My basic question (as I asked here viewtopic.php?t=189239):
What is /routing/table/ and /routing/rule/? How does it work on RouterOS 7.5?
Why my old /ip/firewall/mangle/ (version 6.4) no longer works on version 7.5?
My requirement:
- Wan1 (PPPoE) for classroom, teacher, staff, server.
- Wan2 (DHCP) for student, guest, etc.
- If Wan1 goes down then all go to Wan2, and vice versa (but some not).
Disclaimer:
- I'm using Mikrotik for 2 years, and only 2 weeks using RouterOS v7.5
- Just a noob without networking background
- Not tested this solution on other board except on my hEX RB750Gr3, so I don't know if this will works on other version.
- Not tested this solution on on any version other than version 7.5. Definitely it won't works on version 6, but I also can't guarantee it will works on other v7 version.
Code: Select all
# RouterOS 7.5 on RB750Gr3
/interface ethernet
set [ find default-name=ether1 ] name=ether1-WAN1
set [ find default-name=ether2 ] name=ether2-WAN2
set [ find default-name=ether3 ] name=ether3-VLAN
set [ find default-name=ether4 ] name=ether4
set [ find default-name=ether5 ] name=ether5
#WAN1 (pppoe-WAN1): assume it provide public IP address 200.10.10.1 as gateway
/interface pppoe-client
add name=pppoe-WAN1 profile=default-encryption interface=ether1-WAN1 use-peer-dns=no
#WAN1 (ether2-WAN2): assume it has DHCP 10.2.2.0/24, so 10.2.2.1 as gateway
/ip dhcp-client
add add-default-route=no interface=ether2-WAN2 use-peer-dns=no use-peer-ntp=no
/interface vlan
add interface=ether3-VLAN name=VLAN_10 vlan-id=10
add interface=ether3-VLAN name=VLAN_20 vlan-id=20
add interface=ether3-VLAN name=VLAN_30 vlan-id=30
add interface=ether3-VLAN name=VLAN_MGMT vlan-id=99
/ip address
add address=10.2.2.2/24 interface=ether2-WAN2 network=10.2.2.0
add address=10.199.99.1/25 interface=VLAN_MGMT network=10.199.99.0
add address=192.168.10.1/24 interface=VLAN_10 network=192.168.10.0
add address=192.168.20.1/24 interface=VLAN_20 network=192.168.20.0
add address=192.168.30.1/24 interface=VLAN_30 network=192.168.30.0
add address=172.17.17.1/24 interface=ether4 network=172.17.17.0
add address=172.18.18.1/24 interface=ether5 network=172.18.18.0
/interface list
add name=WANs
add name=LANs
/interface list member
add list=WANs interface=pppoe-WAN1
add list=WANs interface=ether2-WAN2
add list=LANs interface=ether4
add list=LANs interface=ether5
add list=LANs interface=ether3-VLAN
add list=LANs interface=VLAN_MGMT
add list=LANs interface=VLAN_10
add list=LANs interface=VLAN_20
add list=LANs interface=VLAN_30
/routing table
add disabled=no fib name=rtab-WAN1
add disabled=no fib name=rtab-WAN2
add disabled=no fib name=rtab-GUEST
/routing rule
add interface=VLAN_MGMT action=lookup table=main
add interface=VLAN_10 action=lookup table=rtab-WAN1
add interface=VLAN_20 action=lookup table=rtab-WAN2
add interface=VLAN_30 action=lookup-only-in-table table=rtab-GUEST
add interface=ether4 action=lookup table=rtab-WAN1
add interface=ether5 action=lookup table=rtab-WAN2
/ip route
add distance=200 dst-address=0.0.0.0/0 gateway=200.10.10.1 \
routing-table=main scope=30 target-scope=10
add distance=200 dst-address=0.0.0.0/0 gateway=10.2.2.1\
routing-table=main scope=30 target-scope=10
add distance=1 dst-address=0.0.0.0/0 gateway=200.10.10.1 \
routing-table=rtab-WAN1 scope=30 target-scope=10
add distance=1 dst-address=0.0.0.0/0 gateway=10.2.2.1 \
routing-table=rtab-WAN2 scope=30 target-scope=10
add distance=1 dst-address=0.0.0.0/0 gateway=10.2.2.1 \
routing-table=rtab-GUEST scope=30 target-scope=10
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,8.8.8.8
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WANs
The biggest mystery I found that the "interface(s)" in /Routing/Rule/ actually the interface of our LANs (vlan, ether/port, bonding, bridge, etc). So, it,s as simple as that to create Policy Based Routing on RouterOS v7.5.
Suggestion and correction are welcome.
Thank you