Community discussions

 
FRGTech
just joined
Topic Author
Posts: 8
Joined: Thu Sep 19, 2019 5:04 pm

Joining 2 Routers

Thu Oct 03, 2019 5:13 pm

I currently have a CRS125-24G-1S-2HnD-IN filled to capacity and a CRS109-8G-1S-2HnD-IN that is not being used. It seems a waste but I'd like to use the CRS109 to expand my existing capacity and use it as a dumb switch. I'm guessing I can turn off the wireless as I see no benefit to using it as it will physically be located right beside the CRS125. I do use 2 ISPs (Cable and DSL) and physically switch out the WAN cable when one goes down since I'm out of ports. I've been reading about setting up a failover but my confidence level isn't high enough to attempt it yet. If I can address my capacity issue first I'm hoping to try and automate the failover.

So I'm looking for a guide to use my second router to expand the capacity of the first with the consideration of using a wan failover in the future if that matters at all.

Thanks
 
Amm0
Frequent Visitor
Frequent Visitor
Posts: 94
Joined: Sun May 01, 2016 7:12 pm
Location: California
Contact:

Re: Joining 2 Routers

Fri Oct 04, 2019 3:18 am

Could at least use VRRP so if the first router dies, the smaller one takes over (at least for the 8 ports connected there ;)) with the need DHCP etc. or failover routing - that way it isn't just a dumb switch:

https://wiki.mikrotik.com/wiki/Manual:Interface/VRRP
 
FRGTech
just joined
Topic Author
Posts: 8
Joined: Thu Sep 19, 2019 5:04 pm

Re: Joining 2 Routers

Sat Oct 05, 2019 10:25 pm

Thanks for the reply Amm0,
I dug up an old Netgear switch which would be much more appropriate for simple expansion of ports, and found a much better use for the CRS109. I want to use it as a wireless access point to duplicate my wireless and guest wireless networks to a part of the building that has no wireless access now. Am I able to do this while maintaining the same main and guest network names and just use the DHCP server from R1 to supply addresses to R2 wireless clients?

Image

Please let me know if a new topic is more appropriate for this question.
 
Amm0
Frequent Visitor
Frequent Visitor
Posts: 94
Joined: Sun May 01, 2016 7:12 pm
Location: California
Contact:

Re: Joining 2 Routers

Tue Oct 08, 2019 12:21 am

For new WiFi router, if you reset-configuration with no-defaults=yes, you should be able to just add IP address to it, and configure the WiFi on the 2nd router to match, that get you close to what you want I think...a dumb switch that extends the WiFi too :)

Your WiFi clients will select the “best” access point to use if just the SSID and password match, so the largely just works. Now might want to reduce the 2.4 WiFi power at least on both the routers if there close together...and other tuning as well, that’s for sure beyond this answer... but two APs, same name, and your devices will figure out something.
 
FRGTech
just joined
Topic Author
Posts: 8
Joined: Thu Sep 19, 2019 5:04 pm

Re: Joining 2 Routers

Tue Oct 08, 2019 10:36 pm

Thanks again Amm0,
It sounds so easy but I am still having trouble getting everything working. I reset the router to "No Default Settings" but the Default "Quickset" mode is CAP and I don't think that's right. I tried using Home AP, but it wouldn't let me set a static "Internet" IP so it gets assigned to 192.168.88.108 by the R1 DHCP server and I set the Local IP to 192.168.88.5. When I tried to connect to the wireless it would try to connect but couldn't get an IP. I turned NAT on for the local network but that didn't help either. I know it's something simple but I feel I'm falling further down the rabbit hole.

Would you mind explaining in a bit more detail of how to set up the second router? Here is my config for the main router.
[admin@MikroTik] > /export hide-sensitive      
# oct/08/2019 15:22:38 by RouterOS 6.34.4
# software id = FQYD-RZAF
#
/interface bridge
add admin-mac=6C:3B:6B:49:3E:79 auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
    disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=\
    FRG wireless-protocol=802.11
/interface ethernet
set [ find default-name=ether1 ] comment=WAN
set [ find default-name=ether2 ] comment=\
    "LAN - All ports are switched off ether2" name=ether2-master
set [ find default-name=ether3 ] master-port=ether2-master
set [ find default-name=ether4 ] master-port=ether2-master
set [ find default-name=ether5 ] master-port=ether2-master
set [ find default-name=ether6 ] master-port=ether2-master
set [ find default-name=ether7 ] master-port=ether2-master
set [ find default-name=ether8 ] master-port=ether2-master
set [ find default-name=ether9 ] master-port=ether2-master
set [ find default-name=ether10 ] master-port=ether2-master
set [ find default-name=ether11 ] master-port=ether2-master
set [ find default-name=ether12 ] master-port=ether2-master
set [ find default-name=ether13 ] master-port=ether2-master
set [ find default-name=ether14 ] master-port=ether2-master
set [ find default-name=ether15 ] master-port=ether2-master
set [ find default-name=ether16 ] master-port=ether2-master
set [ find default-name=ether17 ] master-port=ether2-master
set [ find default-name=ether18 ] master-port=ether2-master
set [ find default-name=ether19 ] master-port=ether2-master
set [ find default-name=ether20 ] master-port=ether2-master
set [ find default-name=ether21 ] master-port=ether2-master
set [ find default-name=ether22 ] master-port=ether2-master
set [ find default-name=ether23 ] master-port=ether2-master
set [ find default-name=ether24 ] master-port=ether2-master
set [ find default-name=sfp1 ] master-port=ether2-master
/ip neighbor discovery
set ether1 comment=WAN discover=no
set ether2-master comment="LAN - All ports are switched off ether2"
set bridge comment=defconf
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\
    dynamic-keys
add authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys name=profile
/interface wireless
add disabled=no mac-address=6E:3B:6B:49:3E:91 master-interface=wlan1 name=wlan2 \
    security-profile=profile ssid="FRG's Guests"
/ip pool
add name=dhcp ranges=192.168.88.101-192.168.88.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/interface bridge filter
add action=drop chain=forward in-interface=wlan2
add action=drop chain=forward out-interface=wlan2
/interface bridge port
add bridge=bridge comment=defconf interface=ether2-master
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge interface=wlan2
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether2-master network=\
    192.168.88.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server lease
add address=192.168.88.100 mac-address=08:94:EF:54:85:8E
add address=192.168.88.238 client-id=1:2c:4d:54:ea:77:a0 mac-address=\
    2C:4D:54:EA:77:A0 server=defconf
add address=192.168.88.249 client-id=1:6c:4b:90:7:f0:23 mac-address=\
    6C:4B:90:07:F0:23 server=defconf
add address=192.168.88.226 mac-address=9E:B8:27:EB:0B:99 server=defconf
add address=192.168.88.223 client-id=1:6c:4b:90:7:f6:e9 mac-address=\
    6C:4B:90:07:F6:E9 server=defconf
add address=192.168.88.243 always-broadcast=yes client-id=1:e0:3f:49:6d:6c:9b \
    mac-address=E0:3F:49:6D:6C:9B server=defconf
add address=192.168.88.228 client-id=1:e0:3f:49:6d:6e:f0 mac-address=\
    E0:3F:49:6D:6E:F0 server=defconf
add address=192.168.88.229 client-id=1:10:78:d2:97:b4:fd mac-address=\
    10:78:D2:97:B4:FD server=defconf
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,192.168.0.1,8.8.4.4
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add chain=input comment="defconf: accept ICMP" protocol=icmp
add chain=input comment="defconf: accept establieshed,related" \
    connection-state=established,related
add action=drop chain=input comment="defconf: drop all from WAN" in-interface=\
    ether1
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add chain=forward comment="defconf: accept established,related" \
    connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
    invalid
add action=drop chain=forward comment=\
    "defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface=ether1
add chain=forward comment="Allow connections from the LAN" connection-state=new \
    in-interface=bridge
add chain=forward connection-nat-state=dstnat connection-state=\
    established,related in-interface=ether1
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface=\
    ether1
add action=dst-nat chain=dstnat comment="WebAPI" dst-address=\
    192.168.1.9 dst-port=8000 log=yes log-prefix=WebAPI protocol=tcp \
    to-addresses=192.168.88.100 to-ports=8000
add action=dst-nat chain=dstnat dst-address=192.168.1.9 dst-port=2121 log=yes \
    log-prefix=WebAPI protocol=tcp to-addresses=192.168.88.100 to-ports=2121
add action=dst-nat chain=dstnat disabled=yes dst-address=192.168.1.9 dst-port=\
    8000 protocol=udp to-addresses=192.168.88.100 to-ports=8000
add action=dst-nat chain=dstnat disabled=yes dst-address=192.168.1.9 dst-port=\
    2121 protocol=udp to-addresses=192.168.88.100 to-ports=2121
/ip route
add disabled=yes distance=1 gateway=192.168.0.1
/lcd interface pages
set 0 interfaces=wlan1
/system clock
set time-zone-name=America/New_York
/system routerboard settings
set protected-routerboot=disabled
/system scheduler
add interval=5m name=Check_IP on-event=Update_IP policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
    oct/02/2019 start-time=10:15:00
/system script
add comment="https://forum.mikrotik.com/viewtopic.php\?t=98956https://forum.mikr\
    otik.com/viewtopic.php\?f=9&t=100822&p=501271&hilit=mynetname#" name=\
    Update_IP owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive source="#get myne\
    tname hostname\r\
    \n:local hostname [/ip cloud get dns-name]\r\
    \n\r\
    \n#resolve current dns-address\r\
    \n:local resolvedIP [:resolve \"\$hostname\"]\r\
    \n\r\
    \n#get current external IP\r\
    \n:local resolver [:resolve resolver1.opendns.com]\r\
    \n:local currentIP [:resolve myip.opendns.com server=\$resolver]\r\
    \n\r\
    \n#determine if DNS update is needed\r\
    \n:if (\$currentIP != \$resolvedIP) do={\r\
    \n   :log info (\"Mynetname update needed: Current-IP: \$currentIP Resolved-\
    IP: \$resolvedIP\")\r\
    \n   /ip cloud force-update\r\
    \n} else={\r\
    \n   :log info (\"Mynetname: No update needed (\$currentIP=\$resolvedIP)\")\
    \r\
    \n}"
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2-master
add interface=wlan1
add interface=wlan2
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master
add interface=wlan1
add interface=wlan2
/tool traffic-monitor
add disabled=yes interface=ether2-master name=tmon1 threshold=0 traffic=\
    received trigger=always
[admin@MikroTik] >> 
Thanks for any help you can offer.
 
Amm0
Frequent Visitor
Frequent Visitor
Posts: 94
Joined: Sun May 01, 2016 7:12 pm
Location: California
Contact:

Re: Joining 2 Routers

Wed Oct 09, 2019 7:41 am

# oct/08/2019 15:22:38 by RouterOS 6.34.4
You should update that router first. v6.34.4 is very old, and has some vulnerabilities. Once you do that, QuickSet options may change. One of those profiles should have a radio button for "bridge" on top right of QuickSet , that's what you want (the other radio button says "routed", that not what you want here). "Bridge" may be HomeAP, or CPE mode.

You can can change the QuickSet mode without issue and see the various options, just don't change anything and hit apply until you find one that has a "bridge" in the right side.
 
User avatar
bhamdan
just joined
Posts: 1
Joined: Wed Oct 09, 2019 10:30 am
Location: UAE

Re: Joining 2 Routers

Wed Oct 09, 2019 1:46 pm

You need a smart/managed switch with port bonding to do what you want to do.
 
FRGTech
just joined
Topic Author
Posts: 8
Joined: Thu Sep 19, 2019 5:04 pm

Re: Joining 2 Routers

Wed Oct 09, 2019 5:04 pm

You should update that router first. v6.34.4 is very old, and has some vulnerabilities.
That is the main router, (CRS125) and I do plan to update it one night after hours but haven't had the chance yet. The Router I'm trying to configure is the CRS109 and it is running the latest version.

"Bridge" may be HomeAP, or CPE mode.
The only two options that have "Bridge" in the top right are CPE and WISP AP. CPE has no setup for the wireless networks I want to duplicate and WISP only has the main network and not the Guest network. Will either of these do what I need in having both my wireless networks from the main router duplicated?


CPE
Image

WISP AP
Image
 
FRGTech
just joined
Topic Author
Posts: 8
Joined: Thu Sep 19, 2019 5:04 pm

Re: Joining 2 Routers

Wed Oct 09, 2019 6:27 pm

You need a smart/managed switch with port bonding to do what you want to do.
I didn't refresh the page before replying earlier so I missed this. Can you expand on this at all or link to a guide?
 
FRGTech
just joined
Topic Author
Posts: 8
Joined: Thu Sep 19, 2019 5:04 pm

Re: Joining 2 Routers

Tue Oct 15, 2019 10:44 pm

Well I have been reading up some but have no confidence on doing this without some guidance. Any configuration to the main router has to be done on the middle of the night so I'm hesitant to just experiment until I get it right.

So if I just scrap the single unified DHCP server and the WAN failover, couldn't I just add the CRS109 as a standard Home AP by having it assigned an IP on its WAN by the CRS125 and just duplicate the wireless SSIDs for the main and guest networks? If so, my only concern is being able to manage the router through the WAN port so I won't have to physically go plug in a laptop to a LAN port. This is just a simple firewall rule to allow access only from a local LAN address right?

Thanks for any help.

Who is online

Users browsing this forum: No registered users and 115 guests