Community discussions

MikroTik App
 
nonosch68
just joined
Topic Author
Posts: 12
Joined: Thu May 26, 2022 1:03 am

Chateau Lte passthrough and bridge on other ports

Thu May 26, 2022 1:31 am

Hello,

first excuse me if my english is not correct.
I'm a beginner under RouterOs.

I have a Chateau LTE Router and ccr2004-16g2s+pc
The CCR2004 is connect to my fiber isp modem (which is in bridge mode) and has a dhcp client for the wan connection (sfp1). The subnet for the lan is 192.168.6.0. Firewall is on.

I want to use the Chateau in case of the fiber connection is down but don't want to use a failover dual wan method. The Chateau will be plug in the wan connector sfp1 of the ccr2004 if i need it.

My questions are :
On the Chateau :

- the Lte interface will be in passthrough mode with port ethernet 1 and plug to sfp1 (wan) of the ccr2204 : is there a need or firewall rules on the Chateau or the firewall of the ccr2004 is enough ?

- to ease the management i wish to create a brigde (port eth 2 -3-4 -5) and make it work like a switch on the Chateau with the same subnet of the ccr2004 (192.168.6.0).
the idea is to have just to plug a cable in port 2 or 3 and connect it to the lan of the ccr2004 to manage the Lte router
- is there something to do for security like firewall rules in this configuration or is this safe to do this ?


Hope i was clear enough
thanks for your time
 
User avatar
SiB
Forum Guru
Forum Guru
Posts: 1888
Joined: Sun Jan 06, 2013 11:19 pm
Location: Poland

Re: Chateau Lte passthrough and bridge on other ports

Sat May 28, 2022 12:28 am

nonosch68 write:
The Chateau will be plug in the wan connector sfp1 of the ccr2004 if i need it.
Cheateau not have sfp.. but 1GbE. You probably say to connect it to one of ethernet ports of CCR as second WAN.
From CCR perspective.. SFP+ is WAN1, one of Ethernet is WAN2 from Chateau, other ports are LAN.
Image

the Lte interface will be in passthrough mode with port ethernet 1 and plug to sfp1 (wan) of the ccr2204
again. LTE inteface can be passthrough to other ethernet port of other ETHERNET device. Of course you can do a "bridge-wan with sfp+ and ethernet" and use a bridge to receive Public IP from Chateau but you not write that way.
is there a need or firewall rules on the Chateau or the firewall of the ccr2004 is enough ?
Of course, all changes of conception should have proper/right changes in firewall but when your bridge-wan receive that or other Public IP and your Masq is done as outgoing inteface bridge-wan then it's probably without any other changes. When you manual switch from one to other WAN. But why not do a simple failover...

to ease the management i wish to create a brigde (port eth 2 -3-4 -5) and make it work like a switch on the Chateau with the same subnet of the ccr2004 (192.168.6.0).
the idea is to have just to plug a cable in port 2 or 3 and connect it to the lan of the ccr2004 to manage the Lte router
Yes, you can use both devices ports as "switch--switch" scenario. Yes, Chateau can use IP from that CCR LAN as client of that lan.

is there something to do for security like firewall rules in this configuration or is this safe to do this ?
Not only, remember that dhcp-server should be disable on chateau... dhcp-client should be created on new LAN bridge.
Concept of pasthrought change idea of using device and often then better is use it as blank configuration. Remeber, that device not have a internet on itself, it receive it back from other device like cgnat scenario.
 
nonosch68
just joined
Topic Author
Posts: 12
Joined: Thu May 26, 2022 1:03 am

Re: Chateau Lte passthrough and bridge on other ports

Sat May 28, 2022 11:27 am

thanks for answering

I'm sorry my english is so poor that i just want to be sure that i understand well (1 hour to read and make this message : shame on me :D )

In fact i forget to say that on sfp1 (ccr2004) i use a S+Rj10transceiver (my fiber isp provide 2.5 Gb by ethernet port)

i prefer not tu use failover because the chateau will be not "power on" everytime and will be only power on when my fiber isp is down.

if i have just to unplug the isp modem and plug the Chateau in the S+Rj10 i think i have nothing to change in my CCR2004 configuration (nat rules, firewall, make failover, vlan, etc...)

I prefer too , have not to make new things like vlan etc.... on the ccr2004 to have easy acces to the Chateau when it will be in use

One idea , in my newbie brain , is to have "one side" of the Chateau (LTE + Eth1) which give the internet acces to the ccr2004 and make an independant part (independant of LTE +ETH1)
with the others ethernet ports of the Chateau (switch with 192.168.6.0 ..) to easily access/manage the Chateau, and just have to plug another cable from an ethernet lan port of the ccr2004 to have acces to the Chateau switch/management


So am i correct if i do this :



LTE + ETH1 on Chateau

[ LTE(Chateau) interface passthrough to eth1(Chateau) ] = act/replace isp's modem -----> [ S+Rj10 (sfp1-ccr2004) ] = Wan access for CCR2004 (192.168.6.0)

i have to :

start with an empty configuration on the Chateau

create a passthrought with LTE and eth1 : https://help.mikrotik.com/docs/display/ ... ughExample

No need for firewalling rules on the Chateau - keep the existing configuration on the ccr2004 (same wan interface - like with isp modem)

Eth 2 + Eth 3 +Eth 4 +Eth 5 = "independant switch"

create a bridge beetween those ports - (no dhcp server) - make the bridge act like a switch client of the ccr2004 - give for exemple 192.168.6.19/24 adress for the bridge

No firewalling rules in the Chateau, the firewall don't change in the ccr2004

is this correct ?
 
User avatar
SiB
Forum Guru
Forum Guru
Posts: 1888
Joined: Sun Jan 06, 2013 11:19 pm
Location: Poland

Re: Chateau Lte passthrough and bridge on other ports  [SOLVED]

Sat May 28, 2022 6:53 pm

Yes, you thinking correctly.

I add some info about WAN site on CCR.
SFP+ with or without transceiver is still sfp+ interface on RouterOS.
On physical layer, yes, I not think that you use a transceiver :) but yes, this change "from fiber to cable" :).

In that interface, we can say sfp_wan you can have your dhcp-client who will ones receive IP settings from your fiber or from lte pasthrough. Both scenario is a one dhcp-client at interface.
From perspective CCR, it's one ISP who will give you differ IP addressation and differ route path, mtu to internet. You can say it will be transparent.

And of course, most people not want clicm on tower, go up 1000m on top... just to replece devices, transceiver, cables... they want use Failover on two differ ports and only use Power Adapter on LTE to on/off it. Most people but not you :). I hope I give you more self-confidence.
Good Luck !
 
nonosch68
just joined
Topic Author
Posts: 12
Joined: Thu May 26, 2022 1:03 am

Re: Chateau Lte passthrough and bridge on other ports

Sat May 28, 2022 7:31 pm

Thank you very much for your time and answers :-D
 
User avatar
SiB
Forum Guru
Forum Guru
Posts: 1888
Joined: Sun Jan 06, 2013 11:19 pm
Location: Poland

Re: Chateau Lte passthrough and bridge on other ports

Sat May 28, 2022 11:05 pm

If you create a new case about LTE but I not answer, then please remember that in signature is always a Telegram as alternative communicator.
 
nonosch68
just joined
Topic Author
Posts: 12
Joined: Thu May 26, 2022 1:03 am

Re: Chateau Lte passthrough and bridge on other ports

Sun May 29, 2022 9:44 am

Ok :)

Who is online

Users browsing this forum: mrbroadband, nike78 and 49 guests