I have route configuration like below
Code: Select all
# jun/10/2021 10:09:39 by RouterOS 6.48.3
# software id = 3N2H-SZVC
#
# model = RBD52G-5HacD2HnD
# serial number =
/ip route
add check-gateway=ping comment="ISP 1" distance=1 gateway=8.8.8.8 \
target-scope=30
add comment="To local and ISP 2, if fail internet automatically switch" \
distance=2 gateway=192.168.0.1
add check-gateway=ping comment=\
"If ping to google fail, automatically run ISP 2" distance=1 \
dst-address=8.8.8.8/32 gateway=192.168.1.1
add comment="Route to local only" disabled=yes distance=1 dst-address=\
192.168.0.0/24 gateway=192.168.0.1
Flags: X - disabled, I - invalid, D - dynamic
0 D chain=dstnat action=jump jump-target=hotspot hotspot=from-client
1 D chain=hotspot action=jump jump-target=pre-hotspot
2 D chain=hotspot action=redirect to-ports=64872 protocol=udp dst-port=53
3 D chain=hotspot action=redirect to-ports=64872 protocol=tcp dst-port=53
4 D chain=hotspot action=redirect to-ports=64873 protocol=tcp hotspot=local-ds>
dst-port=80
5 D chain=hotspot action=redirect to-ports=64875 protocol=tcp hotspot=local-ds>
dst-port=443
6 D chain=hotspot action=jump jump-target=hs-unauth protocol=tcp hotspot=!auth
7 D chain=hotspot action=jump jump-target=hs-auth protocol=tcp hotspot=auth
8 D chain=hs-unauth action=redirect to-ports=64874 protocol=tcp dst-port=80
9 D chain=hs-unauth action=redirect to-ports=64874 protocol=tcp dst-port=3128
10 D chain=hs-unauth action=redirect to-ports=64874 protocol=tcp dst-port=8080
11 D chain=hs-unauth action=jump jump-target=hs-smtp protocol=tcp dst-port=25
12 D chain=hs-auth action=redirect to-ports=64874 protocol=tcp hotspot=http
13 D chain=hs-auth action=jump jump-target=hs-smtp protocol=tcp dst-port=25
14 X ;;; place hotspot rules here
chain=unused-hs-chain action=passthrough
15 ;;; defconf: masquerade
chain=srcnat action=masquerade out-interface-list=WAN
ipsec-policy=out,none
16 ;;; masquerade local [DHCP Server from CISCO and ISP 2]
chain=srcnat action=masquerade out-interface=ether2 log=no log-prefix=""
ipsec-policy=out,none
17 ;;; masquerade hotspot network
chain=srcnat action=masquerade src-address=10.X.X.X/24
18 CONFIDENTIAL
19 X CONFIDENTIAL
20 X CONFIDENTIAL
21 D chain=hs-unauth action=redirect to-ports=64875 protocol=tcp
in-interface=ether4 dst-port=443
So this Mikrotik is located in Building B which the main internet source come from ISP 1, distributed to connected devices via WiFi.
In the same time, I also have the main network using LAN from Building A which the main internet source come from ISP 2, go through firewall CISCO (which I don't have access as it was setup by HQ and not possible for me to access it), go to switch and distributed to connected devices via LAN.
The color BLUE represent DHCP IP (192.168.0.X) from CISCO and BROWN represent DHCP IP from hAP AC2 (172.17.1.X).
As you can see the setup above, I use the ISP 1 for the main source of the internet and if it was down, it will automatically switch to ISP 2 which come from building A network.
Now the problem I have, in May the network run normal. My devices with IP range 172.17.1.X can access server which has IP range 192.168.0.X (for example 192.168.0.100), and I can switch the internet source using ISP 2 by disable setup route with distance=1. But recently when I tried to disable route with distance=1, I lost access to both local 192.168.0.X and internet access from ISP 2. And today is getting worse. It said reachable but I tried to ping by command prompt (Windows) and terminal (WinBox) both get request time out.
Please help if this is a bug or I did some mistake in the config but got lucky to have them running well.
Update: I tried change ether 2 to ether 5 can run well. Any idea how this happen? I also have tried to change the MAC Address of ether 2 just in case it got blocked from CISCO, but still can't work