Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

RB3011 2 IPs with 2 bridges

Post Reply
 
Stefkoff
just joined
Topic Author
Posts: 2
Joined: Wed Mar 03, 2021 6:39 pm

RB3011 2 IPs with 2 bridges

Wed Mar 03, 2021 6:54 pm

Hello,

I'm new to Mikrotik and still learning from where I can found a solution for a problem.
Currently, I faced with the following situation.
My IPS gives me two IPs: IP1 and IP2 (ether1 and ether5), coming from the GPON router
I've built 2 bridges bridge 1 - ether 2, 3, 4, 6, 7, 8, 10) for IP1 and bridge2 - ether 9 for IP2.
Whatever I'm trying to do, everytime I end with only one working IP. My last try was that the bridge 1 uses IP1, but bridge 2 does not have internet access at all (event with NAT).
I'm I doing something wrong, or the things are not supposed to work like this.

There is my last configuration with one working bridge.
Code: Select all
/interface bridge
add admin-mac=48:8F:5A:6F:42:07 auto-mac=no comment=defconf name=bridge
add name=bridge1
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
add name=WAN2
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=default-dhcp ranges=192.168.88.2-192.168.88.128
add name=pool1 ranges=192.168.88.129-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge name=defconf
add address-pool=pool1 disabled=no interface=bridge1 name=server1
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge1 comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=ether10
add bridge=bridge comment=defconf interface=sfp1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add interface=bridge1 list=LAN
add interface=ether1 list=WAN
add interface=ether5 list=WAN2
/ip address
add address=192.168.88.1/25 comment=defconf interface=bridge network=\
    192.168.88.0
add address=192.168.99.1/24 disabled=yes interface=bridge1 network=192.168.99.0
add address=192.168.88.1/25 interface=bridge1 network=192.168.88.0
/ip dhcp-client
add comment=defconf disabled=no interface=ether1
add disabled=no interface=ether5
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=8.8.8.8 gateway=\
    192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
    invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" \
    connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
add action=accept chain=forward in-interface=bridge1
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=\
    out,none log=yes log-prefix=ppp out-interface-list=WAN2
add action=masquerade chain=srcnat out-interface-list=WAN
/ip route
add distance=1 gateway="ether5,[ISP_GATEWAY_HERE]@(unknown)" routing-mark=second-ip
/ip route vrf
add interfaces=ether1,bridge routing-mark=main-ip
add interfaces=ether5,bridge1 routing-mark=second-ip
*NOTE* VRF was used after I read for some possible solutions regarding my problem, but I'm not 100% sure that I need it, because I'm not so familiar with it.

Thanks.
Top
 
Stefkoff
just joined
Topic Author
Posts: 2
Joined: Wed Mar 03, 2021 6:39 pm

Re: RB3011 2 IPs with 2 bridges

Fri Mar 05, 2021 9:09 am

Just an update if someone is facing the same problem - the solution was to mark the routes of the two bridges before I enable the dhcp clients from the incoming WAN. In this way, when the dhcp client build the routes by itself, their route mark was set correctly and everything worked.

Thanks
Top
Post Reply

Who is online

Users browsing this forum: Kanzler, MarkusT, pfturner and 52 guests
  4. RouterOS
  5. Beginner Basics