Policy Routing based on Client IP Address

Image.png

WAN
# export

/queue simple
add max-limit=128k/128k name=128k target=ether2
add max-limit=256k/256k name=256k target=ether3
/ip address
add address=13.13.13.1/30 interface=ether2 network=13.13.13.0
add address=23.23.23.1/30 interface=ether3 network=23.23.23.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1
/ip firewall nat
add action=masquerade chain=srcnat src-address=13.13.13.0/30
add action=masquerade chain=srcnat src-address=23.23.23.0/30

R1
# export
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool1 ranges=192.168.0.21-192.168.0.125
add name=dhcp_pool2 ranges=192.168.0.131-192.168.0.235
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=ether3 name=dhcp1
add address-pool=dhcp_pool2 disabled=no interface=ether4 name=dhcp2
/ip address
add address=13.13.13.2/30 interface=ether1 network=13.13.13.0
add address=23.23.23.2/30 interface=ether2 network=23.23.23.0
add address=192.168.0.1/25 interface=ether3 network=192.168.0.0
add address=192.168.0.129/25 interface=ether4 network=192.168.0.128
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.0.0/25 dns-server=8.8.8.8 gateway=192.168.0.1
add address=192.168.0.128/25 dns-server=8.8.8.8 gateway=192.168.0.129
/ip firewall mangle
add action=mark-routing chain=prerouting in-interface=ether3 new-routing-mark=ISP1
add action=mark-routing chain=prerouting in-interface=ether4 new-routing-mark=ISP2
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
add action=masquerade chain=srcnat out-interface=ether2
/ip route
add check-gateway=ping distance=11 gateway=13.13.13.1 routing-mark=ISP1
add check-gateway=ping distance=12 gateway=23.23.23.1 routing-mark=ISP1
add check-gateway=ping distance=11 gateway=23.23.23.1 routing-mark=ISP2
add check-gateway=ping distance=12 gateway=13.13.13.1 routing-mark=ISP2
add distance=11 gateway=13.13.13.1
add distance=11 gateway=23.23.23.1
/ip route rule
add action=lookup-only-in-table dst-address=192.168.0.0/24 table=main
/system identity
set name=R1

PC1
# export

/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether3
/system identity

set name=PC1

PC2
# export
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether3
/system identity

set name=PC2

-to add interface into vlan
/interface bridge add name=vlan_bridge
/interface bridge port add bridge=vlan_bridge interface=ether1
/interface bridge port add bridge=vlan_bridge interface=ether2

/interface vlan add disabled=no name=vlan1 interface=vlan_bridge vlan-id=1

-to delete port in a bridge
admin@R1] > interface bridge port print
Flags: X – disabled, I – inactive, D – dynamic
 #    INTERFACE              BRIDGE              PRIORITY  PATH-COST    HORIZON
 0    ether3                 LAN_bridge              0x80         10       none
 1    ether4                 LAN_bridge              0x80         10       none
[admin@R1] > interface bridge port remove 0
[admin@R1] > interface bridge port remove 1

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s