Community discussions

MikroTik App
 
jtejada
just joined
Topic Author
Posts: 1
Joined: Wed Mar 10, 2021 8:17 am

hAP ac2 dual wan and AP

Wed Mar 10, 2021 8:23 am

Hi all,

I'm new to mikrotik router board and I want to failover when one ISP goes down to second ISP or third ISP but also want to use the AP within the hAP ac2 itself


I've seen some tutorials on how to load balance and failover two or three ISP but they always use a LAN ethernet port so I wonder if is possible and how I can do using the Access Point wlan1 and wlan2 2 and 5G instead of LAN port





























/ip address
add address=192.168.1.18/24 interface=ether1
add address=192.168.8.18/24 interface=ether2
add address=192.168.2.1/24 interface=ether3
add address=192.168.3.1/24 interface=ether4
add address=192.168.4.1/24 interface=ether5


/ip hotspot profile
add hotspot-address=172.16.100.254 name=hsprof1
/ip pool
add name=hs-pool-6 ranges=172.16.100.10-172.16.100.20
/ip dhcp-server
add address-pool=hs-pool-6 disabled=no interface=wlan1 lease-time=1h name=\
dhcp1
/ip hotspot
add address-pool=hs-pool-6 disabled=no interface=wlan1 name=hotspot1 profile=\
hsprof1

/ip hotspot profile
add hotspot-address=172.16.200.254 name=hsprof2
/ip pool
add name=hs-pool-6 ranges=172.16.200.10-172.16.200.20
/ip dhcp-server
add address-pool=hs-pool-6 disabled=no interface=wlan2 lease-time=1h name=\
dhcp2
/ip hotspot
add address-pool=hs-pool-6 disabled=no interface=wlan2 name=hotspot2 profile=\
hsprof2

/tool user-manager customer
set admin access=\
own-routers,own-users,own-profiles,own-limits,config-payment-gw
/tool user-manager profile
add name=test name-for-users="" override-shared-users=off owner=admin price=0 \
starts-at=logon validity=0s

/ip address
add address=172.16.100.254/24 interface=wlan1 network=172.16.100.0

/ip dhcp-server network
add address=172.16.100.0/24 comment="hotspot network" dns-server=\
8.8.8.8 gateway=172.16.100.254
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
/ip firewall mangle
add action=accept chain=prerouting dst-address=192.168.40.0/24 in-interface=\
wlan1
add action=accept chain=prerouting dst-address=192.168.50.0/24 in-interface=\
wlan1


add address=172.16.200.254/24 interface=wlan1 network=172.16.200.0
/ip dhcp-server network
add address=172.16.200.0/24 comment="hotspot network" dns-server=\
8.8.8.8 gateway=172.16.200.254
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
/ip firewall mangle
add action=accept chain=prerouting dst-address=192.168.40.0/24 in-interface=\
wlan2
add action=accept chain=prerouting dst-address=192.168.50.0/24 in-interface=\
wlan2


add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local hotspot=auth in-interface=wlan1 \
new-connection-mark=ISP2_conn passthrough=yes per-connection-classifier=\
both-addresses:2/1
add action=mark-routing chain=prerouting connection-mark=ISP1_conn \
in-interface=wlan1 new-routing-mark=to_ISP1

add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local hotspot=auth in-interface=wlan2 \
new-connection-mark=ISP2_conn passthrough=yes per-connection-classifier=\
both-addresses:2/1
add action=mark-routing chain=prerouting connection-mark=ISP1_conn \
in-interface=wlan2 new-routing-mark=to_ISP1


add action=mark-routing chain=prerouting connection-mark=ISP2_conn \
in-interface=wlan1 new-routing-mark=to_ISP2
add action=mark-routing chain=prerouting connection-mark=ISP2_conn \
in-interface=wlan2 new-routing-mark=to_ISP2
add action=mark-routing chain=output connection-mark=ISP1_conn \
new-routing-mark=to_ISP1
add action=mark-routing chain=output connection-mark=ISP2_conn \
new-routing-mark=to_ISP2



/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes

/ip hotspot user
add name=admin
/ip route
add check-gateway=ping distance=1 gateway=192.168.40.254 routing-mark=to_ISP1
add check-gateway=ping distance=1 gateway=192.168.50.254 routing-mark=to_ISP2
add check-gateway=ping distance=1 gateway=192.168.40.254
add check-gateway=ping distance=2 gateway=192.168.50.254
/system identity
set name=HS-router


add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local hotspot=auth in-interface=wlan1 \
new-connection-mark=ISP1_conn passthrough=yes per-connection-classifier=\
both-addresses:2/0
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local hotspot=auth in-interface=wlan1 \
new-connection-mark=ISP2_conn passthrough=yes per-connection-classifier=\
both-addresses:2/1


add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local hotspot=auth in-interface=wlan2 \
new-connection-mark=ISP1_conn passthrough=yes per-connection-classifier=\
both-addresses:2/0
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local hotspot=auth in-interface=wlan2 \
new-connection-mark=ISP2_conn passthrough=yes per-connection-classifier=\
both-addresses:2/1


/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat out-interface=ether3
add action=masquerade chain=srcnat out-interface=ether4
add action=masquerade chain=srcnat out-interface=ether5




/ip hotspot user
add name=admin
/ip route
add check-gateway=ping distance=1 gateway=192.168.2.254 routing-mark=to_ISP1
add check-gateway=ping distance=1 gateway=192.168.3.254 routing-mark=to_ISP2
add check-gateway=ping distance=1 gateway=192.168.2.254
add check-gateway=ping distance=2 gateway=192.168.3.254
/system identity
set name=HS-router










/ ip firewall mangle
add chain=prerouting dst-address=192.168.1.0/24 action=accept in-interface=LAN
add chain=prerouting dst-address=192.168.8.0/24 action=accept in-interface=LAN

add chain=prerouting in-interface=ether1 connection-mark=no-mark action=mark-connection \
new-connection-mark=ISP1_conn
add chain=prerouting in-interface=ether2 connection-mark=no-mark action=mark-connection \
new-connection-mark=ISP2_conn


add chain=prerouting in-interface=LAN connection-mark=no-mark dst-address-type=!local \
per-connection-classifier=both-addresses:2/0 action=mark-connection new-connection-mark=ISP1_conn
add chain=prerouting in-interface=LAN connection-mark=no-mark dst-address-type=!local \
per-connection-classifier=both-addresses:2/1 action=mark-connection new-connection-mark=ISP2_conn


add chain=prerouting connection-mark=ISP1_conn in-interface=LAN action=mark-routing \
new-routing-mark=to_ISP1
add chain=prerouting connection-mark=ISP2_conn in-interface=LAN action=mark-routing \
new-routing-mark=to_ISP2
add chain=output connection-mark=ISP1_conn action=mark-routing new-routing-mark=to_ISP1
add chain=output connection-mark=ISP2_conn action=mark-routing new-routing-mark=to_ISP2


/ ip route
add dst-address=0.0.0.0/0 gateway=10.111.0.1 routing-mark=to_ISP1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.112.0.1 routing-mark=to_ISP2 check-gateway=ping


add dst-address=0.0.0.0/0 gateway=192.168.1.1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.8.1 distance=2 check-gateway=ping


/ ip firewall nat
add chain=srcnat out-interface=ether1 action=masquerade
add chain=srcnat out-interface=ether2 action=masquerade








/ip firewall mangle
add action=mark-connection chain=forward connection-mark=no-mark new-connection-mark=first out-interface=ether1 passthrough=yes
add action=mark-connection chain=forward connection-mark=no-mark new-connection-mark=other out-interface=ether2 passthrough=yes



/ip firewall nat
add action=src-nat chain=srcnat out-interface=ether1 to-address=192.168.1.18/24
add action=src-nat chain=srcnat out-interface=ether2 to-address=192.168.8.18/24



/ip firewall filter
add action=reject chain=forward connection-mark=other out-interface=ether1 reject-with=icmp-network-unreachable
add action=reject chain=forward connection-mark=first out-interface=ether2 reject-with=icmp-network-unreachable


/ip route add gateway=192.168.1.1 distance=1 check-gateway=ping
/ip route add gateway=192.168.8.1 distance=2

Who is online

Users browsing this forum: No registered users and 41 guests