I am newbie to Mikrotik stuff, recently I made dual balancing setting based on information from the internet and it works OK.
I have recently decided to add 3rd WAN interface only for my backup purpose – no need to add it into current load balancing config. I just wanted to be able to connect it via wlan1 interface – I mean WAN3 port and its traffic assign to wlan1 interface – so when I connect to WIFI only WAN3 traffic is used. It would be good to have access to other WAN interfaces for monitoring purpose…
Honestly, I tried several settings to do that but it did not work at the end – so had to restore my previous settings … Any hint would be appreciated, I could also add my current config if it helps.
Thanks a lot for your feedback!
I've tried to add vlan for WAN3 and wlan1 interface - looks like it's working however I'd like to be able to have management access from both bridges - I probably need to create additional mangle rules but I am struggling
But you might suggest "more clever" solution , so I am adding my current config below.
Thanks for any suggestions.
Code: Select all
[/code
]/interface bridge
add admin-mac=08:55:31:70:38:29 auto-mac=no comment=defconf name=bridge
add name=bridgeVLAN10
/interface ethernet
set [ find default-name=ether1 ] name=WAN1
set [ find default-name=ether2 ] name=WAN2
set [ find default-name=ether4 ] name=WAN3
/interface wireless
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
20/40/80mhz-XXXX distance=indoors frequency=auto installation=indoor \
mode=ap-bridge ssid=MikroTik-70382E wireless-protocol=802.11
/interface vlan
add interface=WAN3 name=vlanWAN3 vlan-id=10
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys name=\
WifiDoma supplicant-identity=""
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
country=slovakia disabled=no distance=indoors frequency=auto \
installation=indoor mode=ap-bridge security-profile=WifiDoma ssid=\
OrangeLTE wireless-protocol=802.11
/interface vlan
add interface=wlan1 name=vlanWLAN1 vlan-id=10
/ip pool
add name=default-dhcp ranges=192.168.1.10-192.168.1.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge name=defconf
/queue simple
add max-limit=1M/15M name="Orange Bandwith" queue=\
pcq-upload-default/pcq-download-default target=192.168.1.0/24
add max-limit=768k/8M name=Xbox parent="Orange Bandwith" queue=\
pcq-upload-default/pcq-download-default target=192.168.1.248/32
add max-limit=768k/4M name=LG_Spalna parent="Orange Bandwith" queue=\
pcq-upload-default/pcq-download-default target=192.168.1.249/32
add max-limit=768k/4M name=AntikDole parent="Orange Bandwith" queue=\
pcq-upload-default/pcq-download-default target=192.168.1.247/32
add max-limit=768k/7M name=AntikHore parent="Orange Bandwith" priority=1/1 \
queue=pcq-upload-default/pcq-download-default target=192.168.1.246/32
add max-limit=768k/4M name="Jakub TV Stick" parent="Orange Bandwith" queue=\
pcq-upload-default/pcq-download-default target=192.168.1.245/32
add max-limit=768k/2M name=GoogleHomeHore parent="Orange Bandwith" queue=\
pcq-upload-default/pcq-download-default target=192.168.1.252/32
add max-limit=768k/3M name=LG_Jakub parent="Orange Bandwith" queue=\
pcq-upload-default/pcq-download-default target=192.168.1.253/32
add max-limit=768k/3M name=Chromecast parent="Orange Bandwith" queue=\
pcq-upload-default/pcq-download-default target=192.168.1.254/32
add disabled=yes max-limit=768k/7M name=LG-Obyvacka parent="Orange Bandwith" \
priority=1/1 queue=pcq-upload-default/pcq-download-default target=\
192.168.1.251/32
add max-limit=768k/2M name=GoogleHomeDole parent="Orange Bandwith" queue=\
pcq-upload-default/pcq-download-default target=192.168.1.250/32
/interface bridge port
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether5
add bridge=bridgeVLAN10 comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
add bridge=bridgeVLAN10 interface=WAN3
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface detect-internet
set detect-interface-list=all
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=WAN1 list=WAN
add interface=WAN2 list=WAN
add interface=WAN3 list=WAN
add interface=bridgeVLAN10 list=LAN
/ip address
add address=192.168.1.1/24 comment=defconf interface=bridge network=\
192.168.1.0
/ip dhcp-client
add add-default-route=no comment=defconf disabled=no interface=WAN1
add add-default-route=no comment=defconf disabled=no interface=WAN2
# DHCP client can not run on slave interface!
add disabled=no interface=WAN3
/ip dhcp-server lease
add address=192.168.1.252 mac-address=00:F6:20:D3:12:56 server=defconf
add address=192.168.1.250 mac-address=F8:0F:F9:8D:5D:D4 server=defconf
add address=192.168.1.249 client-id=1:c8:8:e9:93:23:ad mac-address=\
C8:08:E9:93:23:AD server=defconf
add address=192.168.1.248 client-id=1:f0:6e:b:f3:3d:ab mac-address=\
F0:6E:0B:F3:3D:AB server=defconf
add address=192.168.1.253 mac-address=CC:2D:8C:37:FF:EC server=defconf
add address=192.168.1.254 mac-address=6C:AD:F8:54:FD:2E server=defconf
add address=192.168.1.32 client-id=1:f4:8c:eb:a7:7:8a mac-address=\
F4:8C:EB:A7:07:8A server=defconf
add address=192.168.1.247 client-id=1:0:16:2a:83:39:ad mac-address=\
00:16:2A:83:39:AD server=defconf
add address=192.168.1.246 client-id=1:0:16:2a:84:5f:cc mac-address=\
00:16:2A:84:5F:CC server=defconf
add address=192.168.1.27 client-id=1:38:6a:77:3d:cc:e7 mac-address=\
38:6A:77:3D:CC:E7 server=defconf
add address=192.168.1.21 client-id=1:f4:8c:eb:a6:d8:f2 mac-address=\
F4:8C:EB:A6:D8:F2 server=defconf
add address=192.168.1.245 client-id=1:6c:d:c4:c7:21:e0 mac-address=\
6C:0D:C4:C7:21:E0 server=defconf
add address=192.168.1.233 client-id=1:20:17:42:a0:8b:2a mac-address=\
20:17:42:A0:8B:2A server=defconf
/ip dhcp-server network
add address=192.168.1.0/24 comment=defconf gateway=192.168.1.1
/ip dns
set allow-remote-requests=yes servers=208.67.222.123,208.67.220.123
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall address-list
add address=192.168.1.245-192.168.1.254 list=Orange
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related disabled=yes
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall mangle
add action=mark-routing chain=prerouting new-routing-mark=to_WAN2 \
passthrough=no src-address-list=Orange
add action=accept chain=prerouting dst-address=192.168.3.0/24 in-interface=\
bridge
add action=accept chain=prerouting dst-address=192.168.6.0/24 in-interface=\
bridge
add action=accept chain=prerouting dst-address=192.168.100.0/24 in-interface=\
bridge
add action=mark-connection chain=prerouting connection-mark=no-mark \
in-interface=WAN2 new-connection-mark=WAN2_conn passthrough=no
add action=mark-connection chain=prerouting connection-mark=no-mark \
in-interface=bridgeVLAN10 new-connection-mark=WAN3_conn passthrough=no
add action=mark-connection chain=prerouting connection-mark=no-mark \
in-interface=WAN1 new-connection-mark=WAN1_conn passthrough=no
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local in-interface=bridge new-connection-mark=WAN2_conn \
per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local in-interface=bridge new-connection-mark=WAN1_conn \
per-connection-classifier=both-addresses:2/1
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local in-interface=bridge new-connection-mark=WAN1_conn \
per-connection-classifier=both-addresses:2/2
add action=mark-routing chain=prerouting connection-mark=WAN2_conn \
in-interface=bridge new-routing-mark=to_WAN2 passthrough=no
add action=mark-routing chain=prerouting connection-mark=WAN1_conn \
in-interface=bridge new-routing-mark=to_WAN1 passthrough=no
add action=mark-routing chain=output connection-mark=WAN2_conn \
new-routing-mark=to_WAN2 passthrough=no
add action=mark-routing chain=output connection-mark=WAN1_conn \
new-routing-mark=to_WAN1 passthrough=no
add action=mark-routing chain=output connection-mark=WAN3_conn \
new-routing-mark=to_WAN3 passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface=WAN1
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface=WAN2
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface=vlanWAN3
/ip route
add distance=2 gateway=192.168.100.1 routing-mark=to_WAN2
add check-gateway=ping distance=1 gateway=192.168.3.2 routing-mark=to_WAN1
add check-gateway=ping distance=1 gateway=192.168.3.2
add distance=2 gateway=192.168.100.1
add disabled=yes distance=1 gateway=\
192.168.3.2,192.168.3.2,192.168.3.2,192.168.100.1