Same IP on different Ether interfaces

Hi there

I have been trying to configure my mikrotk RB4011 to be able to have a device with the same IP address on each interface of the router. I have seen on other forum posts that this seems to be doable but I cannot seem to get it to work.

http://forum.mikrotik.com/t/connecting-to-multiple-devices-with-same-ip-address/159052/1

I have put my setup below hopefully I’m doing something stupid.

/ip address
add address=192.168.1.12/24 interface=ether1 network=192.168.1.0
add address=192.168.1.13/24 interface=ether1 network=192.168.1.0
add address=192.168.1.14/24 interface=ether1 network=192.168.1.0
add address=10.0.0.1 interface=ether2 network=10.0.0.1
add address=10.0.0.1 interface=ether3 network=10.0.0.1
add address=10.0.0.1 interface=ether4 network=10.0.0.1

/routing/table
add name=port2 fib
add name=port3 fib
add name=port4 fib

/ip firewall mangle
add action=mark-connection chain=prerouting dst-address=192.168.1.12 new-connection-mark=port2
add action=mark-connection chain=prerouting dst-address=192.168.1.13 new-connection-mark=port3
add action=mark-connection chain=prerouting dst-address=192.168.1.14 new-connection-mark=port4
add action=mark-routing chain=prerouting connection-mark=port2 new-routing-mark=port2 passthrough=no
add action=mark-routing chain=prerouting connection-mark=port3 new-routing-mark=port3 passthrough=no
add action=mark-routing chain=prerouting connection-mark=port4 new-routing-mark=port4 passthrough=no

/ip firewall nat
add action=dst-nat chain=dstnat dst-address=192.168.1.12 dst-port=443 protocol=tcp to-addresses=10.0.0.120
add action=dst-nat chain=dstnat dst-address=192.168.1.13 dst-port=443 protocol=tcp to-addresses=10.0.0.120
add action=dst-nat chain=dstnat dst-address=192.168.1.14 dst-port=443 protocol=tcp to-addresses=10.0.0.120
add action=masquerade chain=srcnat out-interface=ether2
add action=masquerade chain=srcnat out-interface=ether3
add action=masquerade chain=srcnat out-interface=ether4

/ip route
add distance=1 dst-address=10.0.0.1/24 gateway=ether2 routing-table=port2
add distance=1 dst-address=10.0.0.1/24 gateway=ether3 routing-table=port3
add distance=1 dst-address=10.0.0.1/24 gateway=ether3 routing-table=port4

You aren’t using your routing marks in your three static routes at the end. Without them, the rules are redundant, so that only one takes effect.

Okay, so that makes sense. Originally I did have route-mark but I get an error when I try and add the route.

 add distance=1 dst-address=10.0.0.1/24 gateway=ether2 routing-mark=port2             
expected end of command (line 1 column 55)

Do you know why I would be getting that error?

Hello,

Change this : 10.0.0.1/24 to 10.0.0.1/32

Regards,

Do you mean

/ip route
add distance=1 dst-address=10.0.0.1/32 gateway=ether2 routing-mark=port2

While subnet is /32 based /ip/address, the issue isn’t the /24. But more likely
routing-mark=port2
vs.
routing-table=port2

That’s why you’re getting a command error. Now is routing “mark” in the firewall, it a “table” routes.

Sorry, I don’t know what you mean

/ip route
add distance=1 dst-address=10.0.0.1/32 gateway=ether2 routing**-table**=port2

You’re referring indirectly to guides from 2016 and 2018, which would be for RouterOS 6. Presuming you’re on 7, this page in the docs is likely to be on-point.

VRF, That is what I needed. I then found this video

https://youtu.be/-hdLsXd9OgE?si=Jfu88aqjNCVzDbpL

I am now able to ping 8.8.8.8 but I can’t ping google.com. I believe the domain name isn’t being resolved.

Do i have to forward the DNS? if so how do I do that?

The devices that are connected to the ether port interfaces have the IP addresses setup

IP 10.0.0.120/24
GW 10.0.0.1
DNS 10.0.0.1

Yes,

ip dns set allow-remote-requests=yes servers=1.1.1.1 (or whatever dns server you want)
If you do that, make sure your firewall rules are properly configured.