Hello guys
I want to configure my routeros to this schema:
ether1 and ether2 are Dual Wan failover with DHCP with private ip’s (one is giving 192.168.1/24 and other one is 192.168.2.1/24, those devices are from ISP, cant change that)
VLANS:
10 within 192.168.1.1/24 subnet (mgmt ip of routeros is 1.9) with static ip’s
20 within 192.168.20.1/24 as dhcp hotspot and short lease
111 within 192.168.111.1/24 as dhcp and management subnet for other devices
VLAN20 should be completly isolated from other vlans
Vlan10 and Vlan111 can see eachother
ether 4-7 are VLANs with different subnets for other switches
Ether8 should be access port of vlan 10
Ether9 shoudl be acess port of vlan 20
BUT
even that i configured that (or i think i did) this config is not running…
what i did wrong, can someone point me in some direction?
[admin@MikroTik] > export
# mar/00/2010 10:35:10 by RouterOS 6.40.1
# software id = YRRZ-WCZD
#
# model = RouterBOARD 3011UiAS
# serial number = ---------
/interface vlan
add interface=ether4 name=vlan10_eth4 vlan-id=10
add interface=ether5 name=vlan10_eth5 vlan-id=10
add interface=ether6 name=vlan10_eth6 vlan-id=10
add interface=ether7 name=vlan10_eth7 vlan-id=10
add interface=ether8 name=vlan10_eth8 vlan-id=10
add interface=ether4 name=vlan20_eth4 vlan-id=20
add interface=ether5 name=vlan20_eth5 vlan-id=20
add interface=ether6 name=vlan20_eth6 vlan-id=20
add interface=ether7 name=vlan20_eth7 vlan-id=20
add interface=ether9 name=vlan20_eth9 vlan-id=20
add interface=ether4 name=vlan111_eth4 vlan-id=111
add interface=ether5 name=vlan111_eth5 vlan-id=111
add interface=ether6 name=vlan111_eth6 vlan-id=111
add interface=ether7 name=vlan111_eth7 vlan-id=111
/interface list
add name=WAN
add name=LAN
/ip dhcp-server
add disabled=no interface=vlan10_eth4 lease-time=12h name=dhcp_vlan10_eth4
add disabled=no interface=vlan10_eth5 lease-time=12h name=dhcp_vlan10_eth5
add disabled=no interface=vlan10_eth6 lease-time=12h name=dhcp_vlan10_eth6
add disabled=no interface=vlan10_eth7 lease-time=12h name=dhcp_vlan10_eth7
/ip pool
add name=DHCPHOTSPOT ranges=192.168.20.2-192.168.20.250
add name=DHCPIT ranges=192.168.111.2-192.168.111.250
/ip dhcp-server
add address-pool=DHCPHOTSPOT authoritative=after-2sec-delay disabled=no \
interface=vlan20_eth4 lease-time=2h name=dhcp_vlan20_eth4
add address-pool=DHCPHOTSPOT authoritative=after-2sec-delay disabled=no \
interface=vlan20_eth5 lease-time=2h name=dhcp_vlan20_eth5
add address-pool=DHCPHOTSPOT authoritative=after-2sec-delay disabled=no \
interface=vlan20_eth6 lease-time=2h name=dhcp_vlan20_eth6
add address-pool=DHCPHOTSPOT authoritative=after-2sec-delay disabled=no \
interface=vlan20_eth7 lease-time=2h name=dhcp_vlan20_eth7
add address-pool=DHCPIT disabled=no interface=vlan111_eth4 lease-time=2d \
name=dhcp_vlan111_eth4
add address-pool=DHCPIT disabled=no interface=vlan111_eth5 lease-time=2d \
name=dhcp_vlan111_eth5
add address-pool=DHCPIT disabled=no interface=vlan111_eth6 lease-time=2d \
name=dhcp_vlan111_eth6
add address-pool=DHCPIT disabled=no interface=vlan111_eth7 lease-time=2d \
name=dhcp_vlan111_eth7
/interface list member
add interface=ether1 list=WAN
add interface=ether3 list=LAN
add interface=ether2 list=WAN
add interface=ether4 list=LAN
add interface=ether5 list=LAN
add interface=ether6 list=LAN
add interface=ether7 list=LAN
/ip address
add address=192.168.1.9/24 interface=ether4 network=192.168.1.0
add address=192.168.1.9/24 interface=ether5 network=192.168.1.0
add address=192.168.1.9/24 interface=ether6 network=192.168.1.0
add address=192.168.1.9/24 interface=ether7 network=192.168.1.0
add address=192.168.20.1/24 interface=ether4 network=192.168.20.0
add address=192.168.20.1/24 interface=ether5 network=192.168.20.0
add address=192.168.20.1/24 interface=ether6 network=192.168.20.0
add address=192.168.20.1/24 interface=ether7 network=192.168.20.0
add address=192.168.111.1/24 interface=ether4 network=192.168.111.0
add address=192.168.111.1/24 interface=ether5 network=192.168.111.0
add address=192.168.111.1/24 interface=ether6 network=192.168.111.0
add address=192.168.111.1/24 interface=ether7 network=192.168.111.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1
add default-route-distance=2 dhcp-options=hostname,clientid disabled=no \
interface=ether2
/ip dhcp-server lease
#
##some adress leasses##
#
/ip firewall filter
add action=drop chain=forward dst-address=192.168.0.0/16 src-address=192.168.20.0/24
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=192.168.1.9,8.8.8.8,8.8.4.4 gateway=\
192.168.1.9
add address=192.168.20.0/24 dns-server=8.8.8.8,8.8.8.8 gateway=\
192.168.20.1,192.168.1.9 netmask=24
add address=192.168.111.0/24 dns-server=8.8.8.8,192.168.1.9,8.8.4.4 gateway=\
192.168.111.1,192.168.1.9 netmask=24
/system script
add dont-require-permissions=yes name=script1 owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="#\
\_------------------- header -------------------\
\n# Script by Tomas Kirnak, version 1.0.7\
\n# If you use this script, or edit and\
\n# re-use it, please keep the header intact.\
\n#\
\n# For more information and details about\
\n# this script please visit the wiki page at\
\n# http://wiki.mikrotik.com/wiki/Failover_Scripting\
\n# ------------------- header -------------------\
\n\
\n\
\n\
\n# ------------- start editing here -------------\
\n# Edit the variables below to suit your needs\
\n\
\n# Please fill the WAN interface names\
\n:local InterfaceISP1 ether1\
\n:local InterfaceISP2 ether2\
\n\
\n# Please fill the gateway IPs (or interface names in case of PPP)\
\n:local GatewayISP1 ether1\
\n:local GatewayISP2 ether2\
\n\
\n# Please fill the ping check host - currently: resolver1.opendns.com\
\n:local PingTarget 208.67.222.222\
\n\
\n# Please fill how many ping failures are allowed before fail-over happen\
ds\
\n:local FailTreshold 3\
\n\
\n# Define the distance increase of a route when it fails\
\n:local DistanceIncrease 2\
\n\
\n# Editing the script after this point may break it\
\n# -------------- stop editing here --------------\
\n\
\n\
\n\
\n# Declare the global variables\
\n:global PingFailCountISP1\
\n:global PingFailCountISP2\
\n\
\n# This inicializes the PingFailCount variables, in case this is the 1st \
time the script has ran\
\n:if ([:typeof \$PingFailCountISP1] = \"nothing\") do={:set PingFailCount\
ISP1 0}\
\n:if ([:typeof \$PingFailCountISP2] = \"nothing\") do={:set PingFailCount\
ISP2 0}\
\n\
\n# This variable will be used to keep results of individual ping attempts\
\n:local PingResult\
\n\
\n\
\n\
\n# Check ISP1\
\n:set PingResult [ping \$PingTarget count=1 interface=\$InterfaceISP1]\
\n:put \$PingResult\
\n\
\n:if (\$PingResult = 0) do={\
\n\t:if (\$PingFailCountISP1 < (\$FailTreshold+2)) do={\
\n\t\t:set PingFailCountISP1 (\$PingFailCountISP1 + 1)\
\n\t\t\
\n\t\t:if (\$PingFailCountISP1 = \$FailTreshold) do={\
\n\t\t\t:log warning \"ISP1 has a problem en route to \$PingTarget - incre\
asing distance of routes.\"\
\n\t\t\t:foreach i in=[/ip route find gateway=\$GatewayISP1 && static] do=\
\\\
\n\t\t\t\t{/ip route set \$i distance=([/ip route get \$i distance] + \$Di\
stanceIncrease)}\
\n\t\t\t:log warning \"Route distance increase finished.\"\
\n\t\t}\
\n\t}\
\n}\
\n:if (\$PingResult = 1) do={\
\n\t:if (\$PingFailCountISP1 > 0) do={\
\n\t\t:set PingFailCountISP1 (\$PingFailCountISP1 - 1)\
\n\t\t\
\n\t\t:if (\$PingFailCountISP1 = (\$FailTreshold -1)) do={\
\n\t\t\t:log warning \"ISP1 can reach \$PingTarget again - bringing back o\
riginal distance of routes.\"\
\n\t\t\t:foreach i in=[/ip route find gateway=\$GatewayISP1 && static] do=\
\\\
\n\t\t\t\t{/ip route set \$i distance=([/ip route get \$i distance] - \$Di\
stanceIncrease)}\
\n\t\t\t:log warning \"Route distance decrease finished.\"\
\n\t\t}\
\n\t}\
\n}\
\n\
\n\
\n\
\n# Check ISP2\
\n:set PingResult [ping \$PingTarget count=1 interface=\$InterfaceISP2]\
\n:put \$PingResult\
\n\
\n:if (\$PingResult = 0) do={\
\n\t:if (\$PingFailCountISP2 < (\$FailTreshold+2)) do={\
\n\t\t:set PingFailCountISP2 (\$PingFailCountISP2 + 1)\
\n\t\t\
\n\t\t:if (\$PingFailCountISP2 = \$FailTreshold) do={\
\n\t\t\t:log warning \"ISP2 has a problem en route to \$PingTarget - incre\
asing distance of routes.\"\
\n\t\t\t:foreach i in=[/ip route find gateway=\$GatewayISP2 && static] do=\
\\\
\n\t\t\t\t{/ip route set \$i distance=([/ip route get \$i distance] + \$Di\
stanceIncrease)}\
\n\t\t\t:log warning \"Route distance increase finished.\"\
\n\t\t}\
\n\t}\
\n}\
\n:if (\$PingResult = 1) do={\
\n\t:if (\$PingFailCountISP2 > 0) do={\
\n\t\t:set PingFailCountISP2 (\$PingFailCountISP2 - 1)\
\n\t\t\
\n\t\t:if (\$PingFailCountISP2 = (\$FailTreshold -1)) do={\
\n\t\t\t:log warning \"ISP2 can reach \$PingTarget again - bringing back o\
riginal distance of routes.\"\
\n\t\t\t:foreach i in=[/ip route find gateway=\$GatewayISP2 && static] do=\
\\\
\n\t\t\t\t{/ip route set \$i distance=([/ip route get \$i distance] - \$Di\
stanceIncrease)}\
\n\t\t\t:log warning \"Route distance decrease finished.\"\
\n\t\t}\
\n\t}\
\n}\
\n"
Help?
Daulwan Failover works ok, but vlans are not working
