MikroTik

Greetings everyone,

My isp network is 172.19.59.0/24 and it is a pppoe service, right now i have used over 120 address and the number is growing day by day.

I have an idea of using a router board to open the limits of addresses for future growth by making new networks that can communicate with each others through the router and to get the pppoe service from the original network as well, so the idea should be like this:

Port 1 is for my isp, and the rest are for expansion
Port 2 network is: 172.19.2.0/24
Port 3 network is: 172.19.3.0/24
Port 4 network is: 172.19.4.0/24
Port 5 network is: 172.19.5.0/24

looking forward to get the needed help from you guys by teaching me how to do this please!!
Thank you...

Anyone please?

/ip address
add address=172.19.2.1/24 interface=ether2 network=172.19.2.0
add address=172.19.3.1/24 interface=ether3 network=172.19.3.0
add address=172.19.4.1/24 interface=ether4 network=172.19.4.0
add address=172.19.59.1/24 interface=ether1 network=172.19.59.0

What's next thing to do for routing?

What's next thing to do for routing?

It's a router. It always routes by default.

#1 computer (172.19.2.10) is on ether 2, it can ping to 172.19.2.1 (which is the ether 2 IP address).
#2 computer (172.19.3.10) is on ether 3, it can ping to 172.19.3.1 (which is the ether 3 IP address).
The two computers can not ping to each other.

#1 computer (172.19.2.10) is on ether 2, it can ping to 172.19.2.1 (which is the ether 2 IP address).
#2 computer (172.19.3.10) is on ether 3, it can ping to 172.19.3.1 (which is the ether 3 IP address).
The two computers can not ping to each other.

Unfortunately there are many unknowns in this case. You have provided little relevant information.

The router will route your traffic by default. There are many reasons that the traffic might not reach its destination. There are several reasons your computers wouldn't respond to ping.

I'd venture to say that most people here are willing to provide educational replies to simple questions, but most won't do your work for you for free. With that in mind, I'd suggest looking at the router firewall config, router logs, your computer firewall logs, and performing packet captures on router interfaces and the computers to see where the pings are being seen and where they are not. That should lead you to your solution.

#1 computer (172.19.2.10) is on ether 2, it can ping to 172.19.2.1 (which is the ether 2 IP address).
#2 computer (172.19.3.10) is on ether 3, it can ping to 172.19.3.1 (which is the ether 3 IP address).
The two computers can not ping to each other.

Unfortunately there are many unknowns in this case. You have provided little relevant information.

The router will route your traffic by default. There are many reasons that the traffic might not reach its destination. There are several reasons your computers wouldn't respond to ping.

I'd venture to say that most people here are willing to provide educational replies to simple questions, but most won't do your work for you for free. With that in mind, I'd suggest looking at the router firewall config, router logs, your computer firewall logs, and performing packet captures on router interfaces and the computers to see where the pings are being seen and where they are not. That should lead you to your solution.

Check firewall on router, if not empty add allow rules for inter-subnet traffic.
Check gateway on clients, should be 172.19.x.1.

Okay, so far the code below is doing what i need except for the pppoe connection, as for the connection between the three networks on ether2, 3 & 4, i can ping and communicate any pc to another one from the other networks, so the only problem for now is the pppoe that is not working:

/ip address
add address=172.19.2.1/24 interface=ether2 network=172.19.2.1
add address=172.19.3.1/24 interface=ether3 network=172.19.3.1
add address=172.19.4.1/24 interface=ether4 network=172.19.4.1
add address=172.19.59.253/24 interface=ether1 network=172.19.59.0
/ip firewall nat
add action=masquerade chain=srcnat
/ip route
add distance=1 gateway=172.19.59.254

Looking forward to hear from you guys...

The masquerade rule probably lacks definition of out interface. Such as:
(use name of PPPoE interface)

Unfortunately, It didn't work

Your gateway and Ether1 addresses don't match. One is 172.19.59.253 and the other is 172.19.59.254.

And what exactly doesn't work? If devices in those 192.168.x.x on ether2-4 use .1 (the router) as gateway and can communicate with each other, then they must also be able to connect to anything else the router itself is able to connect to. That's what the masquerade does, anything going out via ether1 will use 172.19.59.253 as source address.

Your gateway and Ether1 addresses don't match. One is 172.19.59.253 and the other is 172.19.59.254.

172.19.59.254 is my isp port IP address, 172.19.59.253 is my router ether1 port IP address.

And what exactly doesn't work? If devices in those 192.168.x.x on ether2-4 use .1 (the router) as gateway and can communicate with each other, then they must also be able to connect to anything else the router itself is able to connect to. That's what the masquerade does, anything going out via ether1 will use 172.19.59.253 as source address.

I can ping and access devices from any to any network, the only problem is PPPOE connections that are not working.

While i'm waiting for new thoughts from you guys to help me out with my case, i managed to setup DHCP servers for the networks, it worked and i can ping from any to any network but still can not make any PPPOE connections at all.
So this is my new setup with the DHCP servers

I don't know what exactly you edited in original post, but now it sounds as if you want to have devices connected to ether2-5 act as independent PPPoE clients and be able to connect to ISP's PPPoE server? I'm far from being PPPoE expert, but I don't think it's routable. And if I'm not completely missing the point (that's entirely possible), I don't really understand what you're trying to do, why would you need a router at all if it would not be actually routing anything? And if ether1 goes to ISP, why does it have IP address at all, shouldn't there be PPPoE client on other1? Yep, I probably don't understand your requirements at all.

I'm all open to your suggestions, what i have edited in my original post is the "class c" sentence which i have removed from the post.

Let me rearrange for you:
1- I have a main switch that is connected to my ISP.
2- I have branch switches connected to the main switch.
3- I have computers connected to the branch switches.
4- My IP range is 172.19.59.0/24, so these are 254 address.
5- I have used over 120 address so far (I will run out of IPs soon).
6- My internet connection is PPPOE service.
7- The computers should be able to communicate between them in order to access shared folders, servers and printers.
That's it!!

So basically, i wanted to creat new networks for future growth, these networks should be able to communicate between each others if possible, and the clients should be able to establish PPPOE connection on their computers.

I hope that i made it clear this time.

I will remove the IP from the ether1 by tommorow and see the results.

Since all i do now is only testing by keep trying so many times to solve this issue i managed some times to reset the router to default settings and start over again.

I have just realized that somehow i changed the IPs of ether2, 3, 4 from 172.19.x.x to 192.168.x.x

Sorry for this inconvenience, and i hope you will bare with me friends.

Thank you...

Sorry, still not clear. Where in your config is PPPoE and how many of PPPoE connections do you need? If it's just one on main router, then it's regular WAN and you can put as many private subnets behind it as you want. If it should be more from different devices, then I don't think you can have router between them and ISP. And regarding addresses, unless you're masking your real public addresses, 172.19.59.0/24 is private subnet anyway. Public addresses are scarse, but there's enough private ones for everyone, there should be no problem getting bigger subnet from ISP.

PPPOE server is on the ISP side not mine. I understand from you that i can not put a router between clients and PPPOE server, is that correct?

I believe so. But I still don't understand the whole thing. You have 172.19.59.0/24 on your router's ether1, you even have default gateway from this subnet, so it looks like regular config without PPPoE. You can also have PPPoE client on ether1 on top of that (I didn't test it, but I don't see why not), but it gets own IP address from ISP, doesn't it? And even if number of addresses you can get from ISP is somehow limited to /24 (so 256 addresses at most), how would your routing help if you'd have more PPPoE clients than that? I'm probably still missing something.

I believe so. But I still don't understand the whole thing. You have 172.19.59.0/24 on your router's ether1, you even have default gateway from this subnet, so it looks like regular config without PPPoE. You can also have PPPoE client on ether1 on top of that (I didn't test it, but I don't see why not), but it gets own IP address from ISP, doesn't it? And even if number of addresses you can get from ISP is somehow limited to /24 (so 256 addresses at most), how would your routing help if you'd have more PPPoE clients than that? I'm probably still missing something.

Have you tested a PPPOE connection before? I think the PPPOE server can be located anywere in the network as far as it can be reached by the clients, and the ip of the pppoe connection can be "tottaly" different than the network of the clients.

My network is a port on a cisco switch on my ISP side, it is port 11, port 10 has different network (172.19.58.0/24), port 12 (172.19.60.0/24), port 13 (172.19.61.0/24), so each port has it's /24 network for the costumers.

My ISP refused to change the subnet to something else like /23 or /22 because these networks are already in use by others. I think i can keep trying with them but why not to do it the way i described in my post here?

So far, the setup is working, i can ping any address from any network and i can access each devices on the network without any issue, the only problem is the PPPOE connection only.

To quote myself:

I'm far from being PPPoE expert, ...

So I did prepare alibi earlier. But of course I've seen PPPoE before and I did test it. The key point is this:

I think the PPPOE server can be located anywere in the network as far as it can be reached by the clients, ...

As far as I can tell, PPPoE works directly over ethernet and its parent interface doesn't need any IP address at all. That's why I'm wondering what exactly does 172.19.59.0/24 on your ether1. PPPoE server can definitely be anywhere, if the whole network would be bridged/switched. But if there's router between client and server, with two independent interfaces (different L2 subnets), I don't see how it could pass between them. You write about other subnets in your network, they can make sense for your management purposes, but PPPoE itself doesn't need them. And it's not clear how you do it, if it's multiple L2 subnets (then I'd be wrong) or if you just have multiple IP/L3 subnets in same L2 subnet.

Is there any PPPoE expert hanging around? Give us a hand...

Edit: Sorry, on another look, those other IP subnets are for other clients, not yours, right? But it doesn't really change anything. If PPPoE clients get addresses directly from ISP (something different than 172.19.59.0/24), then there shouldn't be any problem, they don't depend on that /24. And if you need IP subnet to manage clients, it could be anything you choose, not necessarily that /24 from ISP.

Well, experts... you are right A PPPoE client must see the PPPoE server at L2. The PPPoE server may assign any IP address to the client, and it is a /32 address, so not related to any subnet. As the "internal" communication between the client and the server flows on L2, no routing between them is possible, the client and server don't address the control and transport packets for each other using IP addresses but using MAC addresses and some PPPoE-specific identification fields.

Watched from outside, it is an L3 point-to-point link between the client and the server (albeit tunnelled via a point-to-multipoint network), so the gateway may be the interface name, and the "remote IP" also provided by the server is only necessary where you specially need to use an IP address as a gateway.

So if you want to translate the addresses assigned to PPPoE clients by the server into a range you'd like them to be, it is essentially impossible unless you would split the client-server relationship into two by setting up your own PPPoE server and letting the clients connect to that one, and for each real client have a ghost one to connect to the real server in the real client's name. In such arrangement you would have an L3 playground between the local PPPoE client and server where you could translate IP addresses. But you'd have a tough time doing that as the PPPoE server might not be happy about having several client connections from the same MAC address, and unless it happens automatically under the hood once you attach two PPPoE clients to the same interface, there is no way in RouterOS to assign a specific MAC address to a PPPoE client instance.

Okay, after reading your posts i decided to rethink the idea based on L2 setup, so i made a bridge and added the ports to that bridge, the PPPOE connection is working just fine, then i added the addresses but this time static ones since DHCP don't work on slave ports, then i added the NAT and i can ping between networks just fine
One thing to concern is that when making a PPPOE connection you can not ping to other networks unless you disconnect the PPPOE connection.

So, i guess i must deal with static IP's to make this thing work, or if any of you guys knows how to overcome this issue it would be really nice to share your knowledge with us.
Thanks for everyone for supporting me, i really appreciate all your efforts to help me out to solve this issue, thanks again...

Access to other networks with PPPoE connected is just a matter of adding proper routes. When PPPoE is used as default gateway, you're on device with 192.168.2.x and you want to connect to 192.168.3.x, it will be routed to default gateway like anything else. And ISP has no idea where your 192.168.3.x is. So you need a route: When you have interfaces in bridge, IP address(es) should be on bridge too. It's a small mistake, because they work on slave ports too, but it's not correct to have them there.

You can also have larger subnet (/23, /22, ...) and then you wouldn't have to worry about routing.

Even DHCP might be possible. I don't know if 172.19.59.0/24 also uses DHCP (with server on ISP's router, I'd assume). If not, then just add DHCP server with larger subnet to bridge and that's it. If ISP does have DHCP, you'd have to isolate them. It's possible with bridge filters, but I'm not exactly sure about DHCP server on same router where bridge is. My first guess is that it's possible, but I didn't test it.