Community discussions

MikroTik App
 
Domx
just joined
Topic Author
Posts: 6
Joined: Mon May 17, 2021 8:05 am

Connect two ( 2 ) ISP's to one mikrotik router?

Sun May 15, 2022 9:27 pm

HI all, Is it possible to connect 2 ISP to one mikrotik router?

They both use PPPOE to be able to get internet access. ( USERNAME / PASS).
Can i connect ISP 1 in eth1 and ISP 2 in eth 2 as WAN ports?

Then ill have eth 3 as LAN port for ISP1 and eth4 as LAN port for ISP 2.

For WIFI main wifi will be ISP 1, is it possible to create a virtual WIFI for ISP2?

Can you guys share some configuration if this is possible?

Many thanksss
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Connect two ( 2 ) ISP's to one mikrotik router?

Sun May 15, 2022 10:27 pm

Yes, Yes, Yes, No.

You need to provide the configuration you have put together so far.
You will need vlans so suggest you read - PARA C. for starters........... - viewtopic.php?t=182373
 
User avatar
k6ccc
Forum Guru
Forum Guru
Posts: 1490
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)
Contact:

Re: Connect two ( 2 ) ISP's to one mikrotik router?

Mon May 16, 2022 12:55 am

anav beat me to it while I was out getting lunch... But I will finish this post.

Yes, you can do that. There are several way, but I can tell you what I am doing (based on suggestions here). I have a RB4011iGS+ that has a cable based connection on Ether 1, and a Fiber based internet on Ether 10 (GigE from the ONT). Both are configured as dumb Ethernet (not PPPOE in my case - which simplifies it slightly). I am going to include a bunch of code segments and explanations along the way. Important note - I am NOT running a bridge because every port on the router is a separate LAN or VLAN, and all ports (except the WAN ports) connect to a switch where all switching functions take place. In my case that is a CSS326 that uses SwitchOS. I am not doing anything with IPv6 - yet.

For starters, interfaces. I am running a bunch of VLANs - some have dedicated ports on the router, and some are in a trunk port to the switch:
/interface ethernet
set [ find default-name=ether1 ] comment="Spectrum cable internet" name=\
    E01-p2_Cable_Internet speed=100Mbps
set [ find default-name=ether2 ] comment="Cable Main home LAN" name=\
    E02-p4_101 speed=100Mbps
set [ find default-name=ether3 ] comment="Cable Private WiFi LAN" name=\
    E03-p6_103 speed=100Mbps
set [ find default-name=ether4 ] comment="802.1Q trunk" name=E04-p8_802.1Q \
    speed=100Mbps
set [ find default-name=ether5 ] comment="Router to Router tie LAN" name=\
    "E05 to Router 2" speed=100Mbps
set [ find default-name=ether6 ] comment="Fiber Main home LAN" name=\
    E06-p10_201
set [ find default-name=ether7 ] comment="Fiber Private WiFi LAN" name=\
    E07-p12_203
set [ find default-name=ether8 ] comment="Fiber Internet of Things LAN" name=\
    E08-p14_206
set [ find default-name=ether9 ] disabled=yes name=E09-p16_idle
set [ find default-name=ether10 ] comment="Frontier fiber internet" name=\
    E10_Fiber_Internet poe-out=off
set [ find default-name=sfp-sfpplus1 ] disabled=yes

/interface vlan
add comment="AREDN hAP-at-Home LAN" interface=E04-p8_802.1Q name=VLAN_005 \
    vlan-id=5
add comment="AREDN hAP-Portable LAN" interface=E04-p8_802.1Q name=VLAN_006 \
    vlan-id=6
add comment="AREDN 3GHz at Johnstone to Pleasants Peak LAN interface" \
    interface=E04-p8_802.1Q name=VLAN_011 vlan-id=11
add comment="AREDN 5GHz at Johnstone SW sector LAN interface" interface=\
    E04-p8_802.1Q name=VLAN_012 vlan-id=12
add comment="AREDN 5GHz at Johnstone SE sector LAN interface" interface=\
    E04-p8_802.1Q name=VLAN_013 vlan-id=13
add comment="AREDN Temp LHG in garage" interface=E04-p8_802.1Q name=VLAN_014 \
    vlan-id=14
add comment="Switch management." interface=E04-p8_802.1Q name=VLAN_099 \
    vlan-id=99
add comment="Cable Public WiFi LAN" interface=E04-p8_802.1Q name=VLAN_102 \
    vlan-id=102
add comment="Cable Cactus/Red Cross LAN" interface=E04-p8_802.1Q name=\
    VLAN_104 vlan-id=104
add comment="Cable VOIP phones LAN" interface=E04-p8_802.1Q name=VLAN_105 \
    vlan-id=105
add comment="Cable Internet of Things LAN" interface=E04-p8_802.1Q name=\
    VLAN_106 vlan-id=106
add comment="NTP server LAN" interface=E04-p8_802.1Q name=VLAN_123 vlan-id=\
    123
add comment="E1.31 LAN" interface=E04-p8_802.1Q name=VLAN_131 vlan-id=131
add comment="Fiber Public WiFi LAN" interface=E04-p8_802.1Q name=VLAN_202 \
    vlan-id=202
add comment="Fiber .204 Cactus LAN" interface=E04-p8_802.1Q name=VLAN_204 \
    vlan-id=204
add comment="Fiber VOIP phones LAN" interface=E04-p8_802.1Q name=VLAN_205 \
    vlan-id=205
add comment=".209 HARPUSA LAN" interface=E04-p8_802.1Q name=VLAN_209 vlan-id=\
    209
There is a DHCP server and pool for each interface (except the two internet connections, and the AREDN links. You can see that I made it easy on me - every LAN has an IP with the 3rd octet being the same as the LAN or VLAN number.
/ip pool
add name=".101 DHCP pool" ranges=192.168.101.201-192.168.101.219
add name=".102 DHCP pool" ranges=192.168.102.201-192.168.102.219
add name=".103 DHCP pool" ranges=192.168.103.201-192.168.103.219
add name=".104 DHCP pool" ranges=192.168.104.201-192.168.104.209
add name=".106 DHCP pool" ranges=192.168.106.201-192.168.106.209
add name=".105 DHCP pool" ranges=192.168.105.201-192.168.105.209
add name=".151 DHCP pool" ranges=192.168.151.201-192.168.151.219
add name=".131 DHCP pool" ranges=192.168.131.201-192.168.131.209
add name=".201 DHCP pool" ranges=192.168.201.201-192.168.201.219
add name=".202 DHCP pool" ranges=192.168.202.201-192.168.202.219
add name=".203 DHCP pool" ranges=192.168.203.201-192.168.203.219
add name=".204 DHCP pool" ranges=192.168.204.201-192.168.204.209
add name=".209 DHCP pool" ranges=192.168.209.201-192.168.209.209
add name=".206 DHCP pool" ranges=192.168.206.201-192.168.206.219
add name=".205 DHCP pool" ranges=192.168.205.201-192.168.205.209
add name=".123 DHCP pool" ranges=192.168.123.124-192.168.123.126

/ip dhcp-server
add address-pool=".101 DHCP pool" authoritative=after-2sec-delay disabled=no \
    interface=E02-p4_101 lease-time=3h name=".101 DHCP server"
add address-pool=".102 DHCP pool" authoritative=after-2sec-delay disabled=no \
    interface=VLAN_102 lease-time=3h name=".102 DHCP server"
add address-pool=".103 DHCP pool" authoritative=after-2sec-delay disabled=no \
    interface=E03-p6_103 lease-time=3h name=".103 DHCP server"
add address-pool=".104 DHCP pool" authoritative=after-2sec-delay disabled=no \
    interface=VLAN_104 lease-time=3h name=".104 DHCP server"
add address-pool=".106 DHCP pool" authoritative=after-2sec-delay disabled=no \
    interface=VLAN_106 lease-time=3h name=".106 DHCP server"
add address-pool=".105 DHCP pool" authoritative=after-2sec-delay disabled=no \
    interface=VLAN_105 lease-time=3h name=".105 DHCP server"
add address-pool=".151 DHCP pool" authoritative=after-2sec-delay disabled=no \
    interface=VLAN_151 lease-time=3h name=".151 DHCP server"
add address-pool=".131 DHCP pool" authoritative=after-2sec-delay disabled=no \
    interface=VLAN_131 lease-time=3h name=".131 DHCP server"
add address-pool=".201 DHCP pool" authoritative=after-2sec-delay disabled=no \
    interface=E06-p10_201 lease-time=3h name=".201 DHCP server"
add address-pool=".202 DHCP pool" authoritative=after-2sec-delay disabled=no \
    interface=VLAN_202 lease-time=3h name=".202 DHCP server"
add address-pool=".205 DHCP pool" authoritative=after-2sec-delay disabled=no \
    interface=VLAN_205 lease-time=3h name=".205 DHCP server"
add address-pool=".203 DHCP pool" authoritative=after-2sec-delay disabled=no \
    interface=E07-p12_203 lease-time=3h name=".203 DHCP server"
add address-pool=".209 DHCP pool" disabled=no interface=VLAN_209 lease-time=\
    3h name=".209 DHCP server"
add address-pool=".206 DHCP pool" authoritative=after-2sec-delay disabled=no \
    interface=E08-p14_206 lease-time=3h name=".206 DHCP server"
add address-pool=".204 DHCP pool" authoritative=after-2sec-delay disabled=no \
    interface=VLAN_204 lease-time=3h name=".204 DHCP server"
add address-pool=".123 DHCP pool" authoritative=after-2sec-delay disabled=no \
    interface=VLAN_123 lease-time=6h name=".123 DHCP server"
Each LAN has an IP address assigned:
/ip address
add address=192.168.101.251/24 interface=E02-p4_101 network=192.168.101.0
add address=192.168.102.251/24 interface=VLAN_102 network=192.168.102.0
add address=192.168.103.251/24 interface=E03-p6_103 network=192.168.103.0
add address=192.168.211.251/24 interface="E05 to Router 2" network=\
    192.168.211.0
add address=192.168.104.251/24 interface=VLAN_104 network=192.168.104.0
add address=192.168.105.251/24 interface=VLAN_105 network=192.168.105.0
add address=192.168.106.251/24 interface=VLAN_106 network=192.168.106.0
add address=192.168.204.251/24 interface=VLAN_204 network=192.168.204.0
add address=192.168.201.251/24 interface=E06-p10_201 network=192.168.201.0
add address=192.168.202.251/24 interface=VLAN_202 network=192.168.202.0
add address=192.168.203.251/24 interface=E07-p12_203 network=192.168.203.0
add address=192.168.209.251/24 interface=VLAN_209 network=192.168.209.0
add address=192.168.131.251/24 interface=VLAN_131 network=192.168.131.0
add address=192.168.206.251/24 interface=E08-p14_206 network=192.168.206.0
add address=192.168.203.252/24 interface=E07-p12_203 network=192.168.203.0
add address=192.168.205.251/24 interface=VLAN_205 network=192.168.205.0
add address=192.168.0.251/24 interface=VLAN_131 network=192.168.0.0
add address=192.168.203.250/24 disabled=yes interface=E07-p12_203 network=\
    192.168.203.0
add address=192.168.123.121/29 interface=VLAN_123 network=192.168.123.120
The WAN and AREDN interfaces have DHCP client:
/ip dhcp-client
add disabled=no interface=E01-p2_Cable_Internet
add add-default-route=no disabled=no interface=VLAN_005 use-peer-ntp=no
add add-default-route=no disabled=no interface=VLAN_011 use-peer-dns=no \
    use-peer-ntp=no
add add-default-route=no disabled=no interface=VLAN_012 use-peer-dns=no \
    use-peer-ntp=no
add add-default-route=no disabled=no interface=VLAN_013 use-peer-dns=no \
    use-peer-ntp=no
add add-default-route=no disabled=no interface=E10_Fiber_Internet
add add-default-route=no disabled=no interface=VLAN_006 use-peer-ntp=no
add add-default-route=no disabled=no interface=VLAN_014 use-peer-dns=no \
    use-peer-ntp=no
I am using Route rules to determine which LAN uses which WAN interface. The way it works is that 100 series LANs go out via the cable internet and use the "Main" route table. :The 200 series LANs go out via the fiber internet and use the "via-FO" table. For each 200 series VLAN (in most cases), there are two rules. The first uses the main table and is used for traffic that stays local (192.168.0.0/16 destinations). The second is for traffic that will go to the internet and uses the via-FO route table. The 100 series VLANs don't need a specific rule because they will default to the main table. The 10.x.y.z and 172.16.x.y address ranges are for AREDN (a ham radio application).
/ip route
add comment="Frontier fiber optic" distance=1 gateway=w.x.y.z \
    routing-mark=via-FO
add comment="AREDN hAP-at-Home" distance=1 dst-address=10.0.0.0/8 gateway=\
    10.9.60.81
add distance=1 dst-address=172.16.0.0/12 gateway=10.9.60.81
add distance=1 dst-address=192.168.100.1/32 gateway=E01-p2_Cable_Internet

/ip route rule
add action=lookup-only-in-table src-address=w.x.y.zz/32 table=via-FO
add action=lookup-only-in-table dst-address=10.0.0.0/8 interface=E02-p4_101 \
    table=main
add action=lookup-only-in-table dst-address=10.0.0.0/8 interface=E06-p10_201 \
    table=main
add action=lookup-only-in-table dst-address=192.168.0.0/16 interface=\
    E06-p10_201 table=main
add action=lookup-only-in-table interface=E06-p10_201 table=via-FO
add action=lookup-only-in-table dst-address=192.168.0.0/16 interface=VLAN_202 \
    table=main
add action=lookup-only-in-table interface=VLAN_202 table=via-FO
add action=lookup-only-in-table dst-address=192.168.0.0/16 interface=\
    E07-p12_203 table=main
add action=lookup-only-in-table interface=E07-p12_203 table=via-FO
add action=lookup-only-in-table dst-address=192.168.0.0/16 interface=VLAN_204 \
    table=main
add action=lookup-only-in-table interface=VLAN_204 table=via-FO
add action=lookup-only-in-table dst-address=192.168.0.0/16 interface=VLAN_205 \
    table=main
add action=lookup-only-in-table interface=VLAN_205 table=via-FO
add action=lookup-only-in-table dst-address=192.168.0.0/16 interface=\
    E08-p14_206 table=main
add action=lookup-only-in-table interface=E08-p14_206 table=via-FO
add action=lookup-only-in-table dst-address=192.168.0.0/16 interface=\
    "E05 to Router 2" table=main
add action=lookup-only-in-table interface="E05 to Router 2" table=via-FO
add dst-address=192.168.0.0/16 interface=VLAN_123 table=main
add dst-address=10.0.0.0/8 interface=VLAN_123 table=main
add dst-address=172.16.0.0/12 interface=VLAN_123 table=main
add interface=VLAN_123 table=via-FO
There are also firewall rules to allow or disallow traffic between various LANs. I follow the concept of all what I want and drop everything else. The first group is pretty standard stuff and the second group is specific LAN to LAN allowances. At the end is the drop rule. This is an extract of the firewall rules - there are others.
add action=accept chain=forward comment="Accept all that is DST NATed" \
    connection-nat-state=dstnat connection-state=new
add action=accept chain=forward comment="Accept all that is Source NATed" \
    connection-nat-state=srcnat connection-state=new
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "Accept established and related packets" connection-state=\
    established,related
add action=accept chain=forward comment=\
    "Allow outbound traffic from LAN-to-cable list members to Cable internet" \
    in-interface-list=LAN-to-Cable out-interface=E01-p2_Cable_Internet
add action=accept chain=forward comment=\
    "Allow outbound traffic from Family room PC to Cable internet" \
    out-interface=E01-p2_Cable_Internet src-address=192.168.201.43
add action=accept chain=forward comment=\
    "Allow outbound traffic from LAN-to-fiber list members to fiber internet" \
    in-interface-list=LAN-to-Fiber out-interface=E10_Fiber_Internet

add action=accept chain=forward comment=\
    "Allow privileged PCs access to all other LANs" in-interface-list=LAN \
    out-interface-list=LAN src-address-list=Privileged
add action=accept chain=forward comment=\
    "Allow privileged PCs access to .211 LAN" out-interface=\
    "E05 to Router 2" src-address-list=Privileged
add action=accept chain=forward comment="Allow 211 LAN access to internet" \
    in-interface="E05 to Router 2" out-interface=E10_Fiber_Internet \
    src-address-list=Privileged
add action=accept chain=forward comment=\
    "Allow privileged PCs access to AREDN mesh LANs" out-interface-list=\
    "AREDN LAN" src-address-list=Privileged
add action=accept chain=forward comment=\
    "Allow all LANs access to NTP server UDP port 123." dst-address=\
    192.168.123.123 dst-port=123 in-interface-list=LAN protocol=udp
add action=accept chain=forward comment=\
    "Allow all AREDN LANs access to NTP server UDP port 123." dst-address=\
    192.168.123.123 dst-port=123 in-interface-list="AREDN LAN" protocol=udp
    
add action=drop chain=forward comment=\
    "Drop any forward packets that get this far"
There are other ways to do this, but this works for me and my situation.
 
User avatar
k6ccc
Forum Guru
Forum Guru
Posts: 1490
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)
Contact:

Re: Connect two ( 2 ) ISP's to one mikrotik router?

Mon May 16, 2022 12:59 am

BTW, the above is all on RouterOS version 6.48.3 (yea, need to update that one a bit...) Some of this may be different in version 7 (can't help you there)...
 
User avatar
k6ccc
Forum Guru
Forum Guru
Posts: 1490
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)
Contact:

Re: Connect two ( 2 ) ISP's to one mikrotik router?

Mon May 16, 2022 3:46 am

I forgot to mention WiFi. As long as your WiFi can understand VLANs, it should be easy to set up different SSIDs that each connect to different VLANs - and therefore different internet connections. That is what I do. I am using Meraki enterprise grade WiFi and it supports up to 15 SSIDs - each from a different VLANs (at least the way I have them configured).
 
Domx
just joined
Topic Author
Posts: 6
Joined: Mon May 17, 2021 8:05 am

Re: Connect two ( 2 ) ISP's to one mikrotik router?

Mon May 16, 2022 10:48 am

Thank you guys for the replies, i will check all the replies when i get back.
I'm going overseas for a week from today.
Will check when back in 1 week.

BTW this is for my home connection.
Currently running as a simple router config.
Model: RB951G-2HnD

Who is online

Users browsing this forum: Ahrefs [Bot], Google [Bot], normis and 93 guests