Mon May 09, 2022 4:50 pm
Why not make life easier for yourself and create another subnet and use a different etherport for the other subnet??
If not yes, you are stuck with mangling traffic
What I would do is make WAN1 the primary WAN distance =1 and make WAN2 the secondary by distance=5
Then all traffic will go to WAN1 by the distance setting. This takes care of 1/2 your traffic. Now for the other half!
Create a firewall address group for the contiguous group you have identified should go to WAN2> 192.168.1.110-192.168.1.200 =second_group
Then mangle their traffic such that we mangle and IP route that traffic out WAN2.
THIS MAY NOT BE EXACTLY CORRECT BUT IS AN EXAMPLE OF WHERE I WOULD START
/ip firewall mangle
add chain=prerouting in-interface=ether3 src-address-list=second_group connection-state=new action=mark-connection new-connection-mark=WAN2_conn
add chain=prerouting in-interface=ether3 connection-mark=WAN2_conn action=mark-routing new-routing-mark=ISP2_route
/ip route
add dst-address=0.0.0.0./0 gwy=ISP1 distance=1
add dst-address=0.0.0.0./0 gwy=ISP2 distance=5
add dst-address=0.0.0.0/0 gwy=ISP2 distance=5 routing-mark=ISP2_route
There are a gazillion ways to approach this, but be aware in this example if WAN1 is not available the users in WAN 1 will switch to WAN2 and vice versa.
They will not go back to their original WAN if the original WAN comes back on line.
In other words you need to better articulate your requirements.
Last edited by
anav on Mon May 09, 2022 5:08 pm, edited 6 times in total.