Hello Community,
I am trying to get more advanced with my setup and route traffic out through different connections on different ports.
Setup:
Ether1 has WAN1 (99.249.x.y IP) that I want to handle traffic for Ether2 and VirtualAP SSID1. They are in VLAN 1.
Ether 4 has WAN2 (192.168.x.y IP) that I want to handle traffic for VirtualAP SSID2. They are in VLAN 5.
All IP assignment is working but I just can not get RouterOS routing traffic out to the Internet for Ether2 and SSID1 to Ether1 and traffic from SSID2 to Ether4. The traffic just gets mixed up. I thought the VLANs would help as in theory Ether1 and Ether4 are on different VLANs with their respective LAN ports.
Any thoughts would be appreciated.
Thank you!
Respectfully,
Jeremy
They’re on different network segments, but as their name implies RouterOS will route (forward) through its gateways based on distance or cost; if both gateways are equivalent it will use ECMP, but you won’t have control about what leaves through which gateway.
To route selectively (policy routing) you should use IP>Firewall>Mangle to mark routing based on src address for example, and create two default routes with those routing marks.
Have a look at this presentation by Tomas Kirnak to get a grip on how its achieved: http://mum.mikrotik.com/presentations/US12/tomas.pdf. It covers more topics but is great to ilustrate the concept.
It happens just today a new experimental feature was added that seems to need just adding a mangle rule:
These mangle rules can be added only from CLI, haven’t tested it yet, assuming VLAN1 addressing is 192.168.10.0/24, and VLAN5 192.168.5.0/24, would need something like
/ip firewall mangle add chain=prerouting src-address=192.168.10.0/24 dst-address-type=!local action=route route-dst=99.249.x.y
/ip firewall mangle add chain=prerouting src-address=192.168.5.0/24 dst-address-type=!local action=route route-dst=192.168.x.y
Not sure if this will work as I haven’t tried it yet.
Hello pukkita,
Thanks for the awesome information! I really appreciate the help and I’ll give it a try. 
Respectfully,
Jeremy