Hi all,
I bought my first two MikroTik routers(RB951Ui-2HnD) this morning. Before buying them, I was using some Ciscos with DDWRT on them.
I'm impressed with the web interface, there's no need to install ddwrt on openwrt, it's slick, fast and beautiful. I'm quite happy !
My message here is to get a bit of help on how to do something. I have an IT background but not in networking, it's too far away and I'm unable to do what I want at home.
Here's the current situation:
I have a modem (from VOO in Belgium), connected to the first MikroTik on the first port (WAN).
This first router (MT1) has a local IP: 192.168.1.1 and the wireless is configured with DHCP range: 192.168.1.50~150
The address acquisition for Internet is set to Automatic and it currently has 109.89.6.XX and gateway: 109.89.6.1
The second router (MT2) is connected to the first router(Port 2) using its first port (WAN).
Its local ip is: 192.168.3.1 and the wireless is configured with DHCP range: 192.168.3.50~150
The address acquisition for Internet is set to Automatic and it currently has 192.168.1.50 and gateway: 192.168.1.1
Here's what I'm trying to do:
I would like to have two proper networks.
MT1 with subnet 192.168.1.0/24
MT2 with subnet 192.168.3.0/24
The big question is how to configure the port on each router. How to let the two routers detect each other and communicate properly ?
Those two networks should have Internet and also let devices communicate between each others, from a subnet to another.
I think it's the tenth time that I try to do something, but I always end up not having internet and forced to reset the router to get my network back.
Thanks in advance for any help you might give.
Beginners quest: 2 routers, 2 subnets.
You do not have the required permissions to view the files attached to this post.
Last edited by drupol on Sun Mar 27, 2016 10:56 am, edited 1 time in total.
You have two options.
1. Make a setup like You described but is the worst situation. I can not know where you are loosing internet conectivity without you describing what did you do . you can use the quick setup feature configure both routers. But in this setup you will have double nat and possible to have problems with some internet aplications.
2. Best way is to setup the first mikrotik as router with two dhcp servers one for ports 3-5 and one for port2 who is connected with second mikrotik . That will be setup as a bridge. This way you can have two separate networks and the routing and nat will be done only by the first mikrotik.
If are in trouble to setup devices I can prepare a config for you later in a lab.
Sent from my Lenovo K50a40 using Tapatalk
1. Make a setup like You described but is the worst situation. I can not know where you are loosing internet conectivity without you describing what did you do . you can use the quick setup feature configure both routers. But in this setup you will have double nat and possible to have problems with some internet aplications.
2. Best way is to setup the first mikrotik as router with two dhcp servers one for ports 3-5 and one for port2 who is connected with second mikrotik . That will be setup as a bridge. This way you can have two separate networks and the routing and nat will be done only by the first mikrotik.
If are in trouble to setup devices I can prepare a config for you later in a lab.
Sent from my Lenovo K50a40 using Tapatalk
Re: Beginners quest: 2 Routers, 2 subnets.
Hi,
Thanks for replying!
I don't want double nat for sure, this is why I would like a separate router for each subnet.
Is it possible to do ?
Thanks for replying!
I don't want double nat for sure, this is why I would like a separate router for each subnet.
Is it possible to do ?
Re: Beginners quest: 2 Routers, 2 subnets.
Yeah the solution you gave is one solution but it's not really what I want.
I want MT2 to have it's own DHCP. I don't want to rely on MT1 for that.
I really want to differents subnets, one on each router.
I want MT2 to have it's own DHCP. I don't want to rely on MT1 for that.
I really want to differents subnets, one on each router.
-
-
ShayanFiroozi
Member Candidate
- Posts: 281
- Joined:
- Location: Bandar Abbas , Iran
Re: Beginners quest: 2 routers, 2 subnets.
Hi ,
1-Unplug your second router !!
2-first you have to setup you first router , if your first router has internet ( you can test it by ping 8.8.8.8 from Tools/Ping) then setup DHCP on first router and be sure it's working,since your modem , first router and first router's hosts are in a same subnet no routing will be required.
3-now connect your second router to the first router and setup your addressing :
192.168.1.1 should be set to the first router port2(which connected to the second router)
192.168.1.2(or any free ip address in 192.168.1 subnet) should be set to the wan port of second router(which connected to the first router)
default router will be add automatically when you are adding IP's.
4-in Tool/Ping you should be able to ping 192.168.1.1 from second router and ping 192.168.1.2(or any IP you given to the second router) from first router , if they are done go on next.....
5-in second router go to IP/Route and add this route :
add check-gateway=ping comment="Gateway To Internet" distance=1 gateway=192.168.1.1
6- no if you ping 8.8.8.8 from second router everything should be ok !
7-after that setup your second router DHCP on your second router.
*** pay attention here : your gateway of second router's users should be 192.168.1.1(actually your first router , then first router will route it to your modem
)
1-Unplug your second router !!
2-first you have to setup you first router , if your first router has internet ( you can test it by ping 8.8.8.8 from Tools/Ping) then setup DHCP on first router and be sure it's working,since your modem , first router and first router's hosts are in a same subnet no routing will be required.
3-now connect your second router to the first router and setup your addressing :
192.168.1.1 should be set to the first router port2(which connected to the second router)
192.168.1.2(or any free ip address in 192.168.1 subnet) should be set to the wan port of second router(which connected to the first router)
default router will be add automatically when you are adding IP's.
4-in Tool/Ping you should be able to ping 192.168.1.1 from second router and ping 192.168.1.2(or any IP you given to the second router) from first router , if they are done go on next.....
5-in second router go to IP/Route and add this route :
add check-gateway=ping comment="Gateway To Internet" distance=1 gateway=192.168.1.1
6- no if you ping 8.8.8.8 from second router everything should be ok !
7-after that setup your second router DHCP on your second router.
*** pay attention here : your gateway of second router's users should be 192.168.1.1(actually your first router , then first router will route it to your modem
)Re: Beginners quest: 2 routers, 2 subnets.
That's working perfectly.Hi ,
1-Unplug your second router !!
2-first you have to setup you first router , if your first router has internet ( you can test it by ping 8.8.8.8 from Tools/Ping) then setup DHCP on first router and be sure it's working,since your modem , first router and first router's hosts are in a same subnet no routing will be required.
192.168.1.1 is already set to be the IP of MT1. Should I also assign the same IP to the port 2 of MT1 ?3-now connect your second router to the first router and setup your addressing :
192.168.1.1 should be set to the first router port2(which connected to the second router)
192.168.1.2(or any free ip address in 192.168.1 subnet) should be set to the wan port of second router(which connected to the first router)
default router will be add automatically when you are adding IP's.
Could you please describe a bit more ?
Thanks!
-
-
ShayanFiroozi
Member Candidate
- Posts: 281
- Joined:
- Location: Bandar Abbas , Iran
Re: Beginners quest: 2 routers, 2 subnets.
no , use another subnet it's not important but 2 IP's should be on same subnet , set 192.168.250.1 to first router port 2 and 192.168.250.2 to second router wan(or any port which connected to the first router)
Re: Beginners quest: 2 routers, 2 subnets.
That will be double nat setup and I don't recommend it and he said also he does not want double nat. Again, setup first router, when everything works in the first router, remove ether5 from switch, you can do it by removing ether2 from master switch option and adding an IP and a dhcp server to ether5. Next setup the second mikrotik as a bridge and connect it to ether5 to the first one. That's it.Hi ,
1-Unplug your second router !!
2-first you have to setup you first router , if your first router has internet ( you can test it by ping 8.8.8.8 from Tools/Ping) then setup DHCP on first router and be sure it's working,since your modem , first router and first router's hosts are in a same subnet no routing will be required.
3-now connect your second router to the first router and setup your addressing :
192.168.1.1 should be set to the first router port2(which connected to the second router)
192.168.1.2(or any free ip address in 192.168.1 subnet) should be set to the wan port of second router(which connected to the first router)
default router will be add automatically when you are adding IP's.
4-in Tool/Ping you should be able to ping 192.168.1.1 from second router and ping 192.168.1.2(or any IP you given to the second router) from first router , if they are done go on next.....
5-in second router go to IP/Route and add this route :
add check-gateway=ping comment="Gateway To Internet" distance=1 gateway=192.168.1.1
6- no if you ping 8.8.8.8 from second router everything should be ok !
7-after that setup your second router DHCP on your second router.
*** pay attention here : your gateway of second router's users should be 192.168.1.1(actually your first router , then first router will route it to your modem
Sent from my Lenovo K50a40 using Tapatalk
-
-
ShayanFiroozi
Member Candidate
- Posts: 281
- Joined:
- Location: Bandar Abbas , Iran
Re: Beginners quest: 2 routers, 2 subnets.
That will be double nat setup and I don't recommend it and he said also he does not want double nat. Again, setup first router, when everything works in the first router, remove ether5 from switch, you can do it by removing ether2 from master switch option and adding an IP and a dhcp server to ether5. Next setup the second mikrotik as a bridge and connect it to ether5 to the first one. That's it.Hi ,
1-Unplug your second router !!
2-first you have to setup you first router , if your first router has internet ( you can test it by ping 8.8.8.8 from Tools/Ping) then setup DHCP on first router and be sure it's working,since your modem , first router and first router's hosts are in a same subnet no routing will be required.
3-now connect your second router to the first router and setup your addressing :
192.168.1.1 should be set to the first router port2(which connected to the second router)
192.168.1.2(or any free ip address in 192.168.1 subnet) should be set to the wan port of second router(which connected to the first router)
default router will be add automatically when you are adding IP's.
4-in Tool/Ping you should be able to ping 192.168.1.1 from second router and ping 192.168.1.2(or any IP you given to the second router) from first router , if they are done go on next.....
5-in second router go to IP/Route and add this route :
add check-gateway=ping comment="Gateway To Internet" distance=1 gateway=192.168.1.1
6- no if you ping 8.8.8.8 from second router everything should be ok !
7-after that setup your second router DHCP on your second router.
*** pay attention here : your gateway of second router's users should be 192.168.1.1(actually your first router , then first router will route it to your modem
Sent from my Lenovo K50a40 using Tapatalk
It's not double nat , masquerade nat on first router will be enough. also bridging will cause broadcast and collision domain also ARP poisoning and many other issues.......
routed network works more reliable and in future firewalling and controlling over hosts will be much more easier
-
-
ShayanFiroozi
Member Candidate
- Posts: 281
- Joined:
- Location: Bandar Abbas , Iran
Re: Beginners quest: 2 routers, 2 subnets.
NP ,it seams drupol is working hard and no result yet
Re: Beginners quest: 2 routers, 2 subnets.
Sorry if I misunderstood you, but users in second 192.168.3.0/24 subnet can't have 192.168.1.1 as gateway (unless you play with proxy arp, but that's completely unnecessary). What is needed is the last missing step:*** pay attention here : your gateway of second router's users should be 192.168.1.1(actually your first router , then first router will route it to your modem
8-tell first router, where to find second subnet
Code: Select all
/ip route
add distance=1 dst-address=192.168.3.0/24 gateway=192.168.1.2Re: Beginners quest: 2 routers, 2 subnets.
Indeed, had to reset once both routers because I messed up once again... but the good news is that I got everything working now thanks to your adviceNP ,it seams drupol is working hard and no result yet
IP Configuration on MT1:
Code: Select all
[admin@MT1] /ip> export
# mar/27/2016 15:07:43 by RouterOS 6.34.3
# software id = JT0P-F8WA
#
/ip pool
add name=dhcp ranges=192.168.1.50-192.168.1.150
/ip address
add address=192.168.1.1/24 interface=ether2-master network=192.168.1.0
add address=192.168.250.1/24 interface=bridge-home3 network=192.168.250.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=ether1-gateway
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge-home1 name=defconf
/ip dhcp-server network
add address=192.168.1.0/24 comment=defconf gateway=192.168.1.1 netmask=24
add address=192.168.3.0/24 gateway=192.168.3.1 netmask=24
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.1.1 name=router
/ip firewall filter
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add chain=forward comment="defconf: accept established,related" connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface=ether1-gateway
add chain=input protocol=icmp
add chain=input connection-state=established
add chain=input connection-state=related
add action=drop chain=input in-interface=ether1-gateway
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface=ether1-gateway
/ip route
add check-gateway=ping distance=1 dst-address=192.168.3.0/24 gateway=192.168.250.2
[admin@MT1] /ip>
Code: Select all
[admin@MT2] /ip> export
# mar/27/2016 15:09:19 by RouterOS 6.34.3
# software id = R657-I42S
#
/ip hotspot profile
add hotspot-address=192.168.5.1 name=hsprof1
add hotspot-address=192.168.5.1 name=hsprof2
/ip pool
add name=dhcp ranges=192.168.3.50-192.168.3.150
add name=hs-pool-10 ranges=192.168.5.2-192.168.5.254
/ip address
add address=192.168.3.1/24 comment="default configuration" interface=ether2-master-local network=192.168.3.0
add address=192.168.5.1/24 comment="hotspot network" interface=wlan2 network=192.168.5.0
add address=192.168.250.2/24 interface=ether1-gateway network=192.168.250.0
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid interface=ether1-gateway
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge-local name=default
add address-pool=dhcp disabled=no interface=wlan2 name=hotspot src-address=192.168.66.1
/ip dhcp-server lease
add address=192.168.3.5 client-id=1:0:11:32:34:81:b2 mac-address=00:11:32:34:81:B2 server=default
/ip dhcp-server network
add address=192.168.3.0/24 comment="default configuration" gateway=192.168.3.1 netmask=24
add address=192.168.5.0/24 comment="hotspot network" gateway=192.168.5.1
/ip dns
set allow-remote-requests=yes servers=192.168.250.1
/ip dns static
add address=192.168.3.1 name=router
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established,related
add action=drop chain=input comment="default configuration" in-interface=ether1-gateway
add action=fasttrack-connection chain=forward comment="default configuration" connection-state=established,related
add chain=forward comment="default configuration" connection-state=established,related
add action=drop chain=forward comment="default configuration" connection-state=invalid
add chain=forward comment="default configuration" connection-nat-state=!dstnat connection-state=new in-interface=ether1-gateway
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="default configuration" out-interface=ether1-gateway
add action=masquerade chain=srcnat comment="masquerade hotspot network" src-address=192.168.5.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" src-address=192.168.5.0/24
/ip hotspot
add address-pool=hs-pool-10 disabled=no interface=wlan2 name=hotspot1 profile=hsprof2
/ip hotspot user
add name=admin
/ip route
add check-gateway=ping distance=1 gateway=192.168.250.1
[admin@MT2] /ip>Re: Beginners quest: 2 routers, 2 subnets.
Remove this rule from second router, that's the unnecessary second NAT:
Code: Select all
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" out-interface=ether1-gateway-
-
ShayanFiroozi
Member Candidate
- Posts: 281
- Joined:
- Location: Bandar Abbas , Iran
Re: Beginners quest: 2 routers, 2 subnets.
Yeah thank you for correction , that because i just imagined situation and didn't draw it as diagram also working with not real IP's was confusing;)Sorry if I misunderstood you, but users in second 192.168.3.0/24 subnet can't have 192.168.1.1 as gateway (unless you play with proxy arp, but that's completely unnecessary). What is needed is the last missing step:*** pay attention here : your gateway of second router's users should be 192.168.1.1(actually your first router , then first router will route it to your modem
8-tell first router, where to find second subnetCode: Select all/ip route add distance=1 dst-address=192.168.3.0/24 gateway=192.168.1.2
-
-
ShayanFiroozi
Member Candidate
- Posts: 281
- Joined:
- Location: Bandar Abbas , Iran
Re: Beginners quest: 2 routers, 2 subnets.
@drupol :Remove this rule from second router, that's the unnecessary second NAT:Code: Select all/ip firewall nat add action=masquerade chain=srcnat comment="default configuration" out-interface=ether1-gateway
your first router working as NAT router for you , packets route from router #2 to #1 because you have default route in your #2 router : add check-gateway=ping distance=1 gateway=192.168.250.1
it will be route all packets which their subnet is not exists in router #2's routing table t the 192.168.250.1(router #1)
[Fixed] Re: Beginners quest: 2 routers, 2 subnets.
Hi all,
Everything is working fine, thanks for your warm help.
Here's the network diagram of my home network.
Everything is working fine, thanks for your warm help.
Here's the network diagram of my home network.
You do not have the required permissions to view the files attached to this post.