Configuring MikroTik in half as a router and a switch

Here is an example of setting up MikroTik as two different devices, a switch (switch) and a router (router).
Ports 1-5 and sfp1 will work as a switch, as a router there will be ports: LAN 6-9 and wlan1, WAN – 10.

The Internet will come via two cables, the first one to switch to sfp1, the second to port 10, if the Internet cable is only one – we connect it to sfp1 and connect the router port 10 to any switch ports with a patchcord, but it’s better to do without a patchcord and to “bridge-switch” manually specify the MAC address of one of the ports that are included in it (so as not to change), enable the DHCP client for the “bridge-switch” and set up masquerading on this bridge in the firewall.

We make two bridges:

/interface bridge
add name=bridge-router
add name=bridge-switch

Let’s configure the ports:

/interface ethernet
set [ find default-name=ether2 ] name=ether2-master
set [ find default-name=ether3 ] master-port=ether2-master
set [ find default-name=ether4 ] master-port=ether2-master
set [ find default-name=ether5 ] master-port=ether2-master
set [ find default-name=ether6 ] name=ether6-master
set [ find default-name=ether7 ] master-port=ether6-master
set [ find default-name=ether8 ] master-port=ether6-master
set [ find default-name=ether9 ] master-port=ether6-master
set [ find default-name=ether10 ] name=ether10-Gataway
set [ find default-name=sfp1 ] name=sfp1-toNetwork1
set [ find default-name=ether1 ] master-port=ether2-master

Add ports to the bridges:

/interface bridge port
add bridge=bridge-switch interface=ether2-master
add bridge=bridge-switch interface=sfp1-toNetwork1
add bridge=bridge-router interface=wlan1
add bridge=bridge-router interface=ether6-master

Let’s configure the wireless network:

/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=WiFi tx-power=30 tx-power-mode=all-rates-fixed wireless-protocol=802.11

Configure the address range for the DHCP server:

/ip pool
add name=dhcp ranges=192.168.0.10-192.168.0.254

Let’s configure the DHCP server:

/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge-router name=dhcp
/ip dhcp-server network
add address=192.168.0.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.0.1 netmask=24

Let’s assign an internal IP router:

/ip address
add address=192.168.0.1/24 interface=bridge-router network=192.168.0.0

Enable DHCP client WAN port router:

/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=ether10-Gataway

Let’s configure DNS:

/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.0.1 name=router

Enable NAT router:

/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether10-Gataway

We will configure the standard Firewall rules, allow ping and access to the web from outside:

/ip firewall filter
add chain=input comment="defconf: accept ICMP" protocol=icmp
add chain=input comment="defconf: accept established,related" connection-state=established,related
add action=drop chain=input comment="defconf: drop all from WAN" in-interface=ether10-Gataway
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add chain=forward comment="defconf: accept established,related" connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface=ether10-Gataway
add chain=input dst-port=80 protocol=tcp

Done.

See also my article:
Automatic switching between backup channels on MikroTik (RouterOS)

Join the Conversation

1 Comment

Leave a Reply

Discover more from IT Blog

Subscribe now to keep reading and get access to the full archive.

Continue reading