Page 1 of 1

one cable two wireless ISP

Posted: Sat Sep 05, 2020 2:38 pm
by masoud80kg
hey guys
Here is the problem: I have one RB4011, one cable, two transparent wireless Dishes from two separate ISP with different public IP addresses.
What should I do to avoid adding one more cable?

Re: one cable two wireless ISP

Posted: Sat Sep 05, 2020 5:56 pm
by masoud80kg
Please, any clue would be enough.

Re: one cable two wireless ISP

Posted: Sat Sep 05, 2020 9:20 pm
by Sob
If you want to connect two devices using one cable, then simple answer is switch, but you might have suspected that already. If you hope for more useful answer, you'll have to provide more info.

Re: one cable two wireless ISP

Posted: Sun Sep 06, 2020 12:38 pm
by DennisF
Best way will be to use a switch

Re: one cable two wireless ISP

Posted: Mon Sep 07, 2020 12:59 am
by anav
Not sure if what you said makes any sense?
A wireless ISP with dish provided you a dish and modem and not a cable?
A wireless ISP with dish provided you a dish and modem and spliced into the cable coming from the other modem of the other ISP??

I hope you can quickly see one can have no idea what your are talking about.

What I would assume is you have two cables coming from the two providers and wish to make it one cable?
If so Why? Its best to ingest the two cables from their modem into two different ports on your router (two wan ports then).

Re: one cable two wireless ISP

Posted: Mon Sep 07, 2020 9:32 am
by masoud80kg
Sorry if I didn't provide a clear explanation.
A few days ago we added 2 more WAN links to our network, and It's really difficult to add two more cables up to the rooftop. So I decided to move PoE adapters and a L2 SW near dishes.
I don't have any idea about how to setup ether1 to use these WAN connections in PCC in. out. interface. should I use, I don't know, maybe VLAN, Virtual Ethernet, or anything else?
I'm new to Mikrotik, sorry if it's a stupid question.
Image

Re: one cable two wireless ISP

Posted: Mon Sep 07, 2020 10:46 am
by ingdaka
In this case you should place an managed switch to dishes! And setup every in port in switch from dish(es), as VLAN access, 3 different VLAN-s and setup port that connect to mikrotik as trunk. Then on mikrotik you create 3 vlan subinterfaces and then you have 3 "WAN" interfaces!

Re: one cable two wireless ISP

Posted: Mon Sep 07, 2020 5:21 pm
by anav
Very nice solution!!!
- and make sure you have surge arresters on the ethernet coming from all three dishes before the cables hit the switch and ensure switch is grounded.

Re: one cable two wireless ISP

Posted: Wed Sep 16, 2020 3:42 pm
by masoud80kg
After a few days struggling with VLAN concept, finaly came up with these blockes of code by customizing pcunite VLAN tutorial.


"RoofTop Switch" with ports 1-4 (dishes and branch office) for access and port 5 for trunking (VLAN Security not implemented)
# create one bridge, set VLAN mode off while we configure
/interface bridge add name=BR1 protocol-mode=none vlan-filtering=no

##########################
# -- Access Ports --
##########################
# ingress
/interface bridge port

# WANs and BranchOffice VLAN
add bridge=BR1 interface=ether1 pvid=10
add bridge=BR1 interface=ether2 pvid=20
add bridge=BR1 interface=ether3 pvid=30
add bridge=BR1 interface=ether4 pvid=40

# egress
/interface bridge vlan

# WAN1, WAN2, WAN3, BranchOffice VLAN
add bridge=BR1 untagged=ether1 vlan-ids=10
add bridge=BR1 untagged=ether2 vlan-ids=20
add bridge=BR1 untagged=ether3 vlan-ids=30
add bridge=BR1 untagged=ether4 vlan-ids=40

###########################
# -- Trunk Ports --
###########################

# ingress
/interface bridge port

# Trunk. Leave pvid set to default of 1
add bridge=BR1 interface=ether5

# egress behavior
/interface bridge vlan

# Trunk. L2 switching only, Bridge not needed as tagged member (except MGMT_VLAN)
set bridge=BR1 tagged=ether5 [find vlan-ids=10]
set bridge=BR1 tagged=ether5 [find vlan-ids=20]
set bridge=BR1 tagged=ether5 [find vlan-ids=30]
set bridge=BR1 tagged=ether5 [find vlan-ids=40]
set bridge=BR1 tagged=BR1,ether5 [find vlan-ids=99]

#######################################
# IP Addressing & Routing
#######################################

# LAN facing Switch's IP address on a MGMT_VLAN
/interface vlan add interface=BR1 name=MGMT_VLAN vlan-id=99
/ip address add address=192.168.99.2/24 interface=MGMT_VLAN

# The Router's IP this switch will use
/ip route add distance=1 gateway=192.168.99.1

#######################################
# MAC Server settings
#######################################

# Ensure only visibility and availability from MGMT_VLAN, the MGMT network
/interface list add name=MGMT
/interface list member add interface=MGMT_VLAN list=MGMT
/ip neighbor discovery-settings set discover-interface-list=MGMT
/tool mac-server mac-winbox set allowed-interface-list=MGMT
/tool mac-server set allowed-interface-list=MGMT

#######################################
# Turn on VLAN mode
#######################################
/interface bridge set BR1 vlan-filtering=yes


and the main router (VLAN aware firewall not implemented)
# create one bridge, set VLAN mode off while we configure
/interface bridge add name=BR1 protocol-mode=none vlan-filtering=no

#######################################
# -- WANs VLAN Interfaces --
#######################################
/interface vlan add interface=BR1 name=WAN1 vlan-id=10
/ip address add address=x.x.x.254/30 interface=WAN1

/interface vlan add interface=BR1 name=WAN2 vlan-id=20
/ip address add address=y.y.y.130/30 interface=WAN2

/interface vlan add interface=BR1 name=WAN3 vlan-id=30
/ip dhcp-client add interface=WAN3 disabled=no

/interface vlan add interface=BR1 name=BranchLAN vlan-id=40
/ip address add address=192.168.40.1/24 interface=BranchLAN
#######################################
# -- Access Ports --
#######################################
# ingress
/interface bridge port
# WAN1, WAN2, WAN3 & BranchLAN VLAN
add bridge=BR1 interface=WAN1 pvid=10
add bridge=BR1 interface=WAN2 pvid=20
add bridge=BR1 interface=WAN3 pvid=30
add bridge=BR1 interface=BranchLAN pvid=40
#######################################
# -- Trunk Ports --
#######################################
# ingress
/interface bridge port
# Trunk. Leave pvid set to default of 1
add bridge=BR1 interface=ether1
# egress
/interface bridge vlan
# Trunk. These need IP Services (L3), so add Bridge as member
add bridge=BR1 untagged=WAN1 tagged=BR1,ether1 vlan-ids=10
add bridge=BR1 untagged=WAN2 tagged=BR1,ether1 vlan-ids=20
add bridge=BR1 untagged=WAN3 tagged=BR1,ether1 vlan-ids=30
add bridge=BR1 untagged=BranchLAN tagged=BR1,ether1 vlan-ids=40
add bridge=BR1 tagged=BR1,ether1 vlan-ids=99
#######################################
# IP Addressing & Routing
#######################################
# LAN facing router's IP address on the MGMT_VLAN
/interface vlan add interface=BR1 name=MGMT_VLAN vlan-id=99
/ip address add address=192.168.99.1/24 interface=MGMT_VLAN

# router's gateway provided by ISP1
/ip route add distance=1 gateway=x.x.x.253
# router's gateway provided by ISP2
/ip route add distance=1 gateway=y.y.y.129
#add script for DHCP # router's gateway provided by ISP3
/ip route add distance=1 gateway=192.168.1.1
#BranchOffice P2P router's gateway
/ip route add distance=1 gateway=192.168.40.2
#######################################
# IP Services
#######################################
# BranchLAN VLAN interface creation, IP assignment, and DHCP service
/ip pool add name=BranchLAN_POOL ranges=192.168.40.2-192.168.40.254
/ip dhcp-server add address-pool=BranchLAN_POOL interface=BranchLAN name=BranchLAN_DHCP disabled=no
/ip dhcp-server network add address=192.168.40.0/24 dns-server=192.168.0.1 gateway=192.168.40.1

# Optional: Create a DHCP instance for MGMT_VLAN. Convenience feature for an admin.
/ip pool add name=MGMT_POOL ranges=192.168.99.10-192.168.99.254
/ip dhcp-server add address-pool=MGMT_POOL interface=MGMT_VLAN name=MGMT_DHCP disabled=no
/ip dhcp-server network add address=192.168.99.0/24 dns-server=192.168.0.1 gateway=192.168.99.1

#######################################
# Firewalling & NAT
# A good firewall for WAN. Up to you
# about how you want LAN to behave.
#######################################
# Use MikroTik's "list" feature for easy rule matchmaking.
/interface list add name=WAN
/interface list add name=VLAN
/interface list add name=MGMT
/interface list member
add interface=WAN1     list=WAN
add interface=WAN2    list=WAN
add interface=WAN3     list=WAN
add interface=MGMT_VLAN  list=VLAN
add interface=WAN1  list=VLAN
add interface=WAN2  list=VLAN
add interface=WAN3   list=VLAN
add interface=BranchLAN   list=VLAN
add interface=MGMT_VLAN  list=MGMT
##################
# NAT
##################
/ip firewall nat add chain=srcnat action=masquerade out-interface-list=WAN1
/ip firewall nat add chain=srcnat action=masquerade out-interface-list=WAN2
/ip firewall nat add chain=srcnat action=masquerade out-interface-list=WAN3
#######################################
# VLAN Security
#######################################
# Only allow packets with tags over the Trunk Ports
/interface bridge port
set bridge=BR1 ingress-filtering=yes frame-types=admit-only-vlan-tagged [find interface=ether1]
#######################################
# MAC Server settings
#######################################
# Ensure only visibility and availability from MGMT_VLAN, the MGMT network
/ip neighbor discovery-settings set discover-interface-list=MGMT
/tool mac-server mac-winbox set allowed-interface-list=MGMT
/tool mac-server set allowed-interface-list=MGMT
#######################################
# Turn on VLAN mode
#######################################
/interface bridge set BR1 vlan-filtering=yes

Re: one cable two wireless ISP

Posted: Wed Sep 16, 2020 3:53 pm
by masoud80kg
After that, I did a PCC load-balancing using this tutorial in main router.
#Policy routing
/ ip firewall mangle
add chain=prerouting dst-address=x.x.x.252/30 action=accept in-interface=BrLAN
add chain=prerouting dst-address=y.y.y.128/30 action=accept in-interface=BrLAN
add chain=prerouting dst-address=192.168.10.0/24 action=accept in-interface=BrLAN
#With policy routing it is possible to force all traffic to the specific gateway, even if traffic is destined to the host (other that gateway) from the connected networks.
#This way routing loop will be generated and communications with those hosts will be impossible.
#To avoid this situation we need to allow usage of default routing table for traffic to connected networks.
add chain=prerouting in-interface=WAN1 connection-mark=no-mark action=mark-connection new-connection-mark=WAN1_conn
add chain=prerouting in-interface=WAN2 connection-mark=no-mark action=mark-connection new-connection-mark=WAN2_conn
add chain=prerouting in-interface=WAN3 connection-mark=no-mark action=mark-connection new-connection-mark=WAN3_conn
#First it is necessary to manage connection initiated from outside - replies must leave via same interface (from same Public IP) request came.
#We will mark all new incoming connections, to remember what was the interface.
add chain=prerouting in-interface=BrLAN connection-mark=no-mark dst-address-type=!local per-connection-classifier=both-addresses:5/0 action=mark-connection new-connection-mark=WAN1_conn 
add chain=prerouting in-interface=BrLAN connection-mark=no-mark dst-address-type=!local per-connection-classifier=both-addresses:5/1 action=mark-connection new-connection-mark=WAN2_conn
add chain=prerouting in-interface=BrLAN connection-mark=no-mark dst-address-type=!local per-connection-classifier=both-addresses:5/2 action=mark-connection new-connection-mark=WAN3_conn
add chain=prerouting in-interface=BrLAN connection-mark=no-mark dst-address-type=!local per-connection-classifier=both-addresses:5/3 action=mark-connection new-connection-mark=WAN2_conn
add chain=prerouting in-interface=BrLAN connection-mark=no-mark dst-address-type=!local per-connection-classifier=both-addresses:5/4 action=mark-connection new-connection-mark=WAN3_conn
#Action mark-routing can be used only in mangle chain output and prerouting, but mangle chain prerouting is capturing all traffic that is going to the router itself.
#To avoid this we will use dst-address-type=!local.
#And with the help of the new PCC we will divide traffic into two groups based on source and destination addressees.
add chain=prerouting connection-mark=WAN1_conn in-interface=BrLAN action=mark-routing new-routing-mark=to_WAN1
add chain=prerouting connection-mark=WAN2_conn in-interface=BrLAN action=mark-routing new-routing-mark=to_WAN2
add chain=prerouting connection-mark=WAN3_conn in-interface=BrLAN action=mark-routing new-routing-mark=to_WAN3
add chain=output connection-mark=WAN1_conn action=mark-routing new-routing-mark=to_WAN1
add chain=output connection-mark=WAN2_conn action=mark-routing new-routing-mark=to_WAN2
add chain=output connection-mark=WAN3_conn action=mark-routing new-routing-mark=to_WAN3
#Then we need to mark all packets from those connections with a proper mark.
#As policy routing is required only for traffic going to the Internet, do not forget to specify in-interface option.
/ ip route
add dst-address=0.0.0.0/0 gateway=x.x.x.253 routing-mark=to_WAN1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=y.y.y.129 routing-mark=to_WAN2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.10.1 routing-mark=to_WAN3 check-gateway=ping
#Create a route for each routing-mark
add dst-address=0.0.0.0/0 gateway=x.x.x.253 distance=2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=y.y.y.129 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.10.1 distance=3 check-gateway=ping
#To enable failover, it is necessary to have routes that will jump in as soon as others will become inactive on gateway failure. (and that will happen only if check-gateway option is active)
#NAT
/ ip firewall nat 
add chain=srcnat out-interface=WAN1 action=masquerade
add chain=srcnat out-interface=WAN2 action=masquerade
add chain=srcnat out-interface=WAN3 action=masquerade

Re: one cable two wireless ISP

Posted: Wed Sep 16, 2020 4:30 pm
by masoud80kg
I did a bandwidth test with "RoofTop Switch", and also a download test and It works like a charm. Thanks, to ingdaka and anva.
But there is a problem with VoIP remote users. Their softphones can't reach the VoIP server with IP 192.168.0.2:5060 right after PCC implementation.
Image

I did lots of searches but didn't find a clear guide or youtube video that helps me figure out the problem.
Also, have a question about how to queue VoIP and other traffic using a queue tree, despite all the packets being marked in the first place for PCC to works.

Please somebody help me, I'm begging you :d. Right now I do not have time for further research and learning, but definitely I will do later.

Re: one cable two wireless ISP

Posted: Wed Sep 16, 2020 5:12 pm
by sindy
As a quick fix, you have to exclude the traffic of the VoIP phones from the PCC process, by assigning the same connection-mark (choosing one of the WANs) to all traffic from the VoIP phones by a rule which is placed before the PCC ones and matches e.g. on a src-address-list which contains all the addresses of the phones.

As for translating connection-marks to both routing-marks (to choose a WAN) and packet-marks (to choose a queue), you have to use composite connection-marks as only one can be assigned to a connection at a time. See this earlier post.

Re: one cable two wireless ISP

Posted: Wed Sep 23, 2020 8:38 pm
by masoud80kg
Finally, this mini-guide solved my VoIP problem (No VoIP over PCC).

Re: one cable two wireless ISP

Posted: Wed Sep 23, 2020 9:14 pm
by neutronlaser
I would think another wire would be much easier than days of figuring this out. It is something to consider. You could consider the cost of an extra wire vs. the expert time needed to figure this out. This is something to think about. This is not a very short answer.