setup.
I created a “virtual switch” with uplink and stb ports, making the stb able to talk to uplink directly, without mikrotik cpu interaction. (this is done by making stb port a “slave” to uplink port) Then I added the following switch rule:
add dst-port=5050 new-dst-ports=stb ports=uplink
in order to get media traffic from uplink to STB without hitting the cpu again. in my case the provider happened to use port 5050 for media streaming, but in your case it might be something else, like certain IP range, port range etc. use torch or traffic capture to find out.
This way your STB doesn’t take any tik’s CPU resources, and you don’t have to set up igmp-proxy or anything, it just works.

6

Hi CblP,
So if I understood you correctly, it should be something like that:

/interface ethernet> print
Flags: X - disabled, R - running, S - slave 
 #    NAME                    MTU MAC-ADDRESS       ARP        MASTER-PORT           SWITCH                   
 0 R  ether1-gateway         1500 4C:5E:0C:2C:09:25 proxy-arp  none                  switch1                  
 1  S ether2                 1500 4C:5E:0C:2C:09:26 enabled    ether1-gateway        switch1                  
 2  S ether3                 1500 4C:5E:0C:2C:09:27 enabled    none                  switch1                  
 3  S ether4                 1500 4C:5E:0C:2C:09:28 enabled    none                  switch1                  
 4 RS ether5                 1500 4C:5E:0C:2C:09:29 enabled    none                  switch1                  
 5 R  ether6-master-local    1500 4C:5E:0C:2C:09:2A enabled    none                  switch2                  
 6 RS ether7-slave-local     1500 4C:5E:0C:2C:09:2B enabled    ether6-master-local   switch2                  
 7  S ether8-slave-local     1500 4C:5E:0C:2C:09:2C enabled    ether6-master-local   switch2                  
 8 RS ether9-slave-local     1500 4C:5E:0C:2C:09:2D enabled    ether6-master-local   switch2                  
 9  S ether10-slave-local    1500 4C:5E:0C:2C:09:2E enabled    ether6-master-local   switch2                  
10  S sfp1                   1500 4C:5E:0C:2C:09:24 enabled    none                  switch1




/interface bridge port> print
Flags: X - disabled, I - inactive, D - dynamic 
 #    INTERFACE               BRIDGE          PRIORITY  PATH-COST    HOR
 0 I  ether2                  bridge-local        0x80         10       
 1 I  ether3                  bridge-local        0x80         10       
 2 I  ether4                  bridge-local        0x80         10       
 3    ether5                  bridge-local        0x80         10       
 4 I  ether6-master-local     bridge-local        0x80         10       
 5 I  sfp1                    bridge-local        0x80         10       
 6    wlan1                   bridge-local        0x80         10




/interface ethernet switch rule> print
Flags: X - disabled, I - invalid 
 0 X switch=switch1 ports=ether2 dst-port=1234 copy-to-cpu=no redirect-to-cpu=no mirror=no new-dst-ports=ether1-gateway

In my case ISP uses 1234 port for IPTV:
torch.png
But what about IGMP and other packets? Will they reach STB?

7

yes stb will talk to ISP, as it used to do when it was connected to a real switch instead of your “virtual switch” in mikrotik.
your switch rule should be the opposite I believe, it should be applied on ether1, moving all traffic with port 1234 (media streams) to ether2 without hitting the cpu port. This is for media coming FROM uplink, thus the difference.
Oh, and you should remove the STB port from the bridge.

8

Ether2 shouldn’t be in the bridge since it is slave to ether1.
Put your public IP to be used by the lan clients to ether1 and if correct the stb should get public ip from ISP

9

Thanks all :slight_smile: works fine and there rule for switch is not required at all. All works without it :slight_smile:

10

I’m glad I was able to help :slight_smile:
just a note, the purpose to have the switch rule was to prevent this traffic from going to CPU. I guess you must be seeing it at OS level with torch, so, it takes some resources unless the rule is there.