Mikrotik Router Policy-based Routing Using VLAN Configuration



IP address Configuration:

/ip address             
add address=103.7.248.206/29 network=103.7.248.200 broadcast=103.7.248.207 interface=WAN1
add address=103.31.178.62/30 network=103.31.178.60 broadcast=103.31.178.63 interface=WAN2

VLAN Configuration on  Mikrotik Router:

/interface vlan
add name=VLAN-100 interface=LOCAL vlan-id=100
add name=VLAN-200 interface=LOCAL vlan-id=200
/ip address
add address=192.168.10.1/24 interface=VLAN-100
add address=172.16.10.1/24 interface=VLAN-200

 DNS Configuration:

/ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=5000KiB max-udp-packet-size=512 servers=4.4.4.4,8,8.8.8.8

NAT Configuration:

/ip firewall nat
add chain=srcnat action=masquerade src-address=192.168.10.0/24 out-interface=WAN1
add chain=srcnat action=masquerade src-address=172.16.10.0/24 out-interface=WAN2

NAT Configuration:

/ip firewall nat
add chain=srcnat action=masquerade src-address=192.168.10.0/24 out-interface=WAN1
add chain=srcnat action=masquerade src-address=172.16.10.0/24 out-interface=WAN2


Mangle Configuration for 192.168.10.0/24 forward interface WAN1 and 172.16.10.0/24 forward WAN2 


/ip firewall mangle
chain=prerouting action=mark-routing new-routing-mark=WAN1
passthrough=yes src-address=
192.168.10.0/24


chain=prerouting action=mark-routing new-routing-mark=WAN2
passthrough=yes src-address=
172.16.10.0/24

/ip route
add dst-address=
0.0.0.0/0 routing-mark=WAN1 gateway=103.7.248.201
add dst-address=
0.0.0.0/0 routing-mark=WAN2 gateway=103.31.178.61



Simple Queue Configuration For Client 192.168.10.2:

/queue simple
Add name="Test1" target-addresses=192.168.10.2/32 interface=VLAN-100 parent=none
      packet-marks="" direction=both priority=8
      queue=default-small/default-small limit-at=0/0 max-limit=1M/1M
      burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s
      total-queue=default-small

Simple Queue Configuration For Client 172.16.10.2:

/queue simple
Add name="Test2" target-addresses=172.16.10.2/32 interface=VLAN-200 parent=none
      packet-marks="" direction=both priority=8
      queue=default-small/default-small limit-at=0/0 max-limit=1M/1M
      burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s
      total-queue=default-small
https://mail.google.com/mail/u/0/images/cleardot.gif

AccessSwitch Configuration:

AccessSwitch>enable
AccessSwitch#configuration terminal
AccessSwitch(config)#interface fastethernet 0/0
AccessSwitch(config-if)#switchport mode trunk
AccessSwitch(config-if)#switchport trunk allowed vlan all
AccessSwitch(config-if)#switchport nonegotiate
AccessSwitch(config)#vlan 100
AccessSwitch(config)#vlan 200
AccessSwitch(config)#interface fastethernet 0/1
AccessSwitch(config-if)#switchport mode access
AccessSwitch(config-if)#switchport access vlan 100

AccessSwitch(config)#interface fastethernet 0/2
AccessSwitch(config-if)#switchport mode access
AccessSwitch(config-if)#switchport access vlan 200
AccessSwitch#wr




No comments:

Post a Comment