I am stumped with a configuration problem I am trying to solve and so far have been unsuccessful.
My company provides internet-based phone service. Sometimes, we need to install a second router to route the traffic for the phones. The customer’s existing router, i.e. a Sonicwall, is used to carry all other internet traffic. We don’t want to put in a second internet connection, and instead we just order a second static IP address from the local cable TV/internet provider.
We have historically done this by putting a mini-switch between the cable modem and the two routers. But I always thought that this created and undesirable failure point, and thought we could do this using the switch ports of an RB2011. I thought I would use switch1 on ethernet ports 1-5 for the WAN, and switch2 on ethernet ports 6-10 for the LAN connection to our phones. I wanted to use ether1 as the connection to the cable modem. The mikrotik would use one of the public IP addresses. The sonicwall WAN port would be connected to ether2 on the mikrotik and it would use switch1 to connect to the cable modem.
I set up a configuration of what I thought would work:
- Removed ether2 from the bridge and assigned ether6 as the master port for the bridge
- Slaved ether2 to ether1
I then plugged a laptop into ether2 of the mikrotik to see if I could talk to the cable modem through switch1 of the mikrotik. The cable modem is providing network 1.1.1.16/29, with 1.1.1.17 as the gateway and 1.1.1.18 through 1.1.1.22 as usable IP addresses. The mikrotik is using 1.1.1.19. I set my laptop up as 1.1.1.18 and tried to ping the gateway 1.1.1.17. I could not ping it. I then tried to ping 1.1.1.19, the address that the mikrotik is using, and I could ping it just fine.
I thought by configuring ports 1&2 all on the same switch, I would be able to communicate with the gateway using layer2 via switch1. But it doesn’t connect.
I have pasted my config, as well as diagrams of the “with mini-switch” and “without mini-switch” configurations below.
Any ideas what I did wrong or need to do to accomplish this, or a better way altogether are appreciated.
Thanks.
Diagram with miniswitch (not desired):
Diagram without miniswitch (desired):
Configuration export:
/interface bridge
add admin-mac=xx:xx:xx:xx:xx:xx auto-mac=no name=bridge
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway
set [ find default-name=ether2 ] master-port=ether1-gateway name=ether2-master
set [ find default-name=ether6 ] name=ether6-master
set [ find default-name=ether7 ] master-port=ether6-master
set [ find default-name=ether8 ] master-port=ether6-master
set [ find default-name=ether9 ] master-port=ether6-master
set [ find default-name=ether10 ] master-port=ether6-master
/ip pool
add name=dhcp ranges=10.0.10.10-10.0.10.100
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge
/interface bridge port
add bridge=bridge interface=ether6-master
add bridge=bridge interface=sfp1
/ip address
add address=10.0.10.1/24 interface=ether6-master network=10.0.10.0
add address=1.1.1.19/29 interface=ether1-gateway network=1.1.1.16
/ip dhcp-server network
add address=10.0.10.0/24 gateway=10.0.10.1
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1-gateway
/ip firewall service-port
set sip disabled=yes
/ip route
add distance=1 gateway=1.1.1.17