sinet.com.kh

sinet.com.kh

Sunday, January 21, 2018

Load Sharing 2 WAN and 2 LAN

Today we will show you how to configure Load Sharing 2 WAN (Static IP) and 2 LAN detail as bellow:
1. Comment Interface
2. Create Bridge LAN
3. Configure IP Address for WAN1
4. Configure IP Address for WAN2
5. Configure IP Address for Bridge LAN
6. Configure DNS Server
7. Configure DHCP Server
8. Configure Mangle
9. Configure Routes
10. Configure NAT
11. Add Port to Bridge LAN

In this configuration we use MikroTik RB1100AHx2 with Firmware 6.41.3
1. Comment Interface
/interface ethernet
set [ find default-name=ether1 ] name=ether1-WAN1
set [ find default-name=ether2 ] name=ether2-WAN2
set [ find default-name=ether3 ] comment=Staff name=ether3-Bridge-LAN1
set [ find default-name=ether4 ] comment=Management name=ether4-Bridge-LAN2
2. Create Bridge LAN
/interface bridge
add fast-forward=no name=Bridge-LAN1
add fast-forward=no name=Bridge-LAN2
3. Configure IP Address for WAN1
/ip address
add address=96.9.86.165/27 interface=ether1-WAN1 network=96.9.86.160
 4. Configure IP Address for WAN2
/ip address
add address=43.245.202.121/26 interface=ether1-WAN1 network=43.245.202.64
 5. Configure IP Address for Bridge LAN
/ip address
add address=192.168.17.1/24 interface=Bridge-LAN1 network=192.168.17.0
add address=192.168.18.1/24 interface=Bridge-LAN2 network=192.168.18.0 
6. Configure DNS Server
/ip dns
set servers=8.8.8.8,8.8.4.4
 7. Configure DHCP Server
/ip dhcp-server network
add address=192.168.17.0/24 dns-server=96.9.65.22,96.9.64.12 gateway=192.168.17.1
add address=192.168.18.0/24 dns-server=96.9.65.22,96.9.64.12 gateway=192.168.18.1

/ip pool
add name=dhcp_pool1 ranges=192.168.17.2-192.168.17.254
add name=dhcp_pool2 ranges=192.168.18.2-192.168.18.254

/ip dhcp-server
add address-pool=dhcp_pool1 authoritative=after-2sec-delay disabled=no     interface=Bridge-LAN1 lease-time=1d name=dhcp1
add address-pool=dhcp_pool2 authoritative=after-2sec-delay disabled=no     interface=Bridge-LAN2 lease-time=1d name=dhcp2
8. Configure Mangle
/ip firewall mangle
add action=mark-routing chain=prerouting new-routing-mark=WAN1 passthrough=no
    src-address=192.168.17.0/24
add action=mark-routing chain=prerouting new-routing-mark=WAN2 passthrough=no
    src-address=192.168.18.0/24
9. Configure Routes
/ip route
add distance=1 gateway=96.9.86.161 routing-mark=WAN1
add distance=1 gateway=43.245.202.65 routing-mark=WAN2
add distance=1 gateway=43.245.202.65
add distance=1 gateway=96.9.86.161
10. Configure NAT
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether2-WAN1
add action=masquerade chain=srcnat out-interface=ether2-WAN2
 11. Add Port to Bridge LAN
/interface bridge port
add bridge=Bridge-LAN1 interface=ether3-Bridge-LAN1
add bridge=Bridge-LAN2 interface=ether4-Bridge-LAN2 
Note: If LAN1 and LAN2 cannot access to each other. We need to allow the policy in Mangle as bellow:
/ip firewall mangle
add action=accept chain=prerouting dst-address=192.168.17.0/24 src-address=192.168.17.0/24
add action=accept chain=prerouting dst-address=192.168.17.0/24 src-address=192.168.18.0/24
add action=accept chain=prerouting dst-address=192.168.18.0/24 src-address=192.168.18.0/24 
add action=accept chain=prerouting dst-address=192.168.18.0/24 src-address=192.168.17.0/24
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)