Community discussions

MikroTik App
 
Machello
just joined
Topic Author
Posts: 4
Joined: Fri Dec 04, 2020 3:22 pm

Turning my router into the WAN itself.

Tue May 04, 2021 2:29 pm

So I have two routers. The one is a SXT LTE6 kit that carries the sim card to establish a rather remarkable LTE connection. The other is a RB4011iGS+5HacQ2HnD-IN router that shares it's connection to rest of the house via wi-fi and it is also going to share the SXT's connection via PTP using SXTsq 5 ac and the other end is also going to be a SXTsq 5 ac. Cat 6 cable is used in all cases.

Now what I want to do is set up the SXT LTE6 to act like a WAN so it can pass on the public IP information given by the carrier to the RB4011iGS+5HacQ2HnD-IN. But that SXT is high up on a tower so installing a second cable for maintenance and pressing the reset button if something is configured wrong is going to be very difficult. The other reason I need the routers to be set up this way is cause the RB4011iGS+5HacQ2HnD-IN is obvious level 5 license RouterOS and has far more powerful processing capabilities than the SXT. And also if the SXT is not set up as a WAN so it can pass on the public information to the RB4011iGS+5HacQ2HnD-IN like a WAN does, I can not use queues at all on the RB4011iGS+5HacQ2HnD-IN. I tried using queues while it is set up as a bridge with fasttrack off on both firewalls and it seems the queues is being completely ignored because the public IP carrier information is not being passed on to the RB4011iGS+5HacQ2HnD-IN as the main controller of the APN. And I also need the RB4011iGS+5HacQ2HnD-IN to be the DHCP for the entire network. The NAT and firewall is going to run on RB4011iGS+5HacQ2HnD-IN and NAT and firewall set to Off on the SXT LTE6. The SXT LTE6 is obviously inserted on eth1 on the RB4011iGS+5HacQ2HnD-IN.

So what I need is:
1) How do I set up the SXT LTE6 to act like a WAN and pass on the APN information to the RB4011iGS+5HacQ2HnD-IN without accidentally losing configuration access to the SXT LTE6.
or 2) If there is another way to configure the RB4011iGS+5HacQ2HnD-IN so that queues will work on it and is followed even if the entire network is set up as bridge but also should remain the DHCP and firewall for the network and obviously the SXT LTE6 will have to be the NAT.
 
mkx
Forum Guru
Forum Guru
Posts: 5815
Joined: Thu Mar 03, 2016 10:23 pm

Re: Turning my router into the WAN itself.

Tue May 04, 2021 2:34 pm

Something similar is topic of this post. Does it help?

Just be sure to use VLAN IDs in range between 2 and 4000 (inclusive) ... stay away from VID 1 (using it is a recipe for troubles).
BR,
Metod
 
Machello
just joined
Topic Author
Posts: 4
Joined: Fri Dec 04, 2020 3:22 pm

Re: Turning my router into the WAN itself.

Tue May 04, 2021 5:40 pm

Can you indicate to me in better detail that solution, cause each time I remove ether1 from the bridge I lose configuration connection to the device immediately.

SXT:
- set IP/Adresses interface from ether1 to local LAN SXT bridge
--- What does he mean by this? All I see is 192.168.88.1 connected to 192.168.88.0 network and it is by default running on an interface called "bridge" (the default one)
--- The only option in the interface selection box is bridge, ehter1, ether2 and lte1
--- The LTE address is also located in that window but that is not relevant to what needs to be done.
- remove ether1 from LAN SXT bridge
--- As soon as remove or change ether1 from the default bridge in Bridge/Ports i lose connection immediately an can no longer continue configuring the rest of the steps. Am I missing something?
- create two vlan's (1 for the internet and 2 for management), both connected to eth1 on SXT.
--- Ok I assume this gets created under Interfaces/VLAN tab. Easy enough to do.
- create Brigde_conf and add to it vlan_conf and ether1 on Bridge/Ports tab
--- A second bridge??? Can I not just add vlan_config to the default bridge???
- set the DHCP client on bridge_conf
--- Easy enough
- on the interface list, set WAN interface to vlan_net (1)
--- Easy enough
- in Interface LTE/LTE APNs change the passtrough interface to vlan_net
--- Easy enough
- disable firewall rule: defconf: drop all not coming from LAN
--- It would be a way better idea to disable the firewall complete since that will be handled by the second router

All the rest is easy enough to do. This solution is poorly and hastily written causing me do understand it poorly.
And thanks to it telling me to "remove ether1 from LAN SXT bridge" i had to climb up a very long tower trying to reset the router to connect to it's interfaces again.
 
mkx
Forum Guru
Forum Guru
Posts: 5815
Joined: Thu Mar 03, 2016 10:23 pm

Re: Turning my router into the WAN itself.

Tue May 04, 2021 7:34 pm

If setup of SXT is pretty much default, then the following should work: use winbox and mac connection. Before removing ether1 from bridge add ether1 to interface list called LAN.
BR,
Metod
 
Machello
just joined
Topic Author
Posts: 4
Joined: Fri Dec 04, 2020 3:22 pm

Re: Turning my router into the WAN itself.  [SOLVED]

Wed May 05, 2021 7:47 am

I have solved my problem and here is the steps that I followed:

1) Reset SXT 6 LTE router to it's default setting.
2) Place it's cable from ether1 port directly into PC's/Laptop's network port or in another router's ethernet port running as a bridge so you can have access to it's interface in Winbox.
2) Set SXT 6 LTE's bridge/local ip to a static ip adress. I used 192.168.88.2 for IP Address and 255.255.255.0 (/24) for Netmask. You can set this in the Quick Set menu.
3) Make sure you uncheck DHCP Server / NAT / Firewall Router check boxes and do any other necessary settings you need in the Quick Set menu and apply new setting.
4) Reboot the SXT 6 LTE.
5) After reboot go to Interface List / VLAN and create a new vlan called 'vlan_conf' with the VLAN ID field set between 100 - 2000 (just as long as it is not a low value, I used 500). Set the Interface field to 'ether1' and click apply.
6) Go to Bridge / Ports and add vlan_conf to the default bridge of SXT router. You should now see ether1, ether2 and vlan_conf.
--- The default bridge is there so you can access the SXT 6 LTE's interface with ether2 port on the SXT router or via vlan on ether1 port on the RB4011iGS+5HacQ2HnD-IN router after ether1 gets removed from the default bridge.
7) Go to Interfaces / LTE and click on LTE APNs and open the default apn for SXT 6 LTE router. Change the Passthrough Interface field to 'ether1' and insert the mac address of RB4011iGS+5HacQ2HnD-IN router into Passthr. MAC Address field. Make sure 'Use Peer DNS' and 'Add Default Route' check boxes is checked and click apply.
8) Open IP / DHCP Client and add a new client. Change the Interface field to 'ether1', check both the 'Use Peer DNS' and 'Use Peer NTP' and set the Add Default Route field to 'yes' and click apply.
9) Create a new address in the address list via IP / Addresses interface so that 'ether1' can have a static ip on RB4011iGS+5HacQ2HnD-IN router. This is going to be the WAN IP used by the RB4011iGS+5HacQ2HnD-IN router to relay and forward data to the SXT 6 LTE and the internet. If you do not do this the RB4011iGS+5HacQ2HnD-IN router's DHCP settings will automatically give the SXT 6 LTE ether1 port a dynamic ip which will ruin your day. Set the Interface field in the new address to 'ether1' and set the new address and network field so it is compatible with the default bridge on the SXT 6 LTE router and click apply. I used 192.168.88.3/24 in the Address field and 192.168.88.0 in the Network field. My default bridge address corresponds to this with 192.168.88.2/24 as the address and 192.168.88.0 as the network.
10) Your SXT 6 LTE router will restart automatically cause it now understand the new 192.168.88.3/24 address as the default local address for the router. If it does not reboot automatically, reboot the SXT 6 LTE. When it reboots you should see the IP Address under Local Network in the Quick Set menu has changes to what ever ip you used in step 9. If it did not change then something went wrong. You can now remove ether1 from the default bridge by deleting the ether1 interface entry in Bridge / Ports menu list. Deleting it will cause the SXT router to disconnect from Winbox and you will only be able to connect to it's interfaces vai ether2 port or when the RB4011iGS+5HacQ2HnD-IN has been fully configured and both routers is connected to each others ether1 ports.
11) Now you can plug in the SXT 6 LTE's ether1 port to the ether1 port of RB4011iGS+5HacQ2HnD-IN router and also you're Laptop/PC to ether2 port of RB4011iGS+5HacQ2HnD-IN router.

RB4011iGS+5HacQ2HnD-IN Steps:

12) Reset configuration of RB4011iGS+5HacQ2HnD-IN settings to default and reboot it.
13) After reboot open Quick Set menu and use Home AP Dual quick setting with the following fields (you can also use WISP AP just as long as the Quick Set menu allows you to set the device as a router and """NOT A BRIDGE""") :
--- Internet / Port : Eth1
--- Address Acquisition: Automatic
--- MAC Address : [The MAC Address of the RB4011iGS+5HacQ2HnD-IN router] it should be the same MAC address you used in step 7
--- Firewall Router : Checked
--- NAT : Checked
--- DHCP Server : Checked
--- IP Address : [An Gateway IP that is compatible with the bridge and ether1 of SXT 6 LTE router] I used 192.168.88.1, this is going to be the routers main IP Address and the Gateway of all devices using RB4011iGS+5HacQ2HnD-IN as a hot spot.
--- Netmask : [An Netmask that is compatible with the bridge and ether1 of SXT 6 LTE router] I used 255.255.255.0 (/24)
--- DHCP Server Range [A range of IPs that is compatible, free and does not conflict with important IPs of both routers and other digital equipment on you're network] I used 192.168.88.10-192.168.88.254
--- Any other necessary setting you need.
14) Click Apply and reboot RB4011iGS+5HacQ2HnD-IN router.
15) In the Interfaces / Interfaces List menu the WAN entry should be set to use ether1 in the Interface field, any other WAN entries should be deleted. The router may create WAN entries automatically and should be deleted if you find it did create extra WAN entries.
16) After reboot add a vlan in the exact same way you did in step 5 and also add it to the default bridge of RB4011iGS+5HacQ2HnD-IN router just like in step 6. Remove the ether1 entry in Bridge / Ports menu completely and reboot the router.
17) Add a new DHCP client to RB4011iGS+5HacQ2HnD-IN router in the exact same way you did in step 8 and reboot.

After all step is done it is time to check if all configuration setting has applied correctly:

The first thing you will notice is that SXT 6 LTE router will show up on the Neighbors tab in Winbox while connected on the ether1 ports on both routers. This show that the VLAN is correctly set up and that all IPs is most likely configured correctly. You can connect to it via it's MAC address. If it does not show up you can always insert another network cable into ether2 port on the SXT router and connect the cable to any router port that is not the ether1 port on any of the routers or directly into PC/Laptop to access it's interface in Winbox.

Clicking on the LTE APNs button in Interfaces / LTE menu on RB4011iGS+5HacQ2HnD-IN router will list the exact same APN as the SXT 6 LTE router without the Passthrough settings. It is created automatically when the passthrough has succeeded. This means the DHCP Client between the two routers is communicating correctly and the SXT 6 LTE router is now functioning as a proper WAN.

In the IP / DHCP Client menu. Open the client entry listed with the ether1 interface. Click on the Status tab in the window that opens and you will see a IP Address and Gateway which is very different from the IP addresses you used, a DHCP Server address (which should be the IP of the ether1 port on SXT router you used in step9, mine shows the IP 192.168.88.3) and a primary and secondary DNS server. These address are the ones supplied by your ISP and SXT router's APNs and Default Route DHCP. The Quick Set menu should also now display these addresses under the Internet section of the form. If your ISP has not supplied you a primary and/or secondary DNS address then you should add DNS server addresses to either one of the routers on the IP / DNS menu and reboot both routers. Internet will not function without DNS.

In the IP / DHCP Server / Networks menu on RB4011 router there should be an entry automatically added that shows the IP of the RB4011 router (192.168.88.1) is the main gateway for you're network's address (192.168.88.0/24). This information is correct and you should not add any other information on any of the other fields except maybe the DNS Server field if you're ISP did not supply any Primary or Secondary DNS via the APN. In you're computer's network card status window you will see the network card uses the IP of the RB4011 router for almost everything. This is correct. Nowhere in the DHCP Server menus should the RB4011 router list the SXT router. The SXT router need to be a complete transparent connection in front of the RB4011 router.

In the IP / DNS Settings you will see the RB2011 router has added the Dynamic Servers supplied by you're ISP's DHCP on the LTE APNs on the SXT router automatically. Insure that Allow Remote Requests is checked in this menu. If your ISP has not supplied DNS addresses then you should add one or more manually in the Servers field. ISPs usually supply 2 dynamic addresses.

In the RB 4011 router's Bridge / Ports menu you will see the vlan_conf entry. It's role on the bridge should be set to 'root port'. On the SXT router it should be 'designated port'. Both routers should set the port roles correctly automatically the first time. If the routers did not do it correctly automatically then it means something went wrong on the steps you have taken. In the RB4011 router's Bridge / Hosts menu vlan_conf should have at least 1 entry the same MAC address as the SXT router. On the SXT router it should have at least 1 entry the same MAC address as the RB4011 router. This is valid proof that the vlan is working 100% correctly

Do not change or add anything to the IP / DNS Server menus on the SXT router. It should have a static-only DHCP running on the ether1 interface on DHCP tab. In Networks tab it should have an entry that lists the IP, Gateway and DNS servers supplied by your ISP. The SXT router forwards these to the RB4011 router so it can configure the Internet APN on itself automatically when ever the ISP renews the IPs used. These IPs will cange regularly and the SXT router's APN will update it regularly. Meaning even if you change something in that entry it will soon be wiped clean. There is a second entry in the Networks tab pointing to the bridge of the SXT, but you can ignore it. Do not delete it. In the Leases tab you should see an entry the SXT router uses to relay information to the RB4011 router. Those are the IPs for your RB4011 router from the SXT router's side.

In the IP / Address List menu some new address entries should be listed at the top marked with a D in the first column. These are dynamic addresses that changes and get updated regularly and automatically. If you do not see them in both routers running on the ether1 interface in that menu then I suggest rebooting both routers to refresh the entries or you will have to run thru all the steps from the start.

With all the configuration settings prim and proper all your devices should no be able to use the RB4011 router as the hot spot that shares the SXT's internet as if it is a WAN. Remember to set a password for configuration access on both routers and also make sure the WiFi passwords is not the same as the configuration passwords.

Quick Troubleshooting Guide:

Before you can complete most of the steps you need manually configure the IP and network mask of the network card in your computer. Only when the RB4011 router is fully configured should you set IPv4 protocols to automatic.

Internet not working.... make sure RB4011 is running a srcnat masquerade on the WAN in the Out Interface field and that it is activated. That can be found on the Firewall / NAT menu. The SXT should not be running anything on the NAT menu at all. The RB4011 controls what goes thru the internet and should be the only thing running Firewalls, DHCP Servers and NAT entries. The SXT should only be running some basic Filter Rules set during the Quick Set menu.

Is the RB4011 not following the Simple Queues you specified. Remember that those queues is followed according to its position on the Simple Queues list. The queued target at the top will override the queued targets below it. Simple Queues does not work on a router set to "Bridge Mode". The Router must be set to "Router Mode" and the fasttrack rules in both routers in the Firewall / Filter Rules menu must be disabled or those rules will allow all traffic to bypass the Simple Queues completely.

Sometime elements you changed wont work cause you forgot to reboot both routers. Reboot the SXT router first, then the RB4011. You can reboot both simultaneously if you want. The SXT is most likely to boot first anyway.

Who is online

Users browsing this forum: No registered users and 61 guests