Setting up CCR1009-8G-1S-1S+PC

lk10321 · September 18, 2015, 4:28pm

Hello All,

I have previous experience with RB2011UiAS-2HnD-IN and CRS125-24G-1S-2HnD-IN routers.

I just upgraded my Verizon FIOS speed to 300/300 Mbps, and I bought CCR1009-8G-1S-1S+PC. My WAN connection is still DHCP with RJ45 coming to my house.

I have noticed few issues:

Quick Set is not working if I choose Router -> Eth1 -> Automatic
I went another way and used MikroTik CCR1036 router configuration like an example.
Video: https://www.youtube.com/watch?v=MqXvHh7VS8M
Eth1 - Management port
Eth2 - LAN with DHCP server
Eth3 - WAN with DHCP Client
I modified steps a little bit to create DHCP client instead of static IP, and use my WAN DHCP address (71.121.244.191) in the IP Firewall NAT.

/ip dhcp-client> print

INTERFACE USE-PEER-DNS ADD-DEFAULT-ROUTE STATUS ADDRESS

0 ether3 no yes bound 71.121.244.191/24

/ip firewall nat> print
chain=srcnat action=src-nat to-addresses=71.121.244.191 src-address=192.168.1.0/24 log=no log-prefix=""

My question is how can I modify "/ip firewall nat" that it will use interface "eth3" instead of temporary IP 71.121.244.191?

LK

lk10321 · September 29, 2015, 8:00pm

I was able to setup the router by purchasing S-RJ01:
http://routerboard.com/S-RJ01

Quick Set
Mode: Router
Port: SFP1
Address Acquisition: Automatic
IP Address: 192.168.1.1
Netmask: 192.168.1.0/24
DHCP server: checked
DHCP Server Range: 192.168.1.100-192.168.1.254
NAT: checked

S-RJ01 had to be plugged in into SFP+ port only in some reason.

My home network is a combination of ethernet drops and MOCA. (Verizon FIOS)

chechito · September 29, 2015, 11:54pm

its important learn to config the router beyond quickset to take full advantage of the functionalities

lk10321 · September 30, 2015, 12:50am

I completely agree with your comment. I wasn’t ready that CCR1009 setup approach is different compare to RB2011 and CRS125.

I was trying to use Quick Set for a temporary configuration to test my ISP speed, DHCP lease and NAT. It was difficult to search for clues without internet connection while I was configuring basic firewall and NAT rules. I had to call my ISP each time to break DHCP lease when I was switching routers. (stupid )

The answer to my original question is

/ip firewall nat \
add action=masquerade chain=srcnat out-interface=sfp-sfpplus1

LK

soyelpulpo · September 30, 2015, 4:15am

That’s why in the mtcna they teach to do it from scratch. Love it!

Sent from my Nexus 4 using Tapatalk

jarda · September 30, 2015, 8:47am

My advice is the same even I haven’t passed any of these courses…