Welcome Guest ( Log In | Register )

Bump Topic Add Reply RSS Feed

Outline · [ Standard ] · Linear+

Enterprise Networking Mikrotik Routers (RouterBoard & RouterOS), User and owner discussion group

views
     
delaciox
post Jun 10 2021, 10:43 PM

Getting Started
**
Junior Member
185 posts

Joined: Dec 2008
From: Puchong
hi, i want to ask about vrrp and vlan

i have 2 unifi tm line, i wan to setup pcc load balance.

so i need to vrrp first than vlan
or vlan first than vrrp??


router is rb750gr3

lan 1 is empty, netinstall backup
lan 2 is btu in
lan 3 - 5 bridge LAN out

This post has been edited by delaciox: Jun 10 2021, 10:45 PM
delaciox
post Jun 16 2021, 10:17 AM

Getting Started
**
Junior Member
185 posts

Joined: Dec 2008
From: Puchong
QUOTE(Gaara92 @ Jun 15 2021, 05:09 PM)
I think PCC load balance need to use mangle rules. While VRRP is for LAN Gateway right, if you have 2 router for redundancy and another one is down, so VRRP will take place and reroute you to another router.
*
i mean use one btu inout with 2 pppoe unifi
which one is correct setting? WAN2 is connect BTU port

A.
WAN2 -> VRRP1 -> VLAN500 -> PPPOE unifiA
~~~~ -> VRRP2 -> VLAN500 -> PPPOE unifiB


B.
WAN2 ->VLAN500 -> VRRP1 -> PPPOE unifi A
~~~~~~~ ~~~~ -> VRRP2 -> PPPOE unifi B

This post has been edited by delaciox: Jun 16 2021, 10:19 AM
delaciox
post Jul 9 2021, 01:30 AM

Getting Started
**
Junior Member
185 posts

Joined: Dec 2008
From: Puchong
QUOTE(Gaara92 @ Jun 28 2021, 04:09 PM)
I didn't know you can use one BTU to connect dual unifi? Have you tried thm?
*
i think maybe can use, after release mco i will try new setting. vrrp change mac and try again
i use this try on 2 mikrotik, 1 build pppoe server, and 1 use for testing


CODE

/interface bridge
add comment="LAN bridge" name=bridge_LAN
add comment="VRRP mac bridge" name=bridge_VRRP_mac

/interface ethernet
set [ find default-name=ether1 ] l2mtu=1596 mac-address=C4:AD:34:AA:0D:64 name=\
   Masterport
set [ find default-name=ether2 ] l2mtu=1596 mac-address=C4:AD:34:AA:0D:65 name=\
   WAN2
set [ find default-name=ether3 ] l2mtu=1596 mac-address=C4:AD:34:AA:0D:66 name=\
   "ether3_to switch"
set [ find default-name=ether4 ] l2mtu=1596 mac-address=C4:AD:34:AA:0D:67
set [ find default-name=ether5 ] l2mtu=1596 mac-address=C4:AD:34:AA:0D:68

/interface vrrp
add interface=bridge_VRRP_mac name=vrrp1
add interface=bridge_VRRP_mac name=vrrp2 vrid=2

/interface vlan
add interface=WAN2 name=vlan.500 vlan-id=500

/interface pppoe-client
add disabled=no interface=vrrp1 name=pppoe-out1 password=pppoea user=pppoea
add disabled=no interface=vrrp2 name=pppoe-out2 password=pppoeb user=pppoeb

/ip pool
add name=pool1 ranges=192.168.0.2-192.168.0.200

/ip dhcp-server
add address-pool=pool1 disabled=no interface=bridge_LAN name=server1

/interface bridge nat
add action=src-nat chain=srcnat src-mac-address=\
   00:00:5E:00:01:01/FF:FF:FF:FF:FF:FF to-src-mac-address=C4:AD:34:AA:0D:75
add action=src-nat chain=srcnat src-mac-address=\
   00:00:5E:00:01:02/FF:FF:FF:FF:FF:FF to-src-mac-address=C4:AD:34:AA:0D:76
add action=dst-nat chain=dstnat dst-mac-address=\
   C4:AD:34:AA:0D:75/FF:FF:FF:FF:FF:FF to-dst-mac-address=00:00:5E:00:01:01
add action=dst-nat chain=dstnat dst-mac-address=\
   C4:AD:34:AA:0D:76/FF:FF:FF:FF:FF:FF to-dst-mac-address=00:00:5E:00:01:02

/interface bridge port
add bridge=bridge_LAN interface="ether3_to switch"
add bridge=bridge_LAN interface=ether4
add bridge=bridge_LAN interface=ether5
add bridge=bridge_VRRP_mac interface=vlan.500

/interface bridge settings
set use-ip-firewall=yes

/ip address
add address=100.10.10.10/24 interface=bridge_VRRP_mac network=100.10.10.0
add address=100.10.10.11/24 interface=vrrp1 network=100.10.10.0
add address=100.10.10.12/24 interface=vrrp2 network=100.10.10.0
add address=192.168.0.1/24 interface=bridge_LAN network=192.168.0.0

/ip dhcp-server network
add address=192.168.0.0/24 gateway=192.168.0.1 netmask=24

/ip dns
set allow-remote-requests=yes servers=94.140.14.14,94.140.15.15,8.8.8.8,8.8.4.4

/ip firewall filter
add action=reject chain=forward comment=\
   "\C6\C1\B1\CEMircoSoft\CF\B5\C1\D0\B2\FA\C6\B7\B8\FC\D0\C2" content=\
   update.microsoft.com disabled=yes reject-with=icmp-network-unreachable
add action=reject chain=forward comment=\
   "\C6\C1\B1\CEMircoSoft\CF\B5\C1\D0\B2\FA\C6\B7\B8\FC\D0\C2" content=\
   download.microsoft.com disabled=yes reject-with=icmp-network-unreachable
add action=reject chain=forward comment=\
   "\C6\C1\B1\CEMircoSoft\CF\B5\C1\D0\B2\FA\C6\B7\B8\FC\D0\C2" content=\
   download.windowsupdate.com disabled=yes reject-with=\
   icmp-network-unreachable
add action=reject chain=forward comment=\
   "\C6\C1\B1\CEMircoSoft\CF\B5\C1\D0\B2\FA\C6\B7\B8\FC\D0\C2" content=\
   wustat.windows.com disabled=yes reject-with=icmp-network-unreachable
add action=reject chain=forward comment=\
   "\C6\C1\B1\CEMircoSoft\CF\B5\C1\D0\B2\FA\C6\B7\B8\FC\D0\C2" content=\
   ntservicepack.microsoft.com disabled=yes reject-with=\
   icmp-network-unreachable
add action=reject chain=forward comment=\
   "\C6\C1\B1\CEMircoSoft\CF\B5\C1\D0\B2\FA\C6\B7\B8\FC\D0\C2" content=\
   stats.microsoft.com disabled=yes reject-with=icmp-network-unreachable
add action=reject chain=forward comment=\
   "\C6\C1\B1\CEMircoSoft\CF\B5\C1\D0\B2\FA\C6\B7\B8\FC\D0\C2" content=\
   windowsupdate.com disabled=yes reject-with=icmp-network-unreachable
add action=drop chain=input dst-port=53 in-interface=pppoe-out1 protocol=udp
add action=drop chain=input dst-port=53 in-interface=pppoe-out1 protocol=tcp
add action=drop chain=input dst-port=53 in-interface=pppoe-out2 protocol=tcp
add action=drop chain=input dst-port=53 in-interface=pppoe-out2 protocol=udp

/ip firewall mangle
add action=change-mss chain=forward comment="Change MSS" new-mss=1440 \
   passthrough=yes protocol=tcp tcp-flags=syn
add action=mark-connection chain=input comment=InOut in-interface=pppoe-out1 \
   new-connection-mark=PCC1 passthrough=yes
add action=mark-connection chain=input in-interface=pppoe-out2 \
   new-connection-mark=PCC2 passthrough=yes
add action=mark-routing chain=output connection-mark=PCC1 new-routing-mark=\
   PCC_Rout1 passthrough=yes
add action=mark-routing chain=output connection-mark=PCC2 new-routing-mark=\
   PCC_Rout2 passthrough=yes
add action=mark-connection chain=prerouting comment=PCC connection-mark=no-mark \
   dst-address-list="" dst-address-type=!local in-interface=bridge_LAN \
   new-connection-mark=PCC1 passthrough=yes per-connection-classifier=\
   both-addresses-and-ports:2/0
add action=mark-connection chain=prerouting connection-mark=no-mark \
   dst-address-type=!local in-interface=bridge_LAN new-connection-mark=PCC2 \
   passthrough=yes per-connection-classifier=both-addresses-and-ports:2/1
add action=mark-routing chain=prerouting connection-mark=PCC1 in-interface=\
   bridge_LAN new-routing-mark=PCC_Rout1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=PCC2 in-interface=\
   bridge_LAN new-routing-mark=PCC_Rout2 passthrough=yes

/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-out1
add action=masquerade chain=srcnat out-interface=pppoe-out2

/ip route
add comment=ISP1 distance=1 gateway=pppoe-out1 routing-mark=PCC_Rout1 scope=10
add comment=ISP2 distance=1 gateway=pppoe-out2 routing-mark=PCC_Rout2 scope=10
add check-gateway=ping comment=ISP1 distance=1 gateway=pppoe-out1 scope=10
add check-gateway=ping comment=ISP2 distance=2 gateway=pppoe-out2 scope=10


This post has been edited by delaciox: Jul 9 2021, 01:31 AM
« Next Oldest · Networks and Broadband · Next Newest »
 

Add ReplyOptions
 

Change to:
| Lo-Fi Version
 0.0203sec    0.77    7 queries    GZIP Disabled
Time is now: 21st December 2025 - 10:43 AM
All Rights Reserved © 2002- 2025 Vijandren Ramadass (~unite against racism~)
Removal Request
Powered by Invision Power Board © 2025  IPS, Inc.