• HZ

    Hi, i just do it exactly as you presented here, DHCP is Ok, i get the IP, but there is no internet connection on the networks.
    Where did i messed up?

    • Andrew

      I’m having the same issue. Not sure what I’ve done wrong!

      My config:
      ether1 = gateway
      ether2 = lan
      ether3 = wifi

      ether 2 gets net just fine, ether 3 gets no net but dhcp is running right etc.

      Not sure if this is a routing issue?
      NAT issue?

      Please help 🙁

      • admin

        First, check in IP / Routes and make sure there is a route showing for each network you have set up. There should be one for 0.0.0.0, one for the subnet you have on ether2, and one for the subnet on ether3.

        • Andrew

          Thanks for the response.

          All the routes seem to exist. I’ve attempted to recreate the DHCP server on ether 3 etc just to make sure I feel as though I am understanding everything correctly.

          It seems that there is intermittant traffic through my WIFI ap connected on ether 3. I’m not sure why that is happening. It seems like net access is there, then it isnt, then there, then not etc. It seems as well that there is constant Rx on the interface but no Tx…

          Could you help me out further? Appreciate it!

          • David

            Please the NAT under firewall.Thats what he forgot to include.Otherwise the rest is ok

  • Jason

    Is there really a difference between this and a basic VLAN? Does this route offer traffic segmentation so a network doesn’t get bogged down but still allow communication between them?

  • Greg

    So If I wanted to set up a Static IP for ONE particular computer that may move from ONE network to another, all I would do is set a Lease for EACH subnet — I’d pick the IP that I would like for THAT machine on each subnet, and instead of selecting “ALL” for the server when setting up the lease, I’d select the DHCP Server (that has been assigned to that port ) and is handling that internal network .

    Is that correct?

    Also, if I wanted to make sure that traffic could NOT travel from one internal network to another, how would one set up the firewall rule?

    Lastly, I’d love to see how you’d set up bandwidth tracking/throttling on a per IP or MAC basis — and if possible how you’d use it with THIS configuration.

    These articles are the best explanation of how to use the MikroTik routers adn Winbox I have come across. I find the MicroTik site to be utterly useless when it comes to using Winbox as they do everything in Terminal. They really need to get a grip on that!

    • admin

      Well… you can click the little triangle next to “Server:” in the DHCP Lease window and it will assign your IP based on one of those servers…so… if you had a different DHCP server assigned to different ports, then I would think it would see that MAC address show up on port X so it would pull an IP from DHCP server X. Might work. I might have to test that out, but I can’t really see how I would use it in the real world.

      To block traffic in the firewall, you would want to set up a ‘drop’ rule. For example you can say “for any traffic coming from 192.168.123.0 that is destined for 192.168.234.0, DROP it.” You can also do it by address lists, depending on your situation.

      Bandwidth throttling/queues are on the list for some future posts……..

  • Nice article. How different is it to program 2 different WAN ports – not for load balancing but for specific applications? WAN 1 = general Internet use, WAN 2 = VoIP only. When I do it, the 2nd WAN port does not work.
    Thanks

    • admin

      Unfortunately I haven’t had any first hand experience with dual WAN setup, and nowhere to test it out… I do know dual WAN with failover can work well on Mikrotik, so I would assume there would be a way to do what you are looking for…

  • bbbbb

    So with a firewall rule someone can isolate the traffic ? If i connect to port 1 the wan a cable from my modem router is it going to work ? or it is double nat ?

    • Radek

      If you have only cable modem, modem probably does not NAT. If your modem is also router and router is switched on, you have double NAT.

  • Talha Ahmad

    Hi,

    I am facing problem with my RB 750 GL. I am using 3 connection with my router. Two connection are PTCL and one connection is Worlcall. Due to fail of power failure the world call goes down after every hour. When world call is down. My RB 750 not working properly. I got noting from the RB 750 for five or ten minutes. After then ten mins my RB start working properly. Can you please guide me in this matter

  • Rio

    i’ve used same rb 750 gl, and 3 different network..
    WAN
    |
    eth0 — eth1 — eth2 — eth3 — eth4
    LAN| SlaveLAN |Hotspot AP

    eth1 & eth2 >> poolA 192.168.10.25-254, eth2: static linux/server 192.168.10.111
    eth4 >> poolB 192.168.20.25-254

    both pool, had been successfully setup as hotspot.

    But, the problem is, how can I make a client on poolA IP (Access Point) can discover another client computer’s (shared folder on network) resources on poolB (local) and vice versa. and also note, that icmp service either direct network explore “\\ip_address” between them is work fine.
    thx for your help..

    • admin

      Having them on different subnets means that the broadcasts aren’t going to travel between them… you can access the other machines, but the broadcasts aren’t transmitted.

      You may want to try just giving the poolB a range in the same subnet (192.168.10.xxx) if you can.

  • Andy

    Hi,

    I have a little problem.

    I tried doing that on my router.

    Configuration is simple, DHCP on eth2 subnet 192.168.141.0/24 with address 192.168.141.254 and gateway 192.168.141.254 and DHCP on eth3 subnet 192.168.142.0/24 with address 192.168.142.254 and gateway 192.168.142.254

    Starting from here, everything is working “fine”, i get one dhcp on one interface, and the other dhcp on the other interface.

    My problem ? if i m on a computer on the 141 network, i can’t ping one that is on the 142 ?

    I got no firewall rules set… so if i m right, it’s full accept by defaut ?

    Anyone could help me with that please? 🙂

    Thanks a lot!

    • admin

      I’ve had a couple issues with this as well but have been busy and haven’t tracked down what’s going on. On others it’s fine. It’s on routers that are already set up and don’t “need” the 2nd subnet, it’s usually just me testing something and I just do without. I need to take a ‘stock’ 750GL and retry everything one step at a time…

    • Radek

      Andy, what is your main requirement – connect networks 141.x to 142.x or divide them?

  • Dave

    All worked well but can’t for the life of me find “Routes List” on the RB750.

    Am now looking at trying to Bridge to of the lans.

  • Dave

    Found Routes List under IP

    Still working on joining two lans, ports 3&4.

  • DAMIEN

    I have a mikrotik V5.12, how is the configuration to get the internet comes from the modem iDirect onto the switch

    • admin

      The default configuration works out of the box for internet access without doing any manual setup. What model routerboard is it?

  • Gendra

    I have exact same network scenario. so, how can I configure the port forwarding for my DVR in exact same network scenario?

  • IF you want to connect to the internet than you need to set up Nat, so all your private ip address are translated to a 1 public ip address.

    • admin

      Good point, I need to revisit that.

  • Eric

    Hi,

    Thank you for this smart manual. I want to discover and ping from subnet A to subnet B, but from subnet B to subnet A not. Is this possible? If yes, how? Thanks

    • admin

      You should be able to do this in firewall rules, might have to get creative though. You can tell it to not allow traffic from subnet a to subnet b, for example, but you may find some issues with replies from one subnet to the other.

  • Eric

    Hi,
    I have RB751 and I want to make ether1 to ether5 and wlan1 in Bridge mode and wlan2 in Router mode (another subnet). Ether1 is connected to previous router where is working DHCP server for this ether1 to ether5 and wlan1. Any idea? Thanks

  • laxmi
  • ocular

    Mikrotik gurus seem to say that setting up subnets as above should allow pings between machines on different subnets. My practical testing on a RB750GL 5.24 to allow access between subnets says this is not so, you need to proceed as above (either from default configuration or no configuration + wan/ether1 setup either with pppoe or dhcp client) and then after adding pools, addresses, dhcp servers to interfaces add
    /ip firewall nat
    add action=masquerade chain=srcnat disabled=no out-interface=!ether2 src-address=192.168.0.0/24
    add action=masquerade chain=srcnat disabled=no out-interface=!ether3 src-address=192.168.3.0/24
    add action=masquerade chain=srcnat disabled=no out-interface=!ether4 src-address=192.168.4.0/24
    add action=masquerade chain=srcnat disabled=no out-interface=!ether5 src-address=192.168.5.0/24

    and then one more nat rule to allow access to internet
    /ip firewall nat
    add action=masquerade chain=srcnat comment=”default configuration” disabled=no out-interface=ether1 (-or pppoe-out)

    At last can ping between subnets (no broadcasts). Firewall rules then will need to be set for security

  • Hamish Lockhart

    Really nice article. I was confused that I couldn’t ping a machine on a different network. Turns out I didn’t have the default gateway setup on the receiving machine.

  • Beastly Bee

    Nice article, I’ve been researching the last part which is to make the different networks talk but no luck. I’m testing two networks they can ping each interface ip but no the computer connect to those interfaces. Any suggestions?

    • Russell Bach

      The article suggests from the picture of the winbox interface list that the default RB750GL configuration has been loaded. If you then make changes as suggested from the out of the box default configuration the subnets will not see each other(as you seemed to have experienced). You need to do a reset configuration and tick no-default and reboot and then rebuild with winbox as per above.

      Otherwise if you have made changes from the out of the box default configuration you will need to add to ip firewall nat

      add action=masquerade chain=srcnat comment=”to allow ping to subnet” out-interface=!ether2-master-local src-address=192.168.2.0/24
      add action=masquerade chain=srcnat comment=”to allow ping to subnet” out-interface=!ether3-slave-local src-address=192.168.3.0/24
      and so on for each ether port and subnet
      and then should be able to ping each subnet. I did document this previously but the other 33 posts to this thread have vanished.

      • Sean Scarfo

        Russel,

        Why does one have to reset the configuration? What setting is causing the routes not to communicate across one another?

        I just became MTCNA certified and you might imagine, the instructors didn’t go over multiple networks on a single router like this. (They did go over static routes for multiple routers)

        Any suggestions?

  • Sean Scarfo

    Russel,

    Why does one have to reset the configuration? What setting is causing the routes not to communicate across one another?

    I just became MTCNA certified and you might imagine, the instructors didn’t go over multiple networks on a single router like this. (They did go over static routes for multiple routers)

  • Alvin Yort

    How to set up speed internet for each LAN?

  • Jay

    Thanks, you’re the best, it works perfect!!!

  • Håkan Söderbom

    Many thanks for the article! I’ve just taken the plunge and ordered a RB951G hoping to achieve something similar as you describe above. My main question is still how the router “behaves” together with the modem. In a common consumer setup there is one modem and one router, but you say early on this technique can be used for WAN failover, implying multiple routers can be connected to the router. Correct? Can it also be used to completely isolate the networks from each other, while they still have internet access through one modem? I am trying to isolate my home automation and IP camera network from the main house network… Appreciate any thoughts and guidance!

    • JMJr49

      Maybe I can help…
      You asked: “how the router “behaves” together with the modem?.”
      The configuration used in this article was just like a common consumer setup with port1 connected to the internet modem, and the other 4 ports connected to the LAN. The only difference was that you will have 4 different separate LANs instead of just one.

      You asked: …” for WAN failover, implying multiple routers can be connected to the router. Correct?”…
      When the author mentioned WAN failover, he just gave an example of which possibilities this nice device offers. If you want to have a WAN failover, you could connect WAN1 to port1 and WAN2 to port2 for example, and set the proper configuration for that. Then there would be only 3 ports resting for you to build up to 3 LAN subnets. Than you’d have 2 modems, but still just one router device. For each of the 3 subnets you can add cheaper switches or Access points. Not necessarily you will need routers for that.

      You asked: …” Can it also be used to completely isolate the networks from each other, while they still have internet access through one modem?”
      Yes, the intention here was exactly this.

  • JMJr49

    Nice article! My question is: No changes are needed in the Firewall? Are all 4 subnets still protected?

  • Kåre Johansen

    Looks like a good option, but I ran into some problems. The routers LAN-adress change from 192.168.88.1 to one of the gateway-IP you create with this method (in my case 192.168.10.1). How to prevent that? Looks like you can’t change the IP back again from “Quick settings”, it sets itself back to 10.1.
    It’s an old thread, but hope somebody can help.