Community discussions

 
networknoob88
newbie
Topic Author
Posts: 42
Joined: Sun Jul 15, 2018 6:00 pm

Anybody ues AT&T Gigabit Fiber with Mikrotik RouterOS?

Mon Jul 23, 2018 11:43 pm

I'm about to have AT&T Fiber 1000 installed for use with my new CCR1009-7G. The AT&T modem/gateway is a terrible piece of equipment with no bridge-mode and has low NAT table limit. Yet, the AT&T fiber uses some authentication protocol that requires a certificate installed in their own gateway so one cannot simply plug the AT&T line into a real router and call it a day.

Ubiquiti EdgeRouter users have come up with ways to enable bridge mode by routing the authentication traffic through the AT&T gateway, while routing the Internet traffic through the router, effectively bypassing the gateway and realizing true bridge mode. A sample guide can be seen here.

Since MT/RouterOS, especially the CCR, is a much more powerful and sophisticated router, I believe it should be capable of achieving the same bypass. Unfortunately I'm fairly new at this whole networking thing and am really just in the "guide following" stage. I wonder if anyone here has experience with RouterOS + AT&T Fiber bypass.

Thanks!
 
User avatar
pcunite
Forum Veteran
Forum Veteran
Posts: 862
Joined: Sat May 25, 2013 5:13 am
Location: USA

Re: Anybody ues AT&T Gigabit Fiber with Mikrotik RouterOS?

Tue Jan 15, 2019 9:14 pm

Has anyone found a way around the AT&T supplied router? I have fiber to the home now and the tech installed a BGW210-700. I have it configured for IP Passthrough, however it still maintains a NAT Table. Since its just an ethernet patch cable, would like to simply plug into ether1 on the MikroTik.
Last edited by pcunite on Wed Jan 16, 2019 12:15 am, edited 2 times in total.
 
anav
Forum Guru
Forum Guru
Posts: 1619
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: Anybody ues AT&T Gigabit Fiber with Mikrotik RouterOS?

Tue Jan 15, 2019 9:27 pm

You dont need the att modem/gateway because its not really a modem at least for the internet, all it does is provide a ready made vlan setting for you.

I have my mickrotik directly connected to the ONT, ONT to me means fiber to ethernet modem. Its this device that needs to be registered to your account for ethernet etc....
If that is your case you should be able to do the same. For example our internet on bell uses VLAN35.

The so called modem/gateway of which you speak has been off gathering dust for years. If I used TV from the provider I would have needed it to negotiate the TV vlan, multicast and Q0s protocols, but one can use the router to do that as well but tis complicated. I was close to doing that on an older Zyxel Router as they had recently upgraded software to handle the QoS packets but unfortunately the upgrade included all facets of router use EXCEPT INITIAL CONTACT and handshaking where I needed it the most LOL. I have no doubt its all doable with Mikrotik but I have since cancelled provided TV and gone full digital streaming (only need internet).
 
User avatar
pcunite
Forum Veteran
Forum Veteran
Posts: 862
Joined: Sat May 25, 2013 5:13 am
Location: USA

Re: Anybody ues AT&T Gigabit Fiber with Mikrotik RouterOS?

Tue Jan 15, 2019 11:03 pm

You don't need the att modem/gateway because its not really a modem at least for the internet, all it does is provide a ready made vlan setting for you. I have my MikroTik directly connected to the ONT, ONT to me means fiber to ethernet modem. Its this device that needs to be registered to your account for ethernet etc. If that is your case you should be able to do the same. For example our internet on bell uses VLAN35.

That is what I thought. Could you translate this for me? I'll do the work, just wondering if it makes sense to you.
 
User avatar
pcunite
Forum Veteran
Forum Veteran
Posts: 862
Joined: Sat May 25, 2013 5:13 am
Location: USA

Re: Anybody ues AT&T Gigabit Fiber with Mikrotik RouterOS?

Wed Jan 16, 2019 4:21 pm

This post by rajl explains it in more technical detail.

AT&T's supplied Residential Gateway, aka RG router (an BGW210-700 in my case) use embedded certificates and the EAPOL protocol to authenticate with their ONT (Alcatel-Lucent G-010G-A) and to their upstream equipment.

Thus, at least initially, the sending of EAPOL packets to the RG and ONT must occur. Then you can do work arounds to send everything else to your MikroTik. Here is an interesting solution.
 
anav
Forum Guru
Forum Guru
Posts: 1619
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: Anybody ues AT&T Gigabit Fiber with Mikrotik RouterOS?

Wed Jan 16, 2019 6:12 pm

pcunite, I havent read the links but its highly likely that that authentication is strictly for the TV or perhaps TV, telephone services.
I use VOIP for home phone and digital streaming so I dont care.
I did have TV temporarily and when I did I used the modem gateway for the initial connection and then routed the internet through my router and used the Cable connectors on the modem gateway to carry TV signal to the house (thus I used it but not for internet). The initial connection was for the TV signal and not the internet.

Will go read the links now.

Okay the obvious challenge from the first link is ATT uses vlan0, my Bell fiber is using vlan35.
In my case, the technician, when I refused the all in one box. Used the available phone jack on the new ONT, to program it.
Then he phoned in and authorized the number of the box or vice versa given a number over the phone from central he plugged a number into the ONT.
So the ONT is coded appropriately and no modem/gateway device is required.
I just plug my router in creating vlan35 and magic!!

I would be curious in your setup if you did the same thing.
Setup the mikrotik with the same gateway information (assuming you have a way of sniffing traffic to get your IP and gateway IP etc) plug it all in and the unplug the cable from the ONT from the att device into your ether1 (for example) and see if it you get connectivity??

The only thing you may require is to spoof the mack of your modem gateway onto the mikrotik if there is some reason it checks this periodically etc.......

Its not clear if you require TV or just internet. If just internet call ATT and just say you want an ONT for internet and they should be able to set it up.
 
trace323
Frequent Visitor
Frequent Visitor
Posts: 53
Joined: Thu May 07, 2015 5:52 pm

Re: Anybody ues AT&T Gigabit Fiber with Mikrotik RouterOS?

Wed Jan 16, 2019 10:20 pm

My friend has AT&T Giga Fiber. he had to set their device to bridge mode and it worked without issues.
 
User avatar
pcunite
Forum Veteran
Forum Veteran
Posts: 862
Joined: Sat May 25, 2013 5:13 am
Location: USA

Re: Anybody ues AT&T Gigabit Fiber with Mikrotik RouterOS?

Sat Jan 19, 2019 12:36 am

Good news folks, you don't need anything else but a MikroTik to bypass the AT&T supplied Residential Gateway (ATT RG). No separate hardware needed!

The one downside (not really) is that the CPU is involved. Because the RB4011 uses the RTL8367 switch chip, it does not have a Rule table. I have a 100Mbps fiber plan which is no trouble for the 1.4Ghz CPU. Please test with your 1Gbps plan.

This working sample also has automatic recovery from power loss too!

A complete working, start to finish, example. Instructions and step by step included.
##################################################################################################
# ABOUT:
#
# AT&T Residential Gateway (BGW210-700 and friends) Bypass using only a single MikroTik. No
# separate hardware or switch needed. Automatic recovery from power loss feature too.
#
# Tested with: RouterOS 6.43.8 on the RB4011
#
# Date: 1-25-2018
##################################################################################################

##################################################################################################
# HOW TO:
#
# 1) Reset MikroTik (/system reset-configuration)
#
# 2) Boot MikroTik first and then apply this config file.
#
# 3) Next, turn everything else on and plug everything in.
#    ONT               <-> ether1
#    ATT RG ONT Port   <-> ether2
#    Your PCs etc.     <-> ether3~ether10
#
# 4) Reboot the MikroTik to start automatic ATT RG and ONT sycing.
##################################################################################################

# Create two bridges. One for your network and the other for the WAN.
/interface bridge

# LAN
add name=Bridge_LAN protocol-mode=none

# WAN
# Set the WAN MAC (admin-mac) to be your ATT's RG MAC.
# We set the pvid parameter to a unique VLAN tag. A cheap way to keep incoming ONT and outgoing ether1 packets from seeing duplicate MACs.
# This way, only the ONT and ATT RG will see each other, not the momma Bridge with the duplicate MAC.
# Recall that we don't have a separate switch, the MikroTik is the switch!
add name=Bridge_WAN admin-mac=00:00:00:00:00:00 pvid=111 auto-mac=no igmp-snooping=yes protocol-mode=none vlan-filtering=yes

# Will want a firewall, naturally
/interface bridge settings set use-ip-firewall=yes

# Add ports to each bridge
/interface bridge port

# WAN
add bridge=Bridge_WAN interface=ether1
add bridge=Bridge_WAN interface=ether2

# LAN
add bridge=Bridge_LAN interface=ether3
add bridge=Bridge_LAN interface=ether4
add bridge=Bridge_LAN interface=ether5
add bridge=Bridge_LAN interface=ether6
add bridge=Bridge_LAN interface=ether7
add bridge=Bridge_LAN interface=ether8
add bridge=Bridge_LAN interface=ether9
add bridge=Bridge_LAN interface=ether10

# Ready a DHCP client for the ATT ONT to provide your IP address to
/ip dhcp-client add dhcp-options=clientid disabled=no interface=Bridge_WAN use-peer-dns=no use-peer-ntp=no

# Setup automatic recovery from power loss
/system scheduler add name=OnRebootATT start-time=startup on-event=":delay 30\r\n/system script run OnRebootATT"
/system script add name=OnRebootATT source="#\_OnRebootATT\r\n\r\n:log info \"Script: Starting OnRebootStartATTRG\";\r\n:delay 5\r\n\r\n:log info \"Script: Enable Virtual switch for ONT and ATT RG\";\r\n/interface bridge set Bridge_WAN pvid=111\r\n\r\n:log info \"Script: Ensure ATT RG ether2 is visible to ONT\";\r\n/interface bridge port set bridge=Bridge_WAN [find interface=ether2] pvid=1\r\n/interface ethernet enable ether2\r\n\r\n:log info \"Script: Sleep for 3 minutes to allow ONT and ATT RG time to sync\";\r\n:delay 180\r\n\r\n:log info \"Script: Ensure ATT RG is NOT visible to ONT\";\r\n/interface bridge port set bridge=Bridge_WAN [find interface=ether2] pvid=222\r\n/interface ethernet disable ether2\r\n\r\n:log info \"Script: ONT and ATT RG should be in sync. Virtual Switch shutting down. Enjoy your router.\";\r\n/interface bridge set Bridge_WAN pvid=1\r\n"

# Standard MikroTik LAN configuration stuff. Modify to suit your LAN
/ip pool add name=pool_LAN ranges=192.168.88.10-192.168.88.254
/ip dhcp-server add add-arp=yes address-pool=pool_LAN always-broadcast=yes disabled=no interface=Bridge_LAN lease-time=2d name=dhcp_LAN
/ip address add address=192.168.88.1/24 interface=Bridge_LAN
/ip dhcp-server network add address=192.168.88.0/24 dns-server=192.168.88.1 gateway=192.168.88.1
/ip dns set allow-remote-requests=yes servers="9.9.9.9,8.8.8.8"

# Sample Firewall
/ip firewall filter
add action=accept chain=input comment="Allow established related" connection-state=established,related
add action=accept chain=input comment="Allow LAN" in-interface=Bridge_LAN
add action=accept chain=input comment="Allow Ping" protocol=icmp
add action=drop chain=input comment="Drop all other input"
add action=accept chain=forward comment="Allow established related" connection-state=established,related
add action=accept chain=forward comment="Allow LAN" connection-state=new in-interface=Bridge_LAN
add action=accept chain=forward comment="Allow port forwards" connection-nat-state=dstnat in-interface=Bridge_WAN
add action=drop chain=forward comment="Drop all other forward"

# Sample masquerade
/ip firewall nat add action=masquerade chain=srcnat comment="Default masq" out-interface=Bridge_WAN


# Example rule table switching for better performance. How to make this work on the RB4011?
/interface ethernet switch rule add switch=switch1 ports=ether1 mac-protocol=0x888E new-dst-ports=ether2
/interface ethernet switch rule add switch=switch1 ports=ether2 mac-protocol=0x888E new-dst-ports=ether1
Last edited by pcunite on Fri Jan 25, 2019 11:18 pm, edited 2 times in total.
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1143
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: Anybody ues AT&T Gigabit Fiber with Mikrotik RouterOS?

Sat Jan 19, 2019 12:52 am

/interface ethernet switch rule ...
unfortunately 4011 doesn't do that in hardware: https://wiki.mikrotik.com/wiki/Manual:S ... troduction

why not use a cheap Tik with better switch in front? (or instead of 4011 altogether...) ex hAP ac2
 
Medikit
just joined
Posts: 2
Joined: Tue Feb 05, 2019 6:08 pm

Re: Anybody ues AT&T Gigabit Fiber with Mikrotik RouterOS?

Tue Feb 05, 2019 6:12 pm

I tried this with gigabit internet using my RB3011 including your switch rule. Speed is still reduced (getting about 450/450 max), I'm not sure if it's a hardware limitation. CPU-used maxes at 50% during a speed test and cpu-used-per-cpu at up to 90%, 5%.
Good news folks, you don't need anything else but a MikroTik to bypass the AT&T supplied Residential Gateway (ATT RG). No separate hardware needed!

The one downside (not really) is that the CPU is involved. Because the RB4011 uses the RTL8367 switch chip, it does not have a Rule table. I have a 100Mbps fiber plan which is no trouble for the 1.4Ghz CPU. Please test with your 1Gbps plan.

This working sample also has automatic recovery from power loss too!

A complete working, start to finish, example. Instructions and step by step included.
##################################################################################################
# ABOUT:
#
# AT&T Residential Gateway (BGW210-700 and friends) Bypass using only a single MikroTik. No
# separate hardware or switch needed. Automatic recovery from power loss feature too.
#
# Tested with: RouterOS 6.43.8 on the RB4011
#
# Date: 1-25-2018
##################################################################################################

##################################################################################################
# HOW TO:
#
# 1) Reset MikroTik (/system reset-configuration)
#
# 2) Boot MikroTik first and then apply this config file.
#
# 3) Next, turn everything else on and plug everything in.
#    ONT               <-> ether1
#    ATT RG ONT Port   <-> ether2
#    Your PCs etc.     <-> ether3~ether10
#
# 4) Reboot the MikroTik to start automatic ATT RG and ONT sycing.
##################################################################################################

# Create two bridges. One for your network and the other for the WAN.
/interface bridge

# LAN
add name=Bridge_LAN protocol-mode=none

# WAN
# Set the WAN MAC (admin-mac) to be your ATT's RG MAC.
# We set the pvid parameter to a unique VLAN tag. A cheap way to keep incoming ONT and outgoing ether1 packets from seeing duplicate MACs.
# This way, only the ONT and ATT RG will see each other, not the momma Bridge with the duplicate MAC.
# Recall that we don't have a separate switch, the MikroTik is the switch!
add name=Bridge_WAN admin-mac=00:00:00:00:00:00 pvid=111 auto-mac=no igmp-snooping=yes protocol-mode=none vlan-filtering=yes

# Will want a firewall, naturally
/interface bridge settings set use-ip-firewall=yes

# Add ports to each bridge
/interface bridge port

# WAN
add bridge=Bridge_WAN interface=ether1
add bridge=Bridge_WAN interface=ether2

# LAN
add bridge=Bridge_LAN interface=ether3
add bridge=Bridge_LAN interface=ether4
add bridge=Bridge_LAN interface=ether5
add bridge=Bridge_LAN interface=ether6
add bridge=Bridge_LAN interface=ether7
add bridge=Bridge_LAN interface=ether8
add bridge=Bridge_LAN interface=ether9
add bridge=Bridge_LAN interface=ether10

# Ready a DHCP client for the ATT ONT to provide your IP address to
/ip dhcp-client add dhcp-options=clientid disabled=no interface=Bridge_WAN use-peer-dns=no use-peer-ntp=no

# Setup automatic recovery from power loss
/system scheduler add name=OnRebootATT start-time=startup on-event=":delay 30\r\n/system script run OnRebootATT"
/system script add name=OnRebootATT source="#\_OnRebootATT\r\n\r\n:log info \"Script: Starting OnRebootStartATTRG\";\r\n:delay 5\r\n\r\n:log info \"Script: Enable Virtual switch for ONT and ATT RG\";\r\n/interface bridge set Bridge_WAN pvid=111\r\n\r\n:log info \"Script: Ensure ATT RG ether2 is visible to ONT\";\r\n/interface bridge port set bridge=Bridge_WAN [find interface=ether2] pvid=1\r\n/interface ethernet enable ether2\r\n\r\n:log info \"Script: Sleep for 3 minutes to allow ONT and ATT RG time to sync\";\r\n:delay 180\r\n\r\n:log info \"Script: Ensure ATT RG is NOT visible to ONT\";\r\n/interface bridge port set bridge=Bridge_WAN [find interface=ether2] pvid=222\r\n/interface ethernet disable ether2\r\n\r\n:log info \"Script: ONT and ATT RG should be in sync. Virtual Switch shutting down. Enjoy your router.\";\r\n/interface bridge set Bridge_WAN pvid=1\r\n"

# Standard MikroTik LAN configuration stuff. Modify to suit your LAN
/ip pool add name=pool_LAN ranges=192.168.88.10-192.168.88.254
/ip dhcp-server add add-arp=yes address-pool=pool_LAN always-broadcast=yes disabled=no interface=Bridge_LAN lease-time=2d name=dhcp_LAN
/ip address add address=192.168.88.1/24 interface=Bridge_LAN
/ip dhcp-server network add address=192.168.88.0/24 dns-server=192.168.88.1 gateway=192.168.88.1
/ip dns set allow-remote-requests=yes servers="9.9.9.9,8.8.8.8"

# Sample Firewall
/ip firewall filter
add action=accept chain=input comment="Allow established related" connection-state=established,related
add action=accept chain=input comment="Allow LAN" in-interface=Bridge_LAN
add action=accept chain=input comment="Allow Ping" protocol=icmp
add action=drop chain=input comment="Drop all other input"
add action=accept chain=forward comment="Allow established related" connection-state=established,related
add action=accept chain=forward comment="Allow LAN" connection-state=new in-interface=Bridge_LAN
add action=accept chain=forward comment="Allow port forwards" connection-nat-state=dstnat in-interface=Bridge_WAN
add action=drop chain=forward comment="Drop all other forward"

# Sample masquerade
/ip firewall nat add action=masquerade chain=srcnat comment="Default masq" out-interface=Bridge_WAN


# Example rule table switching for better performance. How to make this work on the RB4011?
/interface ethernet switch rule add switch=switch1 ports=ether1 mac-protocol=0x888E new-dst-ports=ether2
/interface ethernet switch rule add switch=switch1 ports=ether2 mac-protocol=0x888E new-dst-ports=ether1
 
inmultec
just joined
Posts: 3
Joined: Wed Feb 06, 2019 8:25 am

Re: Anybody ues AT&T Gigabit Fiber with Mikrotik RouterOS?

Wed Feb 06, 2019 8:34 am

pcunite, I have att fiber 1gb with tv... how do I keep the tv running and use my rb3011 to do the internet stuff.. any ideas.

Also, there is a mention of a vlan0 but in the set up I dont see it mentioned, is that te vpid 111?

I have taken my uverse boxes to my other location (outside the US) and have them working via eoip and bridging that with a port connected to another lan port from the gateway/modem... I do other heavy lifting with my fiber connection and I do feel there is some latency issues probably because of the limited nat muscle of the 210-700.
 
inmultec
just joined
Posts: 3
Joined: Wed Feb 06, 2019 8:25 am

Re: Anybody ues AT&T Gigabit Fiber with Mikrotik RouterOS?

Wed Feb 06, 2019 3:32 pm

Did you have to setup any vlan0 if so where, how?

Did you turn on fasttrak?

I am willing to go to a CCR1009 or CCR1016-12G if that's what it takes to make it to 1gbps, but I need to also run uverse TV...


I tried this with gigabit internet using my RB3011 including your switch rule. Speed is still reduced (getting about 450/450 max), I'm not sure if it's a hardware limitation. CPU-used maxes at 50% during a speed test and cpu-used-per-cpu at up to 90%, 5%.
Good news folks, you don't need anything else but a MikroTik to bypass the AT&T supplied Residential Gateway (ATT RG). No separate hardware needed!

The one downside (not really) is that the CPU is involved. Because the RB4011 uses the RTL8367 switch chip, it does not have a Rule table. I have a 100Mbps fiber plan which is no trouble for the 1.4Ghz CPU. Please test with your 1Gbps plan.

This working sample also has automatic recovery from power loss too!

A complete working, start to finish, example. Instructions and step by step included.
##################################################################################################
# ABOUT:
#
# AT&T Residential Gateway (BGW210-700 and friends) Bypass using only a single MikroTik. No
# separate hardware or switch needed. Automatic recovery from power loss feature too.
#
# Tested with: RouterOS 6.43.8 on the RB4011
#
# Date: 1-25-2018
##################################################################################################

##################################################################################################
# HOW TO:
#
# 1) Reset MikroTik (/system reset-configuration)
#
# 2) Boot MikroTik first and then apply this config file.
#
# 3) Next, turn everything else on and plug everything in.
#    ONT               <-> ether1
#    ATT RG ONT Port   <-> ether2
#    Your PCs etc.     <-> ether3~ether10
#
# 4) Reboot the MikroTik to start automatic ATT RG and ONT sycing.
##################################################################################################

# Create two bridges. One for your network and the other for the WAN.
/interface bridge

# LAN
add name=Bridge_LAN protocol-mode=none

# WAN
# Set the WAN MAC (admin-mac) to be your ATT's RG MAC.
# We set the pvid parameter to a unique VLAN tag. A cheap way to keep incoming ONT and outgoing ether1 packets from seeing duplicate MACs.
# This way, only the ONT and ATT RG will see each other, not the momma Bridge with the duplicate MAC.
# Recall that we don't have a separate switch, the MikroTik is the switch!
add name=Bridge_WAN admin-mac=00:00:00:00:00:00 pvid=111 auto-mac=no igmp-snooping=yes protocol-mode=none vlan-filtering=yes

# Will want a firewall, naturally
/interface bridge settings set use-ip-firewall=yes

# Add ports to each bridge
/interface bridge port

# WAN
add bridge=Bridge_WAN interface=ether1
add bridge=Bridge_WAN interface=ether2

# LAN
add bridge=Bridge_LAN interface=ether3
add bridge=Bridge_LAN interface=ether4
add bridge=Bridge_LAN interface=ether5
add bridge=Bridge_LAN interface=ether6
add bridge=Bridge_LAN interface=ether7
add bridge=Bridge_LAN interface=ether8
add bridge=Bridge_LAN interface=ether9
add bridge=Bridge_LAN interface=ether10

# Ready a DHCP client for the ATT ONT to provide your IP address to
/ip dhcp-client add dhcp-options=clientid disabled=no interface=Bridge_WAN use-peer-dns=no use-peer-ntp=no

# Setup automatic recovery from power loss
/system scheduler add name=OnRebootATT start-time=startup on-event=":delay 30\r\n/system script run OnRebootATT"
/system script add name=OnRebootATT source="#\_OnRebootATT\r\n\r\n:log info \"Script: Starting OnRebootStartATTRG\";\r\n:delay 5\r\n\r\n:log info \"Script: Enable Virtual switch for ONT and ATT RG\";\r\n/interface bridge set Bridge_WAN pvid=111\r\n\r\n:log info \"Script: Ensure ATT RG ether2 is visible to ONT\";\r\n/interface bridge port set bridge=Bridge_WAN [find interface=ether2] pvid=1\r\n/interface ethernet enable ether2\r\n\r\n:log info \"Script: Sleep for 3 minutes to allow ONT and ATT RG time to sync\";\r\n:delay 180\r\n\r\n:log info \"Script: Ensure ATT RG is NOT visible to ONT\";\r\n/interface bridge port set bridge=Bridge_WAN [find interface=ether2] pvid=222\r\n/interface ethernet disable ether2\r\n\r\n:log info \"Script: ONT and ATT RG should be in sync. Virtual Switch shutting down. Enjoy your router.\";\r\n/interface bridge set Bridge_WAN pvid=1\r\n"

# Standard MikroTik LAN configuration stuff. Modify to suit your LAN
/ip pool add name=pool_LAN ranges=192.168.88.10-192.168.88.254
/ip dhcp-server add add-arp=yes address-pool=pool_LAN always-broadcast=yes disabled=no interface=Bridge_LAN lease-time=2d name=dhcp_LAN
/ip address add address=192.168.88.1/24 interface=Bridge_LAN
/ip dhcp-server network add address=192.168.88.0/24 dns-server=192.168.88.1 gateway=192.168.88.1
/ip dns set allow-remote-requests=yes servers="9.9.9.9,8.8.8.8"

# Sample Firewall
/ip firewall filter
add action=accept chain=input comment="Allow established related" connection-state=established,related
add action=accept chain=input comment="Allow LAN" in-interface=Bridge_LAN
add action=accept chain=input comment="Allow Ping" protocol=icmp
add action=drop chain=input comment="Drop all other input"
add action=accept chain=forward comment="Allow established related" connection-state=established,related
add action=accept chain=forward comment="Allow LAN" connection-state=new in-interface=Bridge_LAN
add action=accept chain=forward comment="Allow port forwards" connection-nat-state=dstnat in-interface=Bridge_WAN
add action=drop chain=forward comment="Drop all other forward"

# Sample masquerade
/ip firewall nat add action=masquerade chain=srcnat comment="Default masq" out-interface=Bridge_WAN


# Example rule table switching for better performance. How to make this work on the RB4011?
/interface ethernet switch rule add switch=switch1 ports=ether1 mac-protocol=0x888E new-dst-ports=ether2
/interface ethernet switch rule add switch=switch1 ports=ether2 mac-protocol=0x888E new-dst-ports=ether1
 
User avatar
pcunite
Forum Veteran
Forum Veteran
Posts: 862
Joined: Sat May 25, 2013 5:13 am
Location: USA

Re: Anybody ues AT&T Gigabit Fiber with Mikrotik RouterOS?

Wed Feb 06, 2019 5:00 pm

@inmultec,

The configuration I've posted is exactly what I'm doing. Give it a try and I'll help you work out any issues. With regards to TV service, I don't have that. This posts seem to indicate that IGMP is needed to make that work.
 
inmultec
just joined
Posts: 3
Joined: Wed Feb 06, 2019 8:25 am

Re: Anybody ues AT&T Gigabit Fiber with Mikrotik RouterOS?

Wed Feb 06, 2019 5:57 pm

Thanks. I will give it a test run when I am there... That nat table on the att modems slows down right with alot of usage? I have a vpn server running on the mtk and have many friends and fam using it to get geolocation workaround, alot of netflixing and directvnow.... I want raw power on this connection. I can use a stronger mtk if need be... but I don't want to lose Uverse TV.... anyone? hehe
@inmultec,

The configuration I've posted is exactly what I'm doing. Give it a try and I'll help you work out any issues. With regards to TV service, I don't have that. This posts seem to indicate that IGMP is needed to make that work.
 
Medikit
just joined
Posts: 2
Joined: Tue Feb 05, 2019 6:08 pm

Re: Anybody ues AT&T Gigabit Fiber with Mikrotik RouterOS?

Thu Feb 07, 2019 1:40 am

I forgot I deleted my fasttrak rules when I applied this new script. I just added these rules: https://wiki.mikrotik.com/wiki/Manual:IP/Fasttrack

Unfortunately still ~450/450

Edit: I did not change the VLAN to 0. I assume this method bypasses that.

Did you have to setup any vlan0 if so where, how?

Did you turn on fasttrak?

I am willing to go to a CCR1009 or CCR1016-12G if that's what it takes to make it to 1gbps, but I need to also run uverse TV...
 
nitrag
just joined
Posts: 5
Joined: Thu Jun 15, 2017 9:22 pm

Re: Anybody ues AT&T Gigabit Fiber with Mikrotik RouterOS?

Sat Feb 09, 2019 7:07 pm

Following. I use the pseudo-bridge on AT&T gateway and max out at around 600. Would enjoy the full Gig....

Who is online

Users browsing this forum: mozerd and 30 guests