Route by MAC address on ROS V7.6

moshe12 · November 8, 2022, 7:35pm

Hi,
I have now upgraded from V6 to V7.6
I have 2 ISP’s and can’t do simple routing like I would on V6.
Below is an example:

# model = RouterBOARD 750G r3

/interface pppoe-client
add add-default-route=yes default-route-distance=3 disabled=no interface=ether1 name=partner password=???????? use-peer-dns=yes user=??????????
add add-default-route=yes default-route-distance=5 disabled=no interface=ether1 name=older password=???????? user=?????????

/ip firewall mangle
add action=mark-routing chain=prerouting comment=ap new-routing-mark=older passthrough=no src-mac-address=XX:2D:21:XX:A4:XX

/ip route
add distance=2 gateway=older routing-mark=older

I am asking for your help on, how to route by MAC address to a older ISP ?

smyers119 · November 9, 2022, 10:40pm

you have two isp’s coming in on the same interface??

moshe12 · November 9, 2022, 11:08pm

Yes,
Why not?

moshe12 · November 9, 2022, 11:29pm

incidentally,
I found part of the solution, but there is a new problem.
I tried to route from address 10.0.0.35 and I managed to route using mangle as you will see in the example below,
But it skips all internal routing
That is, there is no access from 10.0.0.35 even to the router’s DNS server, nor is there access to the router itself.

/interface pppoe-client
add add-default-route=yes default-route-distance=3 disabled=no interface=ether1 name=partner password=???????? use-peer-dns=yes user=??????????
add add-default-route=yes default-route-distance=5 disabled=no interface=ether1 name=older password=???????? user=?????????

/routing table
add disabled=no fib name=older

/ip firewall mangle
add action=mark-routing chain=prerouting new-routing-mark=older passthrough=no src-address=10.0.0.35

/ip route
add disabled=no distance=2 dst-address=0.0.0.0/0 gateway=older pref-src="" routing-table=older scope=30 suppress-hw-offload=no target-scope=10

Sob · November 10, 2022, 12:11am

About route marking, see this: http://forum.mikrotik.com/t/routing-mark-and-route-traffic-to-a-different-gw/160754/4

In short, routing marks now have maximum priority, they will use only routes in given table, no exceptions => don’t mark traffic destined to router.

moshe12 · November 12, 2022, 5:46pm

Hi Sob,
I tried to add a “/routing rule” and there is still no access to the router’s interface from 10.0.0.35
Now I’m doing the tests on the lan address, but I need the mangel because I need to change the routing by mac address.

/interface pppoe-client
add add-default-route=yes default-route-distance=3 disabled=no interface=ether1 name=partner password=???????? use-peer-dns=yes user=??????????
add add-default-route=yes default-route-distance=5 disabled=no interface=ether1 name=older password=???????? user=?????????

/routing table
add disabled=no fib name=older

/routing rule
add action=lookup-only-in-table disabled=no dst-address=0.0.0.0/0 table=main

/ip firewall mangle
add action=mark-routing chain=prerouting new-routing-mark=older passthrough=no src-address=10.0.0.35

/ip route
add disabled=no distance=2 dst-address=0.0.0.0/0 gateway=older routing-table=older suppress-hw-offload=no

Sob · November 12, 2022, 6:23pm

No, I meant something like this:

/ip firewall mangle
add action=mark-routing chain=prerouting new-routing-mark=older passthrough=no src-address=10.0.0.35 dst-address-type=!local

In other words, don’t mark what shouldn’t be sent to internet. In this example it’s any address on router.

moshe12 · November 12, 2022, 7:53pm

Finally it works
Thanks.