Set static wan ip help

RouterOS General
1

I am having issues with setting a WAN IP static. For example when I try to enter the router via winbox with public ip I get this error message “Router has been disconnected!” also I cannot connect via HTTP. I do have access via SSH and the router is ping-able.

If i connect the ISP directly to my laptop and set the static info I don’t have any problems.

This is my setup

/ip address
add address=1xx.7.2xx.102/30 interface=WAN network=1xx.7.2xx.100
/ip routes 
add distance=255 dst-address=1xx.7.2xx.100/30 gateway=1xx.7.2xx.101
/ip route "Dynamic Route"
dst-address=1xx.7.2xx.100/30 gateway=WAN  pref-src=1xx.7.2xx.102 
/ip firewall nat 
add action=masquerade chain=srcnat out-interface=WAN

Please Help this is driving me crazy.

Thanks in advance

2

You’re missing a proper default route.

Ditch the two routes you created and add one using 0.0.0.0/0 as the destination, the gateway as the IP address your ISP says to use for default gateway, and the distance as 1.

3

Thanks for the reply.

I have set the route but still having same issues. I have checked with the ISP and the gateway/IP are correct.

To give a bit more detail there is another WAN/ISP which is DHCP set to distance 1 and it works fine. There is no Loadbalancing nor failover and all filter/mangle rules are disabled as well.

/ip address
add address=1xx.7.2xx.102/30 interface=WAN2 network=1xx.7.2xx.100
/ip routes 
add distance=2 dst-address=0.0.0.0/0 gateway=1xx.7.2xx.101
/ip route "Dynamic Route. This route was generated when I set the router IP/network in "ip address" and cannot be eliminated"
dst-address=1xx.7.2xx.100/30 gateway=WAN2  pref-src=1xx.7.2xx.102 
/ip firewall nat 
add action=masquerade chain=srcnat out-interface=WAN2

Any other thoughts.

Thanks in advance

4

Routes

Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit

#      DST-ADDRESS           PREF-SRC        GATEWAY              DISTANCE
 0 ADS  0.0.0.0/0                          192.168.4.1               0
 1   S  0.0.0.0/0                          192.168.4.1               1
 2   S  0.0.0.0/0                          1xx.7.2xx.101             2
 3 ADC  1xx.7.2xx.100/30   1xx.7.2xx.102   ether2-WAN-2              0
 4 ADC  192.168.0.0/24     192.168.0.1     ether3-OPS-1              0
 5 ADC  192.168.4.0/24     192.168.4.100   ether1-WAN-1              0
5

Address

Flags: X - disabled, I - invalid, D - dynamic
 #   ADDRESS            NETWORK         INTERFACE
 0   192.168.0.1/24     192.168.0.0     ether3-OPS-1
 1 D 192.168.4.100/24   192.168.4.0     ether1-WAN-1
 2   1xx.7.2xx.102/30   1xx.7.2xx.100   ether2-WAN-2

Does anybody have any Idea what is causing these issues for me?

6

Can any body see anything wrong with these settings??

Thanks

7

Looking at what you’ve posted, you have two WANs, correct? One is DHCP and is providing a default route at 192.168.4.1. This route has a distance of 1, therefore it will be preferred over your 1xx.7xx subnet.

If you want to use the 1xx.7xx subnet, you will need to remove the “add default route” option in DHCP client, create a static route with distance 2 0.0.0.0/0 and gateway 192.168.4.1, and change the distance on the other default route for 1xx.7xx to 1.

The distance metric is how the router decides preference for routes that get to the same place. If you want all routes to be equal, you keep the distance set the same. If you want to prefer one route over the other, you adjust them with lower having preference.

8

Thanks for the reply.

Yes. There are 2 WAN’s. One DHCP client and one static. The DHCP client is the preferred route.
I would like to keep the DHCP client as the preferred route. That being said should I still disable the “Default Route” on the dhcp client?
The following route would be with dhcp client “Default Route” Disabled. Does this look correct?

 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0   S  0.0.0.0/0                          192.168.4.1               1
 1   S  0.0.0.0/0                          1xx.7.2xx.101             2
 2 ADC  1xx.7.2xx.100/30   1xx.7.2xx.102   ether2-WAN-2              0
 3 ADC  192.168.0.0/24     192.168.0.1     ether3-OPS-1              0
 4 ADC  192.168.4.0/24     192.168.4.100   ether1-WAN-1              0

Would the setup I currently have now cause the issues as described earlier?

9

Going by your description, that would be what I would do for the correct setup. You could re-enable the default route option on the DHCP client as you intend on keeping that the preferred default route.

Keep in mind that second connection is only going to be used in a failover scenario. If you need load balancing, you need to use mangle and mark connections. This is a good guide on what I’m referring to: http://wiki.mikrotik.com/wiki/Per-Traffic_Load_Balancing

What that does is marks each connection depending on which WAN connection it comes in on. That way the router knows where it needs to route the packets. Without this, using two WAN and a single LAN your second WAN connection can’t be utilized unless the primary WAN goes down. You should be able to test this by disabling the interface for your primary WAN. The other route should become active and start routing traffic.

10

Thank you very much for the info.

I will set my config and report the results.

But judging by the configuration I have posted thus far can the reported problems be caused by the current config.

To reiterate the problems I experience:

  1. Connecting to router via winbox through wan2: Winbox finds and tries to connect than I get this message “Router has been disconnected!”
  2. Does not connect via HTTP.

Currently working

  1. Connect via SSH.
  2. Router/gateway is pingable.

Thanks

11

I have set the routes as suggested but still having problems.

Any ideas?

12

It is strange I get the same problems when trying to go through WAN1. I know this WAN port is ok because the client has internet access. It has to be a router configuration issue. PLEASE, does anybody see anything wrong with my configuration? I have never had this kind of issue before.

Thanks.

13

The only other thing I can think of (which has gotten me before) is a stale ARP entry on your ISPs routers. How long has it been since you connected your laptop with that static IP? Is it possible their router still shows your laptops MAC address and isn’t updating it when you add the IP to your router?

You might be able to fix this two ways: either initiate a ping specifying the source as the static WAN IP. It will likely timeout until ARP updates. The other way would be call your ISP and see what their ARP table shows.

Beyond that, I’d probably need to see a full export of your router to be of any possible further help (this would also give the rest of the community more to work with and they may notice something I haven’t).

14

This is my router config
Router Info: RB450G OS 6.22

IP/ARP
Flags: X - disabled, I - invalid, H - DHCP, D - dynamic, P - published
 #   ADDRESS         MAC-ADDRESS       INTERFACE
 0 D 192.168.0.106   xx:xx:CA:55:97:F9 ether3-OPS-1
 1 D 192.168.4.1     xx:xx:42:6E:D5:02 ether1-WAN-1
 2 D 7xx.xx.1xx.78    xx:xx:B9:7E:0F:AF ether2-WAN-2
 3 D 6x.1xx.1xx.143   xx:xx:B9:7E:0F:AF ether2-WAN-2
 4 D 1xx.2xx.1xx.36  xx:xx:B9:7E:0F:AF ether2-WAN-2
 5 D 2xx.5xx.4xx.28    xx:xx:B9:7E:0F:AF ether2-WAN-2
 6 D 8xx.2xx.1xx.35   xx:xx:B9:7E:0F:AF ether2-WAN-2
 7 D 2xx.8xx.2xx.27    xx:xx:B9:7E:0F:AF ether2-WAN-2
 8 D 8xx.5xx.4xx.204     xx:xx:B9:7E:0F:AF ether2-WAN-2
 9 D 9xx.8xx.1xx.128   xx:xx:B9:7E:0F:AF ether2-WAN-2
10 D 2xx.2xx.1xx.119  xx:xx:B9:7E:0F:AF ether2-WAN-2
11 D 5xx.2xx.2xx.119   xx:xx:B9:7E:0F:AF ether2-WAN-2
12 D 192.168.0.102   xx:xx:53:A6:2F:01 ether3-OPS-1
13 D 3xx.1xx.2xx.90   xx:xx:B9:7E:0F:AF ether2-WAN-2
14 D 192.168.0.253   xx:xx:C3:EC:99:31 ether3-OPS-1

IP/Address
Flags: X - disabled, I - invalid, D - dynamic
 #   ADDRESS            NETWORK         INTERFACE
 0   192.168.0.1/24     192.168.0.0     ether3-OPS-1
 1 D 192.168.4.100/24   192.168.4.0     ether1-WAN-1
 2   1xx.7.2xx.102/30   1xx.7.2xx.100   ether2-WAN-2

IP/DHCP-Client
Flags: X - disabled, I - invalid
 #   INTERFACE           USE ADD-DEFAULT-ROUTE STATUS        ADDRESS
 0   ;;; default configuration
     ether1-WAN-1        no  yes               bound         192.168.4.100/24
 1 X ether2-WAN-2        yes yes

IP/Firewall/Filter. "All rules disabled"

IP/Firewall/NAT
Flags: X - disabled, I - invalid, D - dynamic
 0    ;;; default configuration
      chain=srcnat action=masquerade out-interface=ether1-WAN-1 log=no
      log-prefix=""

 1    ;;; default configuration
      chain=srcnat action=masquerade out-interface=ether2-WAN-2 log=no
      log-prefix=""

IP/Firewall/Mangle. "All rules are disabled"

IP/Routes
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 ADS  0.0.0.0/0                          192.168.4.1               0
 1 X S  0.0.0.0/0                          192.168.4.1               1
 2 X S  0.0.0.0/0                          1xx.7.2xx.101             2
 3 ADC  1xx.7.2xx.100/30   1xx.7.2xx.102   ether2-WAN-2              0
 4 ADC  192.168.0.0/24     192.168.0.1     ether3-OPS-1              0
 5 ADC  192.168.4.0/24     192.168.4.100   ether1-WAN-1              0

rmmccann I have only set the ISP info for WAN2 in my laptop and it worked. I never connected WAN1 to my laptop. If you need more info let me know.

Thank you very much.

15

Anybody??