Rb2011il-In

Macke · August 9, 2015, 2:58pm

Hello,

I am new to this type of networking products and is grateful for all the help I can get!

I have been recommended to use Rb2011il-In in order to solve my task.
I wish to have verified that this product can solve this, and tips on configuring the device. (enclose a picture of the topology)
TOPOLOGY

Feel free to ask questions if anything is unclear!

Thanks in advance!

Best Regards Marcus

plisken · August 10, 2015, 9:32am

Have you made a config for this?
Don’t use 2.4 GHz point to point links but 5 GHz links (tip)
If you have a configuration go to terminal and do export.
Paste the result here on this forum.
Hide sensitive information such as passwords.

bkuhn · August 10, 2015, 11:11pm

Yes, a RB2011 can handle what you have in your topology.

What part do you need help with?

Macke · August 11, 2015, 5:09pm

Hello

Thanks for the replies. I will order the product and familiarize myself with it
I will return with any issues when they arise

/Marcus

Macke · August 27, 2015, 5:36pm

Hello,

I have familiarized myself with the menus on the Winbox now.

What I want to create is to connect my existing router (LAN) in Ether1 and then my Wi-Fi link on Ether2. This works with the default configuration as it comes with. But the problem is that I can access all devices from Ether2 available in Ether1 network. I want Ether2 only be able to connect to the Internet via Ether1s LAN without seeing what’s there (other LAN IP’s).

/Marcus

jebz · August 29, 2015, 4:15am

In Winbox go to IP, Firewall and make a new rule to drop the traffic from the neighbor network interface (source port 6 in your diagram) to your destination 192.168.1.0/24 internal network.

Macke · August 29, 2015, 12:12pm

Thanks for the reply. I tried to add a new rule but i got this message ? Message

jebz · August 30, 2015, 12:56am

You need to remove port 6 from the group so it’s a standalone interface with address 192.168.2.1/24 . I’d think about moving this separate network to port 10. It then has a bit of logical separation and is easier to separate from the group by removing it’s slave status from the default master port of 6.

You also shouldn’t have out interface in the rule as the destination to be blocked is 192.168.1.0/24
I just reviewed your network diagram. You’ll need an allow for 192.168.1.1 before this block rule to pass the internet destined traffic. Normally the adsl routers can be bridged to enable the more flexible and powerful features of the RB2011 router to be utilized.

Macke · August 30, 2015, 5:44am

Since I’m a beginner I’m a little unsure about all the steps needed to be done.
I have done the following (screenshot) , but no effect on port 10?

jebz · August 30, 2015, 9:26am

There’s a few configurations items from the default that you don’t need. The old address 192.168.88.1 is one. You also probably have a scrnat rule that’s no longer required.
You’ll need to add a default gateway on the RB2011 192.168.1.1 . You’ll also need to add a route on the ADSL router for 192.168.2.0/24 with gateway 192.168.1.99 the address of the RB2011.

These extra configuration items come about because you have 2 routers in the mix. Consider bridging the ADSL router so it acts as a modem and things get simpler. Later you can expand it back when you get a feel for the Mikrotik.

Macke · September 1, 2015, 6:07pm

Ok, I’ll do as you say and tries to bridge the ADSL router. Then I can test some basic configurations. Thanks for all the help so far