Community discussions

MikroTik App
 
xTheDoctah
just joined
Topic Author
Posts: 1
Joined: Thu Sep 02, 2021 11:17 pm

Dual Wan with Failover

Thu Sep 02, 2021 11:35 pm

Hello everyone, I recently bought a RB760iGS and I was trying to use it as a router with the failover by connecting to ether1 and ether2 to two modem (ether1 to my VSDL Modem, ether2 to my LTE Modem). I followed the instruction that are on this page https://help.mikrotik.com/docs/pages/vi ... d=26476608, I've configured everything (I think) but I have one problem, If I disconnect the Ethernet 1 cable I can navigate, with the second connection, but if I disconnect the RJ11 from the VSDL (reproducing the "no internet issue") keeps trying to pass through the Ether1 connection. And sometimes my modem(VSDL), try to redirect me to his login page in order to access the webpage I wanted to. Connected to the router I've also an Unifi AP and connected through the SFP port a switch.

Here is my configuration, I would really appreciate if you can take a look and tell me if I did something wrong. Thank you.
# sep/02/2021 22:15:05 by RouterOS 6.48.4
# software id = LI1W-MX7U
#
# model = RB760iGS
# serial number = E1F20E0DCED8
/interface bridge
add name=bridge
/interface ethernet
set [ find default-name=ether5 ] poe-out=forced-on
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=pool_1 ranges=192.168.3.10-192.168.3.254
/ip dhcp-server
add address-pool=pool_1 disabled=no interface=bridge name=Server
/interface bridge port
add bridge=bridge interface=LAN
/interface list member
add interface=ether1 list=WAN
add interface=ether2 list=WAN
add interface=ether3 list=LAN
add interface=ether5 list=LAN
add interface=ether4 list=LAN
add interface=sfp1 list=LAN
/ip address
add address=192.168.3.1/24 interface=bridge network=192.168.3.0
add address=192.168.1.2/24 interface=ether1 network=192.168.1.0
add address=192.168.2.100/24 interface=ether2 network=192.168.2.0
/ip dhcp-client
add !dhcp-options disabled=no interface=ether2
add disabled=no interface=ether1
/ip dhcp-server lease
add address=192.168.3.2 client-id=1:68:d7:9a:86:a7:9d comment="Access Point" \
    mac-address=68:D7:9A:86:A7:9D server=Server
/ip dhcp-server network
add address=192.168.3.0/24 dns-server=192.168.3.1 gateway=192.168.3.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall filter
add action=drop chain=forward disabled=yes dst-address=192.168.1.1 \
    src-address=192.168.3.0/24
add action=drop chain=forward disabled=yes dst-address=192.168.2.1 \
    src-address=192.168.3.0/24
/ip firewall mangle
add action=mark-connection chain=output connection-mark=no-mark \
    connection-state=new new-connection-mark=VodaFiber_conn out-interface=\
    ether1 passthrough=yes
add action=mark-routing chain=output connection-mark=VodaFiber_conn \
    new-routing-mark=to_VodaFiber out-interface=ether1 passthrough=yes
add action=mark-connection chain=output connection-mark=no-mark \
    connection-state=new new-connection-mark=VodaLte_conn out-interface=\
    ether2 passthrough=yes
add action=mark-routing chain=output connection-mark=VodaLte_conn \
    new-routing-mark=to_VodaFiber out-interface=ether2 passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
add action=masquerade chain=srcnat out-interface=ether2
/ip route
add check-gateway=ping distance=1 gateway=8.8.8.8 routing-mark=to_VodaFiber
add check-gateway=ping distance=2 gateway=8.8.4.4 routing-mark=to_VodaFiber
add check-gateway=ping distance=1 gateway=8.8.4.4 routing-mark=to_VodaLte
add check-gateway=ping distance=2 gateway=8.8.8.8 routing-mark=to_VodaLte
add distance=1 dst-address=8.8.4.4/32 gateway=192.168.2.1 scope=10
add distance=1 dst-address=8.8.8.8/32 gateway=192.168.1.1 scope=10
/system clock
set time-zone-name=Europe/Rome
 
ConnyMercier
Forum Veteran
Forum Veteran
Posts: 723
Joined: Tue Dec 17, 2019 1:08 pm

Re: Dual Wan with Failover

Mon Nov 08, 2021 1:02 am

I think you have a Routing-Problem....

Quick-Test:

Ping to something directly via the Mikrotik-Device,
and then disconnect the RJ11 from the Modem...

You may lose a couple of ping, but it should switch over ...



Problem 1: DHCP-Client
You have multiple Routing tables, but also have two "default" DHCP-Clients active...
In your Config they will both create default-Route (0.0.0.0/0) with distance 1 in the "MAIN" Routing-Table

Problem 2: Routing-Mark
If you don't specify the Routing, all Traffic going THRU or OUT your Router
will be routed via the "MAIN" Routing-Table. At the moment you don't have any rules for
Foward-Traffic. The Rules you added are only for Router Output-Traffic.

To quickly Test this :
/ip firewall mangle
add action=mark-connection chain=prerouting dst-address=8.8.8.8 new-connection-mark=to_VodaFiber passthrough=yes
Add this Rule to your mikrotik and try to ping 8.8.8.8 via a PC on your network.
and then disconnect the RJ11 from the Modem...
You may lose a couple of ping, but it should switch over ...
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Dual Wan with Failover

Mon Nov 08, 2021 3:07 am

The config is hosed.......

(1) /interface bridge port
add bridge=bridge interface=LAN


WRONG!!
/interface bridge port
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
add bridge=bridge interface=sfp1

(2) /interface list member
add interface=ether1 list=WAN
add interface=ether2 list=WAN
add interface=ether3 list=LAN
add interface=ether5 list=LAN
add interface=ether4 list=LAN
add interface=sfp1 list=LAN

WRONG
add interface=ether1 list=WAN
add interface=ether2 list=WAN
add interface=bridge list=LAN

(3) Firewall rules.....
Why do you not have any??
What is the intended purpose of the rules you do have??
/ip firewall filter
add action=drop chain=forward disabled=yes dst-address=192.168.1.1 \
src-address=192.168.3.0/24
add action=drop chain=forward disabled=yes dst-address=192.168.2.1 \
src-address=192.168.3.0/24


(4) What is the purpose of your mangling rules. They are incomplete for Load Balancing?? and totally uneccesary for Failover scenarios.

(5) Describe how you want to use the two WAN connections.
Primary
Secondary (failover)?

Who is online

Users browsing this forum: aoravent, phascogale, Soleous75 and 82 guests