Hi everyone,
I’m working with a MikroTik router (model RB2011UiAS-2HnD-IN) and encountering a couple of issues that I’m hoping to get some assistance with.
Task 1: Configuration Transfer from Old Router
I have an existing fiber/optic router setup that is currently working without any issues. My goal is to transfer the configuration from the old router to the new MikroTik router. Here are the settings I’ve applied:
/interface ethernet set numbers=ether1 l2mtu=1598 name=WAN
/interface vlan add arp=disabled interface=ether1 mtu=1492 name=vlan35 vlan-id=35
/interface pppoe-client add add-default-route=yes disabled=no interface=vlan35 max-mru=1492 max-mtu=1492 name=OperatorFTTH user=xxx password=password use-peer-dns=yes
/ip firewall filter add action=accept chain=forward protocol=icmp
After applying these settings, I attempted to ping Google’s DNS with the following result:
[admin@MikroTik] > ping 8.8.8.8
SEQ HOST SIZE TTL TIME STATUS
0 8.8.8.8 56 120 3ms
1 8.8.8.8 56 120 2ms
sent=2 received=2 packet-loss=0% min-rtt=2ms avg-rtt=2ms max-rtt=3ms
It appears that the ping to 8.8.8.8 was successful from the MikroTik router. However, clients connected to the router can ping the router’s IP but are unable to ping 8.8.8.8 or access any websites.
Here are some additional settings and statuses from my setup:
[admin@MikroTik] > /ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; defconf: masquerade
chain=srcnat action=masquerade out-interface-list=WAN ipsec-policy=out,none
[admin@MikroTik] > /ip firewall filter print
Flags: X - disabled, I - invalid, D - dynamic
0 D ;;; special dummy rule to show fasttrack counters
chain=forward action=passthrough
1 ;;; defconf: accept established,related,untracked
chain=input action=accept connection-state=established,related,untracked
2 ;;; defconf: drop invalid
chain=input action=drop connection-state=invalid
3 ;;; defconf: accept ICMP
chain=input action=accept protocol=icmp
4 ;;; defconf: accept to local loopback (for CAPsMAN)
chain=input action=accept dst-address=127.0.0.1
5 ;;; defconf: drop all not coming from LAN
chain=input action=drop in-interface-list=!LAN
6 ;;; defconf: accept in ipsec policy
chain=forward action=accept ipsec-policy=in,ipsec
7 ;;; defconf: accept out ipsec policy
chain=forward action=accept ipsec-policy=out,ipsec
8 ;;; defconf: fasttrack
chain=forward action=fasttrack-connection connection-state=established,related
9 ;;; defconf: accept established,related, untracked
chain=forward action=accept connection-state=established,related,untracked
10 ;;; defconf: drop invalid
chain=forward action=drop connection-state=invalid
11 ;;; defconf: drop all from WAN not DSTNATed
chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface-list=WAN
12 chain=forward action=accept protocol=icmp
[admin@MikroTik] > /ip route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 ADS 0.0.0.0/0 OperatorFTTH 1
1 ADC x.x.x.x/32 y.y.y.y OperatorFTTH 0
2 ADC 192.168.88.0/24 192.168.88.1 bridge
[admin@MikroTik] > /interface print detail
Flags: D - dynamic, X - disabled, R - running, S - slave
0 R name="Wan" default-name="ether1" type="ether" mtu=1500 actual-mtu=1500 l2mtu=1598 max-l2mtu=4074 mac-address=BB:58:5D:4A:83:30 last-link-up-time=dec/19/2023 11:48:15 link-downs=0
1 RS name="ether2" default-name="ether2" type="ether" mtu=1500 actual-mtu=1500 l2mtu=1598 max-l2mtu=4074 mac-address=CC:5E:0C:2C:63:CE last-link-down-time=dec/19/2023 12:06:35 last-link-up-time=dec/19/2023 12:06:38 link-downs=1
2 S name="ether3" default-name="ether3" type="ether" mtu=1500 actual-mtu=1500 l2mtu=1598 max-l2mtu=4074 mac-address=CC:5E:0C:2C:63:CF link-downs=0
3 S name="ether4" default-name="ether4" type="ether" mtu=1500 actual-mtu=1500 l2mtu=1598 max-l2mtu=4074 mac-address=CC:5E:0C:2C:63:D0 link-downs=0
4 S name="ether5" default-name="ether5" type="ether" mtu=1500 actual-mtu=1500 l2mtu=1598 max-l2mtu=4074 mac-address=CC:5E:0C:2C:63:D1 link-downs=0
5 S name="ether6" default-name="ether6" type="ether" mtu=1500 actual-mtu=1500 l2mtu=1598 max-l2mtu=2028 mac-address=CC:5E:0C:2C:63:D2 link-downs=0
6 S name="ether7" default-name="ether7" type="ether" mtu=1500 actual-mtu=1500 l2mtu=1598 max-l2mtu=2028 mac-address=CC:5E:0C:2C:63:D3 link-downs=0
7 S name="ether8" default-name="ether8" type="ether" mtu=1500 actual-mtu=1500 l2mtu=1598 max-l2mtu=2028 mac-address=CC:5E:0C:2C:63:D4 link-downs=0
8 S name="ether9" default-name="ether9" type="ether" mtu=1500 actual-mtu=1500 l2mtu=1598 max-l2mtu=2028 mac-address=CC:5E:0C:2C:63:D5 link-downs=0
9 S name="ether10" default-name="ether10" type="ether" mtu=1500 actual-mtu=1500 l2mtu=1598 max-l2mtu=2028 mac-address=CC:5E:0C:2C:63:D6 link-downs=0
10 S name="sfp1" default-name="sfp1" type="ether" mtu=1500 actual-mtu=1500 l2mtu=1598 max-l2mtu=4074 mac-address=CC:5E:0C:2C:63:CC link-downs=0
11 S name="wlan1" default-name="wlan1" type="wlan" mtu=1500 actual-mtu=1500 l2mtu=1600 max-l2mtu=2290 mac-address=CC:5E:0C:2C:63:D7 link-downs=0
12 R name="OperatorFTTH" type="pppoe-out" mtu=1492 actual-mtu=1492 last-link-up-time=dec/19/2023 11:49:22 link-downs=0
13 R ;;; defconf
name="bridge" type="bridge" mtu=auto actual-mtu=1500 l2mtu=1598 mac-address=00:5E:0C:2C:63:CE last-link-up-time=dec/19/2023 11:48:12 link-downs=0
14 R name="vlan35" type="vlan" mtu=1492 actual-mtu=1492 l2mtu=1594 mac-address=11:58:5D:4A:83:AA last-link-up-time=dec/19/2023 11:49:20 link-downs=0
Would anyone be able to suggest what configuration might be missing or misconfigured?
Task 2: Multi-WAN Configuration with LTE Router
Additionally, I have an LTE router that I would like to connect to a port on the MikroTik and set up a Multi-WAN configuration. I want the MikroTik to receive an IP from the LTE router and balance the traffic in case the primary fiber/optic connection fails. How can I achieve this?
Thanks in advance for your help and suggestions!