Setup Access between two interfaces (networks)

hein86 · June 23, 2013, 1:33pm

Hi Guys

My RB951 connects to the internet via Ether1. Apart from that I have two networks configured as follow.

Ether2 - IP 172.16.0.1
DHCP Server Pool 172.16.0.40-172.16.0.80
WLAN1 - IP 172.16.1.1
DHCP Server Pool 172.16.1.40-172.16.1.80

For some reason, the moment I set the WiFi IP to 172.16.0.254, or any IP on the Ether2 network, I loose my internet connection and cannot connect to the Mikrotik via its IP. So I’ve created the two networks like above. My first choice would be to have them on the same network. If it cannot be done, I need everything connected to the WiFi network to be able to access everything connected to the Ether2 network.

Any assistance would be highly appreciated!

kgninfos · June 23, 2013, 6:06pm

post your config here so that we can check
and also are you using the connect cidr/subnet mask
if you are using 172.16.0.1/24 in router
use in laptop
ip:172.16.0.2-172.16.0.254
subnet: 255.255.255.0
gateway: 172.16.0.1

Thanks

hein86 · June 24, 2013, 6:17am

Thanks for the response!
How can I copy the config for the setup wasn’t done through the terminal?

kgninfos · June 24, 2013, 12:16pm

in terminal type
export file=backup
then go to files and there you will find a file named backup.rsc
in that you will find your full current config

hein86 · June 24, 2013, 1:23pm

Herewith the file as exported:

Rudios · June 24, 2013, 7:17pm

If your purpose is to have one network, shared by both the ethernet interfaces (2-5) and the wifi interface.
Assign the desired IP address to your Office bridge, and also assign that interface on the DHCP server.
From there all the connected systems will get a proper IP address.

PS, i suggest you post the output of
export compactThat’s much more easier to read and please apply proper coding syntax in your post

hein86 · June 26, 2013, 8:40am

Thanks for the response and advice.
Sorry for the syntax but could you kindly exlain:

please apply proper coding syntax in your post

I’ve created the addresses as follow:
Office Bridge - 172.16.0.1/24 (Network 172.16.0.0)
Ether2 - 172.16.0.254/24 (Network 172.16.0.0)
WiFi - 172.16.0.253/24 (Network 172.16.0.0)

The moment I set up this configuration, my VOIP telephones do not dial out. Also the notebooks connected to the Wifi network can access everything connected to the Ether2 network, but not the other way around.

Any suggestions?

hein86 · June 26, 2013, 9:07am

I’ve restored the backup file to the initial settings with no “Office Bridge”. My laptop is now connected to the WiFi as follow:
IP address : 172.16.1.80
Subnet : 255.255.255.0
Gateway : 172.16.1.1

I can access the Ether2 network (172.16.0.0/24) from my laptop. When I switched off my Windows Firewall, the devices on the Ether2 network could access my laptop. Is there a way to change the Ether2 traffic so my laptop firewall thinks the traffic is coming from the same network? I suppose this would be the easiest because I only have 3 network printers that scan to the laptop via FTP.

Rudios · June 26, 2013, 9:56am

Please supply your current /export compact

and when posting use the syntax

hein86 · June 26, 2013, 10:31am

jan/02/1970 01:52:01 by RouterOS 5.25

software id = A1DX-A2W2

/interface bridge
add l2mtu=1594 name="Voice Bridge"
/interface ethernet
set 0 name=ether1-gateway
set 1 name=ether2-master-local
set 2 master-port=ether2-master-local name=ether3-slave-local
set 3 master-port=ether2-master-local name=ether4-slave-local
set 4 master-port=ether2-master-local name=ether5-slave-local
/interface wireless
set 0 band=2ghz-b/g/n disabled=no l2mtu=2290 mode=ap-bridge multicast-helper=
full name=WiFi ssid=Office_WiFi wireless-protocol=802.11
/interface vlan
add interface=ether1-gateway l2mtu=1594 name=Ether1-Vlan100 vlan-id=100
add interface=ether1-gateway l2mtu=1594 name=Voice vlan-id=105
add interface=ether2-master-local l2mtu=1594 name=Voice2 vlan-id=105
/interface pppoe-client
add add-default-route=yes allow=chap disabled=no interface=Ether1-Vlan100 name=
pppoe-out1 password=SMV682 user=SMV682@centsmv.co.za/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk eap-methods=
passthrough mode=dynamic-keys wpa-pre-shared-key=12345654321
wpa2-pre-shared-key=12345654321
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m
/ip pool
add name=default-dhcp ranges=172.16.0.40-172.16.0.80
add name=WiFi ranges=172.16.1.40-172.16.1.80
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=ether2-master-local name=
default
add address-pool=WiFi disabled=no interface=WiFi name=WiFi
/tool user-manager customer
add backup-allowed=yes disabled=no login=admin password=""
paypal-accept-pending=no paypal-allowed=no paypal-secure-response=no
permissions=owner signup-allowed=no time-zone=-00:00
/interface bridge port
add bridge="Voice Bridge" interface=Voice
add bridge="Voice Bridge" interface=Voice2
/ip address
add address=172.16.0.1/24 interface=ether2-master-local
add address=172.16.1.1/24 interface=WiFi
/ip dhcp-server network
add address=172.16.0.0/24 comment="default configuration" dns-server=172.16.0.1
gateway=172.16.0.1
add address=172.16.1.0/24 dns-server=172.16.1.1 gateway=172.16.1.1
/ip dns
set allow-remote-requests=yes servers=10.255.169.4
/ip dns static
add address=192.168.88.1 name=router
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration"
out-interface=pppoe-out1 to-addresses=0.0.0.0
/ip neighbor discovery
set ether1-gateway disabled=yes
set Ether1-Vlan100 disabled=yes
set Voice disabled=yes
set Voice2 disabled=yes
set WiFi disabled=yes
/ip route
add disabled=yes distance=1 dst-address=172.16.1.0/24 gateway=172.16.0.2
/tool mac-server
add disabled=no interface=ether2-master-local
add disabled=no interface=ether3-slave-local
add disabled=no interface=ether4-slave-local
add disabled=no interface=ether5-slave-local
add disabled=no
add disabled=no
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
add
add

SurferTim · June 26, 2013, 10:41am

You could masquerade that as the ip of the WiFi gateway interface. Something like this?

/ip firewall nat
add action=masquerade chain=srcnat out-interface=WiFi src-address=172.16.0.0/24

This will masquerade any source ip in the 172.16.0.0/24 to 172.16.1.1 on the WiFi interface. Is that what you want?

hein86 · June 26, 2013, 11:16am

I’ve tried as you’ve suggested:

/ip firewall nat
add action=masquerade chain=srcnat out-interface=WiFi src-address=172.16.0.0/24

but no luck.

To briefly explain what I need on the network:

Notebook 172.16.1.80 needs to connect to a shared folder on PC 172.16.0.2;
Printer / Scanner 172.16.0.21 needs to scan via FTP to Notebook 172.16.1.80;
Printer / Scanner 172.16.0.22 needs to scan via FTP to Notebook 172.16.1.80.