Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

Routing Query

Post Reply
 
noobneedshelp
just joined
Topic Author
Posts: 2
Joined: Fri Apr 12, 2024 11:47 am

Routing Query

Fri Apr 12, 2024 12:32 pm

Hello fellow Mikrotik users.

I am asking for your assistance with a routing problem please.

I usually work with Cisco devices so I have a generally good understanding of networking and configurations, but the Mikrotik Bridge, masquerade, etc., is breaking my brain. Essentially, I have setup a Mikrotik to load balance two LTE connections that we will plug into our office Cisco router when we experience a WAN fibre failure so that the office has connectivity while the fibre is repaired.

I connected the two LTE routers to ether4 and ether5 with separate bridges each. There is a local bridge on the Mikrotik as well. The Mikrotik is connected to my office switch and ether1 is setup to receive a DHCP configuration from my office Cisco router, which it does. Using the terminal through winbox I can confirm that the load balancing is working, the ether1 port is receiving the DHCP configuration and I have internet breakout balancing between the two LTE devices successfully, even when using the ether1 DHCP IP as the src-address for the ping testing. If I try to source the ping with the Cisco gateway, I get an

The only issue I am having is routing traffic back to the LAN behind the Cisco. With Cisco, the directly connected route is used (as the IP and gateway are distributed via DHCP), and I do see the DAC route of 10.0.0.0/24 with the gateway of 10.0.0.1 on the Mikrotik route list. I can ping the gateway successfully as well.

Code: Select all
/ip address> print
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         INTERFACE                                                                                                                      
 0 D 1.0.0.189/24 1.0.0.0   ether4                                                                                                                         
 1 D 2.0.0.190/24 2.0.0.0   ether5                                                                                                                         
 2   1.0.0.2/24   1.0.0.0   LTE1                                                                                                                           
 3   2.0.0.2/24   2.0.0.0   LTE2                                                                                                                           
 4   3.0.0.1/24   3.0.0.0   local                                                                                                                          
 5 D 10.0.0.70/24   10.0.0.0    ether1  



 /ip route> print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit 
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 A S  0.0.0.0/0                          1.0.0.1             1
 1 A S  0.0.0.0/0                          2.0.0.1             1
 2 A S  0.0.0.0/0                          1.0.0.1             1
 3   S  0.0.0.0/0                          2.0.0.1             2
 4 ADC  10.0.0.0/24    10.0.0.70   ether1                    0
 5 X S  10.0.0.0/24    10.0.0.70   10.0.0.1              1
 6 ADC  1.0.0.0/24   1.0.0.2   LTE1                      0
 7 ADC  2.0.0.0/24   2.0.0.2   LTE2                      0
 8 ADC  3.0.0.0/24   3.0.0.1   local                     0

Perhaps my ignorance is doing me in, or I am missing something stupidly simple but I am struggling to get this resolved and would appreciate any info and/or suggestions that you might offer.

Code: Select all
# model = RB951Ui-2nD
# serial number = 
/interface bridge
add name=Cisco
add name=LTE1
add name=LTE2
add name=local
/interface ethernet
set [ find default-name=ether2 ] disabled=yes
set [ find default-name=ether3 ] disabled=yes
/interface list

/interface bridge port
add interface=ether1
add bridge=LTE1 interface=ether4
add bridge=LTE2 interface=ether5
/ip neighbor discovery-settings
set discover-interface-list=listBridge
/interface list member
add interface=local list=listBridge
add interface=Cisco list=listBridge
/ip address
add address=1.0.0.2/24 interface=LTE1 network=1.0.0.0
add address=2.0.0.2/24 interface=LTE2 network=2.0.0.0
add address=3.0.0.1/24 interface=local network=3.0.0.0
/ip dhcp-client
# DHCP client can not run on slave interface!
add disabled=no interface=ether4
# DHCP client can not run on slave interface!
add disabled=no interface=ether5
add disabled=no interface=ether1
/ip firewall filter
add action=accept chain=input comment="accept established,related" \
    connection-state=established,related
add action=drop chain=input connection-state=invalid
add action=accept chain=input comment="allow ICMP" in-interface=ether1 \
    protocol=icmp
add action=accept chain=input comment="allow Winbox" in-interface=ether1 \
    port=8291 protocol=tcp
add action=accept chain=input comment="allow SSH" in-interface=ether1 port=22 \
    protocol=tcp
add action=drop chain=input comment="block everything else" in-interface=\
    ether1
add action=fasttrack-connection chain=forward comment=\
    "fast-track for established,related" connection-state=established,related
add action=accept chain=forward comment="accept established,related" \
    connection-state=established,related
add action=drop chain=forward connection-state=invalid
add action=drop chain=forward comment=\
    "drop access to clients behind NAT from WAN" connection-nat-state=!dstnat \
    connection-state=new in-interface=ether1
/ip firewall mangle
add action=accept chain=prerouting dst-address=1.0.0.0/24 in-interface=\
    Cisco
add action=accept chain=prerouting dst-address=2.0.0.0/24 in-interface=\
    Cisco
add action=mark-connection chain=prerouting connection-mark=no-mark \
    in-interface=LTE1 new-connection-mark=LTE1_conn
add action=mark-connection chain=prerouting connection-mark=no-mark \
    in-interface=LTE2 new-connection-mark=LTE2_conn
add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address=0.0.0.0 dst-address-type=!local in-interface=Cisco \
    new-connection-mark=LTE1_conn per-connection-classifier=src-address:2/0
add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address=0.0.0.0 dst-address-type=!local in-interface=Cisco \
    new-connection-mark=LTE2_conn per-connection-classifier=\
    both-addresses:2/1
add action=mark-routing chain=prerouting connection-mark=LTE1_conn \
    in-interface=local new-routing-mark=to_LTE1
add action=mark-routing chain=prerouting connection-mark=LTE2_conn \
    in-interface=local new-routing-mark=to_LTE2
add action=mark-routing chain=output connection-mark=LTE1_conn \
    new-routing-mark=to_LTE1
add action=mark-routing chain=output connection-mark=LTE2_conn \
    new-routing-mark=to_LTE2
/ip firewall nat
add action=masquerade chain=srcnat out-interface=LTE1
add action=masquerade chain=srcnat out-interface=LTE2
/ip route
add check-gateway=ping distance=1 gateway=1.0.0.1 routing-mark=to_LTE1
add check-gateway=ping distance=1 gateway=2.0.0.1 routing-mark=to_LTE2
add check-gateway=ping distance=1 gateway=1.0.0.1
add check-gateway=ping distance=2 gateway=2.0.0.1
add check-gateway=ping distance=1 dst-address=10.0.0.0/24 gateway=\
    10.0.0.1 pref-src=10.0.0.70 scope=10
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh port=2200
set api disabled=yes
set winbox address=10.0.0.0/24
/ip ssh
set strong-crypto=yes
/system identity
set name=Fail_Over_MikroTik
/tool bandwidth-server
set enabled=no
/tool mac-server
set allowed-interface-list=listBridge
/tool mac-server mac-winbox
set allowed-interface-list=listBridge
Last edited by noobneedshelp on Tue Apr 16, 2024 9:17 am, edited 3 times in total.
Top
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 2977
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: Routing Query

Fri Apr 12, 2024 1:11 pm

Please do edit post and use proper tags for better readibility
Top
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 21897
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:
Contact anav

Re: Routing Query

Fri Apr 12, 2024 2:33 pm

Network diagram please, I have no idea what your doing,
Top
 
User avatar
loloski
Member
Member
Posts: 420
Joined: Mon Mar 15, 2021 9:10 pm

Re: Routing Query

Fri Apr 12, 2024 3:09 pm

if this is the subnet behind cisco (10.0.0.0/24) via ether1 you are trying to reach? i would suggest make a point to point connection /30 between mikrotik and cisco like e.g 10.100.10.1/30 on ether1 and 10.100.10.2/30 on cisco and route the LAN subnet 10.0.0.0/24 to 10.100.10.2
Code: Select all
ip route add dst-address=10.0.0.0/24 gw=10.100.10.2
this is more speculative since you don't have network diagram but in general that what most common setup do if you have multiple subnet in your network, not really a mikrotik thing but a network concept in general
Top
 
noobneedshelp
just joined
Topic Author
Posts: 2
Joined: Fri Apr 12, 2024 11:47 am

Re: Routing Query

Tue Apr 16, 2024 9:14 am

Thank you for the responses, much appreciated.

I will get a network diagram together and share that.
Top
Post Reply

Who is online

Users browsing this forum: JohnTRIVOLTA and 20 guests
  4. RouterOS
  5. Beginner Basics