I am a newbie in Mikrotik system. Sorry for my english
In my workplace we have 3 ISP, eth1 (ISP1), eth2(ISP2) and eth4 (ISP3). I already configured the failover with both ISP. Everything is fine if eth1 and eth2 is up, but when I unplug eth1 and eth2, and plug eth4..devices that are connected to WIFI can't access the internet e.g. Youtube. Only my laptop that is connected to router can access the web. And also in Firewall-Mangle pppoe-out1 turns red. Where should look?
P.S This configuration was made by the previous IT guy and I cant contact him anymore. I need your help please
Failover Issue
Last edited by MrRey on Wed Mar 13, 2024 4:40 am, edited 1 time in total.
Re: Failover Issue
Could you please export your configuration here:
/export file name=anynameyouwish.rsc
/export file name=anynameyouwish.rsc
Re: Failover Issue
Complete reference/instructions for newbies:
viewtopic.php?t=203686#p1051720
viewtopic.php?t=203686#p1051720
Re: Failover Issue
and how many times will you do this in your lifetime jacklaz, LOL............ Tis where a first post process simply works!
@OP - a network diagram helps show which devices, which subnets, internet source and overall intentions.
The config as noted shows us where you are at currently trying to implement the diagram and the traffic flow requirements.
So the requirements are the key to ensuring a design makes sense.
a. identify all the users/devices that require traffic flow.
b. identify the types of traffic they will need.
@OP - a network diagram helps show which devices, which subnets, internet source and overall intentions.
The config as noted shows us where you are at currently trying to implement the diagram and the traffic flow requirements.
So the requirements are the key to ensuring a design makes sense.
a. identify all the users/devices that require traffic flow.
b. identify the types of traffic they will need.
Re: Failover Issue
Could you please export your configuration here:
/export file name=anynameyouwish.rsc
Please take a look.
Code: Select all
# mar/13/2024 08:33:43 by RouterOS 6.49.10
/caps-man channel
add band=2ghz-b/g/n control-channel-width=20mhz frequency=2412 name=\
Channel-2G
add band=5ghz-a/n/ac control-channel-width=20mhz frequency=5180 name=\
Channel-5G
/interface bridge
add admin-mac=06:6C:C4:1F:58:D0 auto-mac=no fast-forward=no name=\
"COM-AP Bridge"
/interface ethernet
set [ find default-name=ether1 ] l2mtu=1590 speed=100Mbps
set [ find default-name=ether2 ] l2mtu=1590 speed=100Mbps
set [ find default-name=ether3 ] disabled=yes l2mtu=1590 speed=100Mbps
set [ find default-name=ether4 ] disabled=yes l2mtu=1590 speed=100Mbps
set [ find default-name=ether5 ] l2mtu=1590 name=ether5-ACAD speed=100Mbps
set [ find default-name=ether6 ] l2mtu=1590 name=ether6-WCBS speed=100Mbps
set [ find default-name=ether7 ] l2mtu=1590 name=ether7-COM speed=100Mbps
set [ find default-name=ether8 ] l2mtu=1590 name=ether8-DMZ-FF speed=100Mbps
set [ find default-name=ether9 ] l2mtu=1590 name=ether9-AP speed=100Mbps
set [ find default-name=ether10 ] l2mtu=1590 name=ether10-CCTV speed=100Mbps
set [ find default-name=ether11 ] l2mtu=1590 speed=100Mbps
set [ find default-name=ether12 ] l2mtu=1590 speed=100Mbps
/interface pppoe-client
add add-default-route=yes comment="Ping to check eth1 internet" disabled=no \
interface=ether1 name=pppoe-out1 password=xxxxx use-peer-dns=yes user=\
xxxxx@onnet.b
/interface pptp-server
add name=pptp-in1 user=""
/interface eoip
add disabled=yes !keepalive mac-address=02:4D:D5:95:F1:90 mtu=1500 name=\
"Anglo31 EoIP" remote-address=134.236.150.231 tunnel-id=5
add !keepalive mac-address=02:7B:98:2E:85:19 name="Anglo64 EoIP" \
remote-address=x.x.x.x tunnel-id=6
/caps-man interface
add disabled=no mac-address=CC:2D:E0:79:13:5C master-interface=none name=cap1 \
radio-mac=CC:2D:E0:79:13:5C radio-name=CC2DE079135C
add disabled=no mac-address=CC:2D:E0:79:15:5C master-interface=none name=cap2 \
radio-mac=CC:2D:E0:79:15:5C radio-name=CC2DE079155C
add disabled=no mac-address=CC:2D:E0:79:13:5B master-interface=none name=cap3 \
radio-mac=CC:2D:E0:79:13:5B radio-name=CC2DE079135B
add disabled=no mac-address=CC:2D:E0:79:19:24 master-interface=none name=cap4 \
radio-mac=CC:2D:E0:79:19:24 radio-name=CC2DE0791924
add disabled=no mac-address=CC:2D:E0:79:19:23 master-interface=none name=cap5 \
radio-mac=CC:2D:E0:79:19:23 radio-name=CC2DE0791923
add disabled=no mac-address=CC:2D:E0:AA:C9:79 master-interface=none name=cap6 \
radio-mac=CC:2D:E0:AA:C9:79 radio-name=CC2DE0AAC979
add disabled=no mac-address=CC:2D:E0:AA:C9:78 master-interface=none name=cap7 \
radio-mac=CC:2D:E0:AA:C9:78 radio-name=CC2DE0AAC978
add disabled=no mac-address=CC:2D:E0:A5:58:8B master-interface=none name=cap8 \
radio-mac=CC:2D:E0:A5:58:8B radio-name=CC2DE0A5588B
add disabled=no mac-address=CC:2D:E0:A5:58:8A master-interface=none name=cap9 \
radio-mac=CC:2D:E0:A5:58:8A radio-name=CC2DE0A5588A
add disabled=no mac-address=CC:2D:E0:7C:5B:03 master-interface=none name=\
cap10 radio-mac=CC:2D:E0:7C:5B:03 radio-name=CC2DE07C5B03
add disabled=no mac-address=CC:2D:E0:7C:5B:02 master-interface=none name=\
cap11 radio-mac=CC:2D:E0:7C:5B:02 radio-name=CC2DE07C5B02
/caps-man datapath
add bridge="COM-AP Bridge" name=AP
add name=nopass
/caps-man configuration
/ip pool
add name=ITpool10.6464 ranges=10.64.64.5-10.64.64.30
add name=CCTVPool2 ranges=10.20.2.1-10.20.2.254
add name=APPool2 ranges=10.10.2.1-10.10.2.254
add name=DMZPool ranges=10.0.5.100-10.0.5.254
add name="COM-AP Pool 2" ranges=10.0.2.1-10.0.3.244
add name=L2TPCCTV ranges=10.21.0.1-10.21.0.20
add name=VPN ranges=10.0.3.245-10.0.3.254
/ip dhcp-server
add address-pool=ITpool10.6464 authoritative=after-2sec-delay disabled=no \
interface=ether3 lease-time=8h name="IT Network"
add address-pool=DMZPool authoritative=after-2sec-delay disabled=no \
interface=ether8-DMZ-FF lease-time=8h name="DMZ-Firefly Network"
/ip pool
add name="COM-AP Pool 1" next-pool="COM-AP Pool 2" ranges=\
10.0.0.100-10.0.1.254
add name=APPool1 next-pool=APPool2 ranges=10.10.1.1-10.10.1.254
add name=CCTVPool1 next-pool=CCTVPool2 ranges=10.20.1.1-10.20.1.254
/ip dhcp-server
add address-pool="COM-AP Pool 1" authoritative=after-2sec-delay disabled=no \
interface="COM-AP Bridge" lease-time=8h name="COM-AP Network"
add address-pool=APPool1 authoritative=after-2sec-delay lease-time=8h name=\
"AP Network"
add address-pool=CCTVPool1 authoritative=after-2sec-delay disabled=no \
interface=ether10-CCTV lease-time=8h name="CCTV Network"
/ppp profile
add dns-server=x.x.x.1,8.8.8.8 local-address=x.x.x.x name=VPN \
remote-address=APPool1 use-compression=yes use-encryption=yes use-mpls=\
yes
add change-tcp-mss=yes dns-server=x.x.x.x,8.8.8.8 local-address=x.x.x.x \
name=cctv remote-address=L2TPCCTV use-encryption=yes
/queue simple
add disabled=yes max-limit=5M/5M name=gold target=
add disabled=yes max-limit=1M/1M name=queue3 target=
add max-limit=5M/5M name=queue4 target=x.x.x.x/32
/queue tree
add disabled=yes name=queue1 parent=global
/queue type
add kind=pcq name=pcq_up pcq-classifier=dst-address pcq-dst-address6-mask=64 \
pcq-rate=10M pcq-src-address6-mask=64
add kind=pcq name=pcq_down pcq-classifier=dst-address pcq-dst-address6-mask=\
64 pcq-rate=20M pcq-src-address6-mask=64
/queue simple
add disabled=yes name=queue1 queue=pcq_up/pcq_down target="COM-AP Bridge"
/dude
set enabled=yes
/interface bridge port
add bridge="COM-AP Bridge" interface=ether5-ACAD
add bridge="COM-AP Bridge" hw=no interface=ether6-WCBS
add bridge="COM-AP Bridge" interface=ether7-COM
add bridge="COM-AP Bridge" interface=ether11
add bridge="COM-AP Bridge" interface=ether9-AP multicast-router=disabled
/interface bridge settings
set allow-fast-path=no
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface l2tp-server server
set enabled=yes
/interface pptp-server server
set enabled=yes
/ip address
add address=x.x.x.x/24 interface=ether3 network=x.x.x.x
add address=x.x.x.x/24 interface=ether2 network=x.x.x.x
add address=x.x.x.x/24 interface=ether8-DMZ-FF network=x.x.x.x
add address=x.x.x.x/16 disabled=yes network=x.x.x.x
add address=x.x.x.x/16 interface=ether10-CCTV network=x.x.x.x
add address=x.x.x.x/22 interface="COM-AP Bridge" network=x.x.x.x
add address=x.x.x.x/24 interface="Anglo31 EoIP" network=x.x.x.x
add address=x.x.x.x/24 interface="Anglo64 EoIP" network=x.x.x.x
add address=x.x.x.x/22 disabled=yes interface="COM-AP Bridge" network=\
x.x.x.x
add address=x.x.x.x/16 interface=ether10-CCTV network=x.x.x.x
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add add-default-route=no disabled=no interface=ether2
/ip dhcp-server lease
mac-address=94:E1:AC:78:7A:50 server="CCTV Network"
/ip dhcp-server network
add address=x.x.x.x/22 comment=COM dns-server=\
x.x.x.x,208.x.x.x,208.x.x.x domain=ANGLO gateway=x.x.x.x \
netmask=22
add address=x.x.x.x/24 comment=FIREFLY dns-server=x.x.x.x,x.x.x.x \
domain=ANGLO gateway=x.x.x.x netmask=24
add address=x.x.x.x/16 comment=AP-WIFI dns-server=x.x.x.x,x.x.x.x \
domain=ANGLO gateway=x.x.x.x netmask=16
add address=x.x.x.x/16 comment=CCTV dns-server=x.x.x.x,x.x.x.x \
domain=ANGLO gateway=x.x.x.x netmask=16
add address=x.x.x.x/24 dns-server=8.8.8.8,x.x.x.x domain=ANGLO gateway=\
x.x.x.x netmask=24
/ip dns
set allow-remote-requests=yes
/ip dns static
/ip firewall mangle
add action=mark-routing chain=prerouting comment=\
"Always #0 Enable if Eth1/Public Line has issue" disabled=yes \
new-routing-mark=CAT-Private passthrough=yes
add action=accept chain=prerouting comment=\
"Enable if Private Line has issue (WCBS,Accounting,Firefly)"
add action=mark-routing chain=prerouting comment="PRIVATE - Ms. Nuch" \
new-routing-mark=CAT-Private passthrough=yes src-address=x.x.x.x
add action=mark-routing chain=prerouting comment="PRIVATE - Firefly" \
new-routing-mark=CAT-Private passthrough=yes src-address=x.x.x.x
add action=mark-routing chain=prerouting comment="PRIVATE - Ms. Pan" \
new-routing-mark=CAT-Private passthrough=yes src-address=x.x.x.x
add action=mark-routing chain=prerouting comment="PRIVATE - Mr. Rc" disabled=\
yes new-routing-mark=CAT-Private passthrough=yes src-address=x.x.x.x
add action=mark-routing chain=prerouting comment="PRIVATE - WCBS" \
new-routing-mark=CAT-Private passthrough=yes src-address=x.x.x.x
add action=mark-routing chain=prerouting comment="PRIVATE - Academic Server" \
new-routing-mark=CAT-Private passthrough=yes src-address=x.x.x.x
add action=mark-routing chain=prerouting comment="PRIVATE - Microtik" \
new-routing-mark=CAT-Private passthrough=yes src-address=x.x.x.x
add action=accept chain=prerouting comment=\
"Always Last ALL PUBLIC-Always put last. do not disable"
add action=mark-routing chain=prerouting new-routing-mark=CAT-Private \
passthrough=yes src-address=x.x.x.x
/ip firewall nat
add action=dst-nat chain=dstnat dst-address=x.x.x.x src-address=\
x.x.x.x/22 to-addresses=x.x.x.x
add action=accept chain=dstnat dst-address=x.x.x.x to-addresses=\
x.x.x.x
add action=masquerade chain=srcnat out-interface=pppoe-out1
add action=masquerade chain=srcnat out-interface=ether2
add action=masquerade chain=srcnat out-interface=ether1
add action=masquerade chain=srcnat disabled=yes out-interface=pppoe-out1
add action=masquerade chain=srcnat disabled=yes dst-address=x.x.x.x/24 \
src-address=x.x.x.x/9
add action=masquerade chain=srcnat disabled=yes dst-address=x.x.x.x \
src-address=x.x.x.x/9
add action=masquerade chain=srcnat disabled=yes dst-address=x.x.x.x \
src-address=x.x.x.x/9
add action=masquerade chain=srcnat disabled=yes dst-address=x.x.x.x24 \
src-address=x.x.x.x/9
add action=masquerade chain=srcnat disabled=yes dst-address=x.x.x.x/24 \
src-address=x.x.x.x/24
add action=src-nat chain=srcnat disabled=yes dst-address=x.x.x.x/21 \
src-address=x.x.x.x/9 to-addresses=x.x.x.x/24
add action=src-nat chain=srcnat disabled=yes dst-address=x.x.x.x \
to-addresses=x.x.x.x/24
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set pptp disabled=yes
/ip ipsec identity
add generate-policy=port-strict peer=peer3 secret=12345678
/ip ipsec policy
set 0 dst-address=0.0.0.0/0 src-address=0.0.0.0/0
add dst-address=0.0.0.0/0 protocol=udp src-address=0.0.0.0/0 template=yes
/ip route
add distance=1 gateway=x.x.x.x routing-mark=CAT-Private
add distance=1 dst-address=x.x.x.x/22 gateway="COM-AP Bridge" pref-src=\
x.x.x.x routing-mark=CAT-Private scope=10
add distance=1 dst-address=x.x.x.x/24 gateway=ether8-DMZ-FF pref-src=\
x.x.x.x routing-mark=CAT-Private scope=10
add distance=1 dst-address=x.x.x.x/16 gateway=ether10-CCTV pref-src=\
x.x.x.x routing-mark=CAT-Private scope=10
add distance=255 dst-address=x.x.x.x/24 gateway=ether3 pref-src=10.64.64.1 \
routing-mark=CAT-Private scope=10
add distance=1 dst-address=x.x.x.x/24 gateway="Anglo64 EoIP" pref-src=\
x.x.x.x routing-mark=CAT-Private scope=10
add distance=1 dst-address=x.x.x.x/24 gateway="Anglo31 EoIP" pref-src=\
x.x.x.x routing-mark=CAT-Private scope=10
add distance=1 dst-address=x.x.x.x/24 gateway=ether2 pref-src=\
x.x.x.x routing-mark=CAT-Private scope=10
add distance=1 dst-address=x.x.x.x/20 gateway=x.x.x.x routing-mark=\
CAT-Private
add distance=1 dst-address=x.x.x.x/24 gateway=x.x.x.x routing-mark=\
CAT-Private
add distance=1 dst-address=x.x.x.x/24 gateway=x.x.x.x routing-mark=\
CAT-Private
add distance=1 dst-address=x.x.x.x/23 gateway=x.x.x.x routing-mark=\
CAT-Private
add distance=1 dst-address=x.x.x.x/16 gateway=x.x.x.x routing-mark=\
CAT-Private
add comment="ENABLE IF ETH 1 NOT WORKING" disabled=yes distance=1 gateway=\
x.x.x.x
add distance=1 dst-address=x.x.x.0/20 gateway=x.x.x.1
add distance=1 dst-address=x.x.x.0/24 gateway=x.x.x.1
add distance=1 dst-address=x.x.x.0/24 gateway=x.x.x.1
add distance=1 dst-address=x.x.x.0/23 gateway=x.x.x.1
add distance=1 dst-address=192.x.x.0.0/16 gateway=x.x.x.1
Last edited by holvoetn on Wed Mar 13, 2024 10:10 am, edited 1 time in total.
Reason: added code quotes for readability
Reason: added code quotes for readability
Re: Failover Issue
My 2nd ISP is up but still devices are unable to connect to the internet...please help
Re: Failover Issue
impossible to understand your config where all ip addrs are x.x.x.x
Re: Failover Issue
There are three IPv4 blocks set aside for examples.