MikroTik

Hi,

I've just bought a RB2011UiAS-2HnD-IN.

For my home wired configuration, I need to put the WAN ethernet cable (come from an Ubiquiti PoE Antenna provides me internet) in ethernet port 10, to power by PoE the antenna.

In my router default wan port is ether1. So how can I change this configuration using RouterOS graphic interface?

Thanks in advance.

Kind regards
Giuseppe

In RouterOS there is no such thing as "WAN" port per se. It is just a port that has DHCP-client enabled and firewall rules protect it. So if you would go to the DHCP client menu and change the interface there, then go to "firewall filter" and change interface there also, I think that would be all.

Yes, I know there isn't a WAN port, I wrote WAN for semplicity.
However, in Interface tab in routerOS, ether1 is described as "Ether1-gateway" so I thougth it's default port to connect internet, isn't it?
Maybe changing configuration as you described, will change it?

Anyway, thanks for your replay, I will try this configuration.

Bye

In RouterOS there is no such thing as "WAN" port per se. It is just a port that has DHCP-client enabled and firewall rules protect it. So if you would go to the DHCP client menu and change the interface there, then go to "firewall filter" and change interface there also, I think that would be all.

You probably also would need to remove the new port from any bride/master-port configuration

But in Quick config TAB ... I simply CANT setup Wan port to ether10
only ether1 and sfp1 port is active to setup

router os v 6.34

That is something that just about everybody faces, yet I can not find logical "How to..."

Anybody?

sebus

Anybody?

What exactly are you looking for? Read what normis and Rudios have written above- that's about all you need to do.
Please note that this clearly goes beyond the "basic setup" thing, so there's no chance you can do this via the QuickSet window.

All I need to do is make "WAN" port being Eth9.
There is NO need to waste Gig port for WAN connection (that is at most 72Mb) - hence this should be easily user changeable!

So I can change DHCP client/NAT/FW rules/neighbour discovery/master on Eth 9, but in QuickSet window there is still ONLY Eth1/SFP1 as only options.

Default config (from /export) does NOT have anything related to Eth1 as WAN port

sebus

So what?
Use Winbox.

As I said above, you will have to forget about QuickSet forever (and configure you router using the regular means from now on) if you need to use another port as your WAN connection.

In the default configuration of your device ether9 is a slave interface with master-port set set ether6, so the first thing you have to do is to set master-port to none for ether9 (while there you can also consider renaming ether9 to ether9-gateway or whatever for clarity). Having done that, you can proceed with editing you /ip firewall filter, /ip firewall nat, /ip dhcp-client, etc.

I am sorry, but if that is the case then it is a bug (at least in interface!)

I do know what to change, but none of the changes do get reflected in QuickSet (which obviously is wrong)

Again, WAN port swap should be really basic step, as most users would need it (or change the defaults in firmware)

EDIT:

Is following correct (as per this):
ether1it isn't wired to the switch chip. Therefore it can't be switched with ether2-ether5, unless a bridge port is manually configured

That would explain why Gig port is wasted for WAN...

No, it is not a bug, it is a limitation in the feature set. Quickset is designed to do a very limited set of simple alterations to a standard configuration for the benefit of people who understand little if anything about routing. What you want to do is not in the"Simple" class of alterations that the tool was conceived to accommodate.

To do what you want, you can use either Winbox for Webfig, both of which give you full control over the internals of the router.



Sent from my iPhone using Tapatalk

Swapping wan port can definitely be a bit more complicated than you believe. Also imagine that the whole group of ports 6-10 share one single 100mbit line to cpu. Maybe it is not wasting to use one of gigabits as wan even it is 70 mbits.

Your lack of knowledge is not a bug of a system you refused to understand.

Also imagine that the whole group of ports 6-10 share one single 100mbit line to cpu. Maybe it is not wasting to use one of gigabits as wan even it is 70 mbits.

In fairness, he did want to use the POE out feature on port 10. still, this is basically a design quibble over what features he thinks should have been included in Quickset versus what features the designers thought should be included.


Sent from my iPhone using Tapatalk

@jarda, how can you asses my knowledge? From a single question that there is no clear answer to? Just use search & see how many people asked same question over the years...
To me it is a bug/bad design, no matter what you think.
Could you also consider that is the user that decides what is or not "waste" in their environment?

Swapping ports is not really difficult. I get paid for doing it...

a limitation in the feature set = bad software design

s limitation in the feature set = bad software design

Not always, as a glance at Microsoft word will bear out. Sometimes, limits to a features set are good design when the purpose of the interface is to enable an untrained user (such as a person who buys a router for his home use) to make simple changes without shooting himself in the foot.

You have two professional grade tools which allow you to do exactly what it is you want to do. It's not necessarily advantageous to add that function to the watered-down interface designed for novices.


Sent from my iPhone using Tapatalk

none of the changes do get reflected in QuickSet (which obviously is wrong)

They are not supposed to. QuickSet is a one-way thing. You cannot expect anything not directly supported by QuickSet to be reflected in QuickSet (when you change that elsewhere). In general, QuickSet is a simple way for an inexperienced user to quickly apply some typical configuration to his/her device. Once deviated from what QuickSet provides, you cannot expect to be able to easily go back.

Is following correct (as per this):
ether1it isn't wired to the switch chip. Therefore it can't be switched with ether2-ether5, unless a bridge port is manually configured

For RB2011 it's not. It is correct, however, for some other (mostly outdated/discontinued) devices. More info here.

Good design would be to just show what the user chose to be the WAN IF user did make the change.
Really simple. It would be good for either condition then. Or disable QuickSet IF user made changes elsewhere.

As it is now, it simply looks confusing

Good design would be to just show what the user chose to be the WAN IF user did make the change.

Let me repeat this again (if you have not understood that yet): there is no such thing as a WAN port in general. I used to use a good-old-tiny RB750GL (which is also considered a SOHO-class device) for inter-office routing between 5 semi-isolated networks. All 5 ports were independent (i.e. no switching) and none of them was WAN-facing port.

Calling some port "WAN port" is just a matter of convenience. Changing what port QuickSet considers WAN is not withing the scope of "basic setup". A more experienced users do not usually call any port "WAN port".

There should not be any quickset at all... Even it is well meaned, it provocates such users to overestimate their expectations and then to be disappointed.

Of course the is no WAN port, what are we to call it then?

OK, shall we call it then DHCP client enabled port that connects to ISP?

Come on, it is WAN designated port after all

Of course one can route whatever to wherever (that is the purpose of a router), but in home use it is most likely routing to WAN internet

No QuickSet would be a better option! Or at least an user option to turn it OFF, so it does NOT display

I still not now know whats the logic in QuickSet interface to reset itself to Bridge (and not Router) if WAN port changes are made elsewhere

@andriys, Why to defend something that really makes no sense?

I am not defending the quickset. I am maybe the biggest opponent of the quickset here on the forum.

Think about QuickSet as simple initial setup wizard. The only problem is that it may look as something more, which it isn't.

Hi,

@Sebus, calm down man, andriys,macsrwe and jarda have explained very well purpose of Quick Set. As an adition would like to point out hardware schema for your RB:
https://i.mt.lv/routerboard/files/Block ... S-2HnD.pdf

I do not want to continue that discution about Quick Set but i suggest to forget about Quick Set and move on; in order to do more complex setups ( like you want and in the future i am pretty sure that would be similar situations) you have to learn to use a lot of options from left menu.

Now, back to your situation. In order to make ether9 main port for internet connection from your ISP ( WAN port as you preffer ) you have to do the following ( i am not a fan of WebFig i am used to use Winbox):

a. since ether9 comes by default in second chip and it has been assigned ether6 as a master port,
you have to remove it from ether6 master port and make it as a standalone port

1. After you logged in via WebFig, from the left menu click on option INTERFACES;
2. then click on ether9 port description ( ether9 );
3. new window will appear from where you have to:
a. if you want to rename interface ether9 to something else like WAN you should do it into name field;
b. on master-port option select drom drop-down menu NONE.
4. hit the "OK" button.

b. now you have ether9 as a standalone port for your WAN purpose. Now you have to assign it ip address from your ISP.
For the sake of example i will presume that you have a public static ip as follows
public ip from ISP: 1.2.3.4/32,
netmask 255.255.255.0,
network 1.2.3.0,
gateway: 1.2.3.1 (will be added automatically for you into routing table -> IP Routes )

From the left menu click on IP option then on ADDRESSES
A. If you have already configured your ISP ip to ether1

a. from the right side, click on ether1 name;
b. from window open select from interface drop-down list ETHER9 instead of ether1;
c. click on "OK" button.

B. If you have not configured already your ISP public address

a. from the right side, click on "Add New" button;
b. into the new window fill in address as follows ( from our example ):
1. Address: 1.2.3.4/32
2. Network: 1.2.3.0
3. Interface: select ether9 from drop-down list
4. hit "ok" button

c. modify NAT rule from you firewall in order to reflect new changes

1. from left menu select IP option then FIREWALL;
2. in the right sie, click on NAT tab from above;
3. i am pretty sure that nat rule it has been already there but defined as out interface for ether1;
4. click on first rule ( where below ACTION head table is writen down MASQUERADE );
5. new window appear, on interface option select ETHER9 from drop-down list;
6. hit "OK" button.

There are other rules into FILTER tab that need to be modified from switching ether1 to ether9. You have to modify them by yourself.

Now you are done; you have managed to configure ether9 as your WAN port, assigned it public ip from your ISP and
assured that nating is defined/working on your new "WAN" interface.

I am pretty sure that you may have other questions too but as an advice, if i may, on future please post here your router configuration too in order for us to make a better understanding of your config and what you want to achieve resulting in a better or quick way to help you.
You can do that my copy&paste code after issuing /export hide-sensitive command into terminal window, la image below:



Hope it helps.

kind regards,

@andriys, Why to defend something that really makes no sense?

I see quickset rather useless. On the other hand I don't see any prospects of QuickSet being discontinued anytime soon, so I'd like it to remain as basic/simple as possible. The last thing I'd like Mikrotik to do is to spend their valuable development resources on improving things like QuickSet. Hope that clarifies.

Think about QuickSet as simple initial setup wizard. The only problem is that it may look as something more, which it isn't.

Indeed. Quickset is a configurator specifically designed for people who understand only how to configure standard SOHO routers like Belkin, Netgear, etc. On those routers, you don't have a choice of WAN port -- they give you one and you can take it or leave it. So does Quickset.

I see now of you see the point.
Quickset being what it is, it does not matter. But once the changes are made elsewhere it does show plain rubbish (Bridge not Router)

It is just BAD design, that is all!

That is all

Also do not forget that different people buy Netgear/D-link & different people buy Routerboard

You should use either ONLY Quickset, or ONLY the other menus. You can't use both, most of the time.

Hi,

@sebus, calm down man, andriys,macsrwe and jarda have explained very well purpose of Quick Set.

Now, back to your situation.

Thanks for pretty pictures, I hope they might help somebody asking that question again ( I am good)

You should use either ONLY Quickset, or ONLY the other menus. You can't use both, most of the time.

Thanks, but that is still bad design, especially that when using QS one still needs to use other menus for other settings

janus20
Thank You very very much for amazing help with all the pictures

It seems all working fine for me thank to You but ...


I got all ports 1-10 bridged

after I change masquerade to ether10 (in my case) red error appear on that nat rule
and other firewall rule red error appear too

error says : in/out-interface matcher not possible when interface (ether10) is a slave - use master intead (bridge1)

When I change masquarade from ether10 (as you advice) to bridge1 - its working
but question is ... is it right to set this to all ports bridged

same in firewall rules
Question: Is it right to (for example) block icmp from WAN on all bridged ports ... only on bridge1 ether1 and sfp1 error is not appear

Thanks for any word

ok solved
just need unbridge Internet port

greetings all

Your configuration just sounds fundamentally wrong.

If you bridge all ten ports, you are essentially operating a switch, not a router. Traffic into any port is going to find its way out any other port without intermediation.

If you bridge your WAN port to your PC port, you are essentially bypassing the router entirely and connecting your PC directly to the WAN. It's no wonder that you are not getting DHCP or masquerade from the router.

It sounds from this posting like you don't really understand the semantics of bridging and are using bridges improperly, particularly inserting them where they need not be. Perhaps you should explain to us what special effect you are trying to achieve, and perhaps post your configuration.

ok solved
just unbridge Internet port

thank you for a hint
greetings all