Hi
I am a newbie and my questions might be too trivial.
I have a Mikrotek RB2011iL-IN to which I need to connect 2 WANs and 2 LANs.
• WAN1 on port 1 is high speed fiber Internet access and, therefore, the preferential path to the Internet.
• WAN2 on port 2 is an old low speed cooper Internet access and, therefore, should be used only as a backup link
• LAN1 on port 9 is connected to a switch for internal administrative workers.
• LAN2 on port 8 is connected to a switch for visitors.
How can I setup the router to:
1. Have WAN1 and WAN2 as Active-Passive failover teaming?
2. Have users on each LAN able to access Internet, but not able to access the other LAN?

Thank you,
Rui

Failover WAN:
http://wiki.mikrotik.com/wiki/Failover_Scripting

Loadbalancing WAN:
http://wiki.mikrotik.com/wiki/Manual:PCC
https://aacable.wordpress.com/2011/07/2 ... t-by-zaib/

As far as the LAN side, that is pretty simple.

Ensure your nat-masquerade rule is setup for both networks if they need access outside of your network.
Setup interface 9 with ip address of 192.168.1.0/24; assign vlan tag of 100 (feel free to use whatever IPs /vlan tags you wish)
Setup interface 8 with ip address of 192.168.2.0/24; assign vlan tag of 200

You then want two rules to drop traffic between the networks, but permit the traffic to leave your network.
For instance: (syntax may be wrong - at work at the moment)
chain=forward action=drop src-address=192.168.1.0/24 dst-address=192.168.2.0/24
chain=forward action=permit src-address=192.168.1.0/24 dst-address=0.0.0.0/0
chain=forward action=drop src-addrss=192.168.2.0/24 dst-address=192.168.1.0/24
chain=forward action=permit src-address=192.168.2.0/24 dst-address=0.0.0.0/0