Hi all,

I'm on my 3rd day of owning a RB952Ui-5ac2nD-US hAP ac lite. While I only know basic networking, through lots of searching and reading the Wiki and forum, I've figured out how to get the router setup with both a WAN source connected to ether 1 and a USB LTE cellular modem. I can switch between the two WAN sources by disabling one or the other in RouterOS and it seems to work great.

What I'd like to try next is to split up the two WAN's into separate LAN's as follows:

WAN 1 -> ether1 -> wlan2
WAN 2 -> USB (the LTE cellular modem) -> wlan1

I don't need or want any interaction between these two WAN's or LAN's. Basically all I want is two separate networks in the same box.

I think I understand how the default "bridge" in the router connects all of the WAN inputs and LAN outputs together, so I believe I simply need to create a second bridge (bridge2) then attach wlan1 to one bridge (bridge1) and wlan2 to the other (bridge2). What I don't understand is how (or where) in RouterOS I specify which bridge the USB LTE cellular modem should connect to. Using WinBox, I've poked around for hours and can't figure it out. I can see the LTE cellular modem in the Interface List, but nowhere do I see where the current (and only) bridge is actually connected to it.

Can someone please walk me through... or point me to some documentation or a guide... which can help create such a dual WAN / dual LAN setup?

Thanks in advance,

John

Easiest way I can think of off the top of my head is configure your NATs to only service one LAN or the other.

i.e. WAN1 NAT services LAN1 / WAN2 NAT service LAN2

You should be able to do this with just two NAT rules. You need to masquerade rules, src-address will be the lan or wifi subnet, out-interface will be the wan or lte interface.
Remove the wifi from the LAN bridge, give the interface a new ip/subnet. create a second ip pool, dhcp server and network.

Remove the wifi from the LAN bridge...

Dave,

As I try to wrap my head around this concept, I'd like to double check that my understanding is correct...

1. I DON'T necessary need to create a second bridge in RouterOS, because a bridge is used only to tie LAN ports together (if that's needed and/or desired)?

2. The connections I want to make between the two separate WAN's and LAN's will be controlled by having two separate NAT rules directing the traffic?

Do I have it right?

Sorry... I know this is probably laughably basic to someone with your networking knowledge so I appreciate your patience and time.

Thanks!

John

No worries at all! Often us "veterans" and "gurus" can be hard on new users asking dumb questions, but that is almost always because they simply want us to do it for them and they have no intention of reading, learning or understanding what they are working with. So many want a "just click here" answer. You clearly want to learn, so we are happy to teach.

That said - you nailed it. Bridges are used like a "switch" they simply connect the Layer 2 interfaces together, then they are all treated as one logical interface. If you don't need the LAN and WiFi on the same network (no need for broadcast traffic) then you can have two subnets. The can still communicate with each other, they will simply be routed instead of bridged. If you need them to still be bridged, that's okay - we can still do it - just may take a bit more work.

Yes - the NAT rules will control the traffic flow. RouterOS is pretty clear to understand... i.e src-address and out-interface. Once you get the basics down, you will see just how powerful even the cheap little $29 MikroTik's really are.

Also - Don't forget that having two WANs means you need two sets of filter rules. Well, in the newer releases you can use interface lists, with allows for one set... but that's in networking 102... we'll stick to 101 for now.

Also - Don't forget that having two WANs means you need two sets of filter rules. Well, in the newer releases you can use interface lists, with allows for one set... but that's in networking 102... we'll stick to 101 for now.

Thanks Dave for your kind comments and helpful suggestions.

Your comment about NAT filters makes me realize I'm quickly getting over my level of understanding, so I'm going to take a pause and go get some edumacation. I think I need to find a good eBook which covering all aspects of networking over on the O'Reilly Media website (oreilly.com).

I have another (somewhat unrelated) question if you don't mind:

As I mentioned previously, I have two WAN sources connected to my RB952. One is a Ubiquiti Bullet on top of our RV pulling in public WiFi and is connected to ether1. The other is a LTE cellular modem connected to the RB952's usb1 port. When I have both connected and active, RouterOS (apparently) favors the USB LTE cellular modem as the WAN source and all internet traffic goes through it. If I disable the USB LTE cellular modem in the Interface List, then RouterOS sens Internet traffic to the WAN source on ether1.

So my question is this:

Are you aware of a simple setting(s) in RouterOS that controls the behavior which favors the USB LTE cellular modem over ether1 as the WAN source when both are active?

I realize there are some pretty advanced failover possibilities available in RouterOS, but I'm really just trying to understand why or how the USB LTE cellular modem is the default favored WAN source.

Thanks again and best regards,

John

That would likely be in your routing table. (ip -> routes)

Your default route is 0.0.0.0/0 will have a gateway interface. that is where the traffic goes by default.
you likely have two defaults. One for LTE and one for public wifi.
You should notice that they have a "metric" That metric is the "path cost" for the link. The lowest number will be the route that the traffic takes.
When an interface goes down, its route should also go down, causing the next in line to win the default.

You most likely want the wifi link to have have a metic of say 50, and the LTE link at 100. (though it could be 99 & 100, or even 1 & 2)