Could someone advise me on the best way of setting up routerOS to handle multiple wan connections and if my planned setup will be supported?
My first gateway is BT - I have a BT business hub which I am planning to put into bridge mode. I have a single static IP with BT.
The second gateway is Virgin business and as I understand it, I cannot change virgin router to modem mode because it uses GRE connection to provide static IP, so I have requested from them a block of static IP addresses in the hope that I can assign one IP to a port on the mikrotik and use that as the second wan connection.
I would then like to configure a default WAN (BT) and then have the second WAN (Virgin) sitting idle, taking over if BT ever goes down.
I would also like the ability to switch any particular client device onto the virgin manually (If this can be done via terminal that would be ideal because I can then have a script that I run on my computer, to send a terminal command to the router in order to switch over to the second WAN connection).
Here is what I have done so far - I connected BT router to Mikrotik eth1/wan. I set up PPPoE on eth1/wan, added credentials from BT and this is working.
I have DHCP configured via the Mikrotik router as well, and everything works fine.
What I am trying to do now, is add Virgin as a second WAN to the mikrotik with a view to -
a) setting up a dual WAN failover so if one line goes down, it automatically goes on to the other line and
b) if I wish, I can assign a particular client on my LAN to use one of the two WANs as its gateway
I have been given a /29 subnet by virgin - I have network IP, gateway etc. But I just don’t know how to configure this on the Mikrotik.
What I have tried so far is to connect the virgin router to Eth2 on Mikrotik, then I have added First usable IP and the network address into IP > address list on mikrotik.
Then I tried changing 0.0.0.0/0 in IP > routes to use gateway of eth2. then tried to ping 8.8.8.8 from client, but once I update the gateway in routes to eth2, ping fails.
If I put gateway back to pppoe-out2, ping works fine again.
Can you post your config please so far.
When you do replace your public IP information ppooe, with fake numbers and fake passwords etc. (same with virgin numbers).
Since you want to maintain control over your routes, suggest do not add default route = yes in the pppoe settings but instead
set the route manually you can do this by going to winbox and looking at IP Routes now and pay attention to what
the settings are for the pppoe route (aka gateway IP etc).
Then add the route manually
add dst-address=0.0.0.0/0 gateway=ISP1gatewayIP table=main distance=1 check-gateway=ping
Once you have done that and it shows up on IP routes in winbox and looks okay then remove the add default route=yes in the pppoe settings!
Once you have added Virgin to IP DHCP settings… also do not USE add default route=yes, as we need to set this up manually
add dst-address=0.0.0.0/0 gateway=ISP2gatewayIP table=main distance=2
With those things done, all your traffic will only go to ISP1, unless not available and then it will switch to ISP2, until ISP1 is available again.
This is the very basic first step of failover. Lets just try to get there for now and worry about finessing it better after.
Sorry cannot help with Virgin settings, my level of knowledge on isp setups is woefully weak.
I have attempted to make those changes that you suggested. Here is my config after making the changes -
Hopefully I have obscured everything.
At the moment, it works in the primary gateway, but if i change those distances around, to make the second wan primary, it does not work.
also, on the route for second gateway in route list, it says unreachable, next to the gateway.
I dont know if this is strange or not, but if I just ping the gateway of wan2 from my computer, I get a reply. So I guess it is reachable in one way or another…
(3) this needs to be fixed.
/ip address
add address=192.168.2.1/24 comment=defconf interface=bridge nnetwork=
192.168.2.0
(4) routes seem okay…
Can you show the results of new terminal (CLI) /ip route print detail and just change the numbers so the actual public ones are not the real ones
(5) set this one to none, unlike winbox its not secured…
/tool mac-server
set allowed-interface-list=NONE
OK I think I have fixed those points you mentioned now.
detail of route print -
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
0 A S dst-address=0.0.0.0/0 gateway=pppoe-out2
gateway-status=pppoe-out2 reachable check-gateway=ping distance=1
scope=30 target-scope=10
1 S dst-address=0.0.0.0/0 gateway=62.62.62.25
gateway-status=62.62.62.25 unreachable distance=2 scope=30
target-scope=10
[admin@MikroTik] > /tool mac-server
[admin@MikroTik] /tool mac-server> set allowed-interface-list=NONE
input does not match any value of allowed-interface-list
And I misunderstood this bit and I had added it to dhcp server, networks -
Once you have added Virgin to IP DHCP settings… also do not USE add default route=yes, as we need to set this up manually
add dst-address=0.0.0.0/0 gateway=ISP2gatewayIP table=main distance=2
I’ve removed that now but not sure where I should be putting that info. I’m not all that familiar with using this router yet and a bit of a noob with networking as well.
Yes, somehow you are going to have to set the Virgin provided parameters into IP DHCP client I think, with interface being ether2.. I wonder if it will populate automatically??
Ah right, as far as I know, there is no DHCP. I beleive they configure the virgin router with the gateway IP on the subnet, which I think is done by it authenticating via GRE tunnel or something along those lines (They provided GRE credentials, and instructions for configuring the router, but in fact I think they configure it remotely themselves).
Then, they also provided me with a document detailing the provided subnet, network address, gateway address and usable IP addresses along with subnet mask and finally, a notice that I should assign my equipment with one of the usable IP addresses. So I dont think that DHCP is active now on the router (As an aside, they also mentioned that wifi on the router is now inactive, which is fine).
The reason I done it this way in the first place is after reading online that its not possible to change the router into modem mode now, like it used to be, due to the way that they configure a single static IP - using the GRE trunnel and the way I had read others got the same thing working was by requesting block of 5 IP addresses and then configuring the router with one of those IPs and setting the virgin hub as the gateway.
I am going to temporarily set up a laptop tomorrow with a usable IP and connect it to the virgin router, just to confirm that side of things is actually working.
In the meantime if you think there is any other way of getting this working, please let me know.
Thanks for your help so far I really appreciate it.
This morning I configured the ethernet interface on my laptop with the details provided by virgin - first usable IP as the adators IP address, subnet mask 255.255.255.248 and the gateway provided by virgin. This worked, so its good to know the virgin router is working.
Unfortunately the virgin still doesnt work from the mikrotik -
If I have the ppoe gateway (ether1) set to distance 1, then I can ping the internet from my computer.
If I have the virgin gateway (ether2) set to distance 1, then I cannot ping the internet. And the mikrotik reports unreachable, when i do tracert 1.1.1.1, for example.
I am re-sharing my config in case you guys see anything wrong.
Not sure your testing methods are any good.
Dont change the distances, keep ether1 at dist=1 and ether2 (virgin at dist=2)
If you want to check if ether2 works simply go into the ether1 interface and disable it or go into pppoe settings and disable the client etc…
By the way if ether2 is connected and available you will see it in IP routes as both ISPs should show as reachable but blue since its not the active route.
Disable ether1 and ether2 should turn black as the active route!!
You didnt remove this yet… ( both should be disabled as the client settings for ISP1 are set in the pppoe settings and for ISP2 you set it in manually via IP address )
/ip dhcp-client
add comment=defconf interface=ether1
add comment=defconf interface=ether1
I had those two disabled, but now I have completely removed them from IP, DHCP Client.
I tried again disabling pppoe - and yes, once I disable that, ppoe goes blue and says unreachable in routes, ether2 goes from blue to black. it also says reachable when that happens.
But when I try to browse internet it times out and when i try to ping an IP (for example 1.1.1.1) it says Reply from 192.168.2.1: Destination host unreachable.
Any other ideas? Or is there an option for someone to log in remotely and check settings (happy to pay for this)?
