Router OS is the operating system of Router BOARD
It can also be installed on a PC and will turn it into a router with all the necessary features routing, firewall, bandwidth management, wireless access point, back haul link, hotspot gateway, VPN server and more
In today tutorial we will use the network fail over configuration of two different network with different subnet. if Primary is failed it will automatically take position of secondary and if Primary restores, it will come back on Primary again until it fails for second time.
To download and Install Mikrotik OS Please do visit below link and documentation for installation for your purchased or trail version
After downloading and installation of router OS, you need a software to manage it which can be downloaded from above Mikrotik web named as winbox please download on your windows machine or you can use your web browser to access the web version.
once you connected with your router OS via winbox or web interface it will look like as per below both web and win box interface are same
Click on interface option on left corner it will pop up interface list as per below, Here we need to change the name of each ether net port which can be used for naming convention and better understanding
- we need three ether port one is used for Primary 2nd will be used for secondary, 3rd will be used for network access
- Double click on ether one from interface list as per above picture
- it will open interface as per below
- rename the name field in my case i kept it ether1_PTCL
- click apply
- click OK
- Repeat same steps again to rename second either port
Assigning IP Addresses
- after renaming we need to assign IP addresses to each port in order to communicate each port and output port
- in your left pane of winbox or web interface you will get option IP –> addresses click on addresses it will show you screen as per below picture
- Click on + sign to add IP address eg 172.10.20.2/31
- choose interface name in my case it is ether1_PTCL
- click Apply and OK
- repeat the steps for Secondary interface and 3rd local network IP address
- in my case i put local interface ip address 10.10.10.1/24
Configuring Routes
- Move back to winbox menu pan and select IP –> Routes as per below screen
- Click on + Sign as per below Screen to assign route of network
- Put the gateway of your ipaddress given by your ISP or your network design eg 172.10.23.1
- once you click on apply it will show you reachable ether1_PTCL
- click OK
- repeat the above step for secondary ether port
Firewall Policy
- Firewall policy need to set because you had to allow your traffic to come in and out
- click on IP —> Firewall as per below screen shoot
- click on NAT Network Address translation
- as per below screen select chain as srcnat
- out interface ether1_PTCL. change as per your name given in start
- click on action inside your nat rule and select action type as masquerade
- click apply and OK
- repeat the step for secondary network
- To add script you need to click on system —> Scripts
- Click on + Sign
- add the below script change the ip address to 8.8.8.8 or what ever you want to
- for better understanding of below code first line will ping your ip 8.8.8.8 and if its is reachable it will enable firwall rule number 2 and disable firewall rule 0 which we created above then it will enable route 1 and disbale route 0 it will check for delay of 15 seconds and enable route 0
- else it will enable firewall rule 0 disable firewall rule 1
if ([/ping 172.17.15.8 count=4] = 0) do={ /ip firewall nat enable 2 ; /ip firewall nat disable 0 ; /ip route enable 1 ; /ip route disable 0 ; :delay 15s /ip route enable 0 ; } else={ /ip firewall nat enable 0 ; /ip firewall nat disable 2 ; /ip route disable 1; }
name the script as i named enable _PTCL_Zong the above name will be used in scheduler below
click apply and OK
Make a schedule to run script for fail over
on the left pan of your winbox you will find option systems —> and scheduler
- it will open as per below shoot
- enter the name of your schedule for your convenience
- enter start date
- start time as startup when ever the router boot or reboot it will run this schedule for first time
- interval time as per your own desire in my case i put 10 seconds to check if network comes back shift it back to primary or if not then leave for secondary
- on even field you have to specify the name of script created above in my case it is
- restart you router OS via System —> reboot
- after restart you can see ether_zong is showing disabled and it set back to primary remove network from ether1_PTCL and check it will disable Primary and active secondary