Community discussions

MikroTik App
 
joshhboss
Member Candidate
Member Candidate
Topic Author
Posts: 270
Joined: Thu Aug 01, 2019 2:13 pm

Help with my failover setup

Tue Nov 15, 2022 2:10 am

I was messing around trying to understand recursive routes but after getting everything setup I can seem to get my vlans to work properly. The internet just goes in and out but for sure the internet connection is working well. I dont know if im missing something in the mangle rules or really where else to look. If someone could check my config and let me know if anything sticks out id really appreciate it.

thank you ..









  MMM      MMM       KKK                          TTTTTTTTTTT      KKK
  MMMM    MMMM       KKK                          TTTTTTTTTTT      KKK
  MMM MMMM MMM  III  KKK  KKK  RRRRRR     OOOOOO      TTT     III  KKK  KKK
  MMM  MM  MMM  III  KKKKK     RRR  RRR  OOO  OOO     TTT     III  KKKKK
  MMM      MMM  III  KKK KKK   RRRRRR    OOO  OOO     TTT     III  KKK KKK
  MMM      MMM  III  KKK  KKK  RRR  RRR   OOOOOO      TTT     III  KKK  KKK

  MikroTik RouterOS 7.6 (c) 1999-2022       https://www.mikrotik.com/

Press F1 for help



[admin@MikroTik] > export
# nov/14/2022 19:08:14 by RouterOS 7.6
# software id = 7XHG-9DN7
#
# model = RB760iGS
# serial number = E1F20DBE9019
/interface bridge
add admin-mac=08:55:31:FE:65:6C auto-mac=no comment=defconf ingress-filtering=\
    no name=bridge vlan-filtering=yes
/interface vlan
add interface=bridge name=200 vlan-id=200
add interface=bridge name=Test23 vlan-id=23
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=dhcp_pool1 ranges=192.168.200.2-192.168.200.254
add name=dhcp_pool2 ranges=192.168.200.2-192.168.200.254
add name=dhcp_pool3 ranges=192.168.200.10-192.168.200.254
add name=dhcp_pool4 ranges=192.168.23.10-192.168.23.250
/ip dhcp-server
add address-pool=default-dhcp interface=bridge name=defconf
add address-pool=dhcp_pool3 interface=200 name=dhcp1
add address-pool=dhcp_pool4 interface=Test23 name=dhcp2
/port
set 0 name=serial0
/routing table
add fib name=to_ISP1
add fib name=to_ISP2
/interface bridge port
add bridge=bridge comment=defconf ingress-filtering=no interface=ether3
add bridge=bridge comment=defconf ingress-filtering=no interface=ether5
add bridge=bridge comment=defconf ingress-filtering=no interface=sfp1
add bridge=bridge ingress-filtering=no interface=ether4
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface bridge vlan
add bridge=bridge tagged=bridge,ether4 vlan-ids=200
add bridge=bridge tagged=bridge,ether5 vlan-ids=23
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=ether2 list=WAN
/interface ovpn-server server
set auth=sha1,md5
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
    192.168.88.0
add address=192.168.200.1/24 interface=200 network=192.168.200.0
add address=192.168.23.1/24 interface=Test23 network=192.168.23.0
/ip dhcp-client
add add-default-route=no comment=defconf interface=ether1
add add-default-route=no interface=ether2
/ip dhcp-server network
add address=192.168.23.0/24 dns-server=8.8.8.8 gateway=192.168.23.1
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
add address=192.168.200.0/24 dns-server=8.8.8.8,1.1.1.1 gateway=192.168.200.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
    invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" \
    connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall mangle
add action=mark-connection chain=output connection-mark=no-mark \
    connection-state=new new-connection-mark=ISP1_conn out-interface=ether1 \
    passthrough=yes
add action=mark-routing chain=output connection-mark=ISP1_conn \
    new-routing-mark=to_ISP1 out-interface=ether1
add action=mark-connection chain=output connection-mark=ISP2_conn \
    connection-state=new new-connection-mark=ISP2_conn out-interface=ether2 \
    passthrough=yes
add action=mark-routing chain=output connection-mark=ISP2_conn \
    new-routing-mark=to_ISP2 out-interface=ether2
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=\
    out,none out-interface-list=WAN
add action=masquerade chain=srcnat out-interface=ether2
/ip route
add comment="Monitor Internet 1" disabled=no distance=1 dst-address=1.0.0.1/32 \
    gateway=192.168.2.1 pref-src="" routing-table=main scope=10 \
    suppress-hw-offload=no target-scope=10
add comment="Monitor Internet 2" disabled=no distance=2 dst-address=4.2.2.2/32 \
    gateway=172.25.1.1 pref-src="" routing-table=main scope=10 \
    suppress-hw-offload=no target-scope=10
add check-gateway=ping comment="Default Route" disabled=no distance=1 \
    dst-address=0.0.0.0/0 gateway=1.0.0.1 pref-src=0.0.0.0 routing-table=main \
    scope=30 suppress-hw-offload=no target-scope=11
add check-gateway=ping comment="BackUp Route" disabled=no distance=2 \
    dst-address=0.0.0.0/0 gateway=4.2.2.2 pref-src=0.0.0.0 routing-table=main \
    scope=30 suppress-hw-offload=no target-scope=11
/system clock
set time-zone-name=America/New_York
/system ntp client
set enabled=yes
/system ntp client servers
add address=40.119.6.228
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool romon
set enabled=yes
[admin@MikroTik] > 

Who is online

Users browsing this forum: Google [Bot], GoogleOther [Bot], johnson73, rplant, sted, TeWe and 99 guests