How to separate multi isp to multi lan mikrotik
To configure a MikroTik router to split multiple WANs to multiple LANs, you can follow these general steps:
1. Interface Configuration
- Assign WAN interfaces (e.g., ether1 for WAN1, ether2 for WAN2) and LAN interfaces (e.g., ether3 for LAN1, ether4 for LAN2). Set IP addresses for each interface.
2. Routing Configuration
- Create separate routing tables for each WAN connection. Use IP > Routes to add default routes for each WAN, specifying the appropriate gateway.
3. Firewall Mangle Rules
- Navigate to IP > Firewall > Mangle.
Create rules to mark connections and packets based on the source or destination IP of each LAN.
Use these marks to direct traffic to the correct WAN.
4. NAT Rules
- Set up NAT rules under IP > Firewall > NAT to masquerade traffic from each LAN to its corresponding WAN.
5. DHCP Server
- Configure DHCP servers for each LAN interface to assign IP addresses to devices in the respective LAN.
6. Testing
- Test the setup by connecting devices to each LAN and verifying that traffic is routed through the correct WAN.
# Rename interface
/interface ethernet
set [ find default-name=ether1 ] name=WAN1
set [ find default-name=ether2 ] name=WAN2
set [ find default-name=ether3 ] name=LAN1
set [ find default-name=ether4 ] name=LAN2
# Set IP address and gateway for WAN1 and WAN2
/ip address
add address=192.168.1.2/24 interface=WAN1
add address=192.168.2.2/24 interface=WAN2
add address=192.168.77.1/24 interface=LAN1
add address=192.168.88.1/24 interface=LAN2
# Route Gateway
/ip route
add gateway=192.168.1.1 distance=1 check-gateway=ping
add gateway=192.168.2.1 distance=2 check-gateway=ping
# Routing to direct traffic from WAN1 to LAN1 and WAN2 to LAN2
/ip firewall mangle
add chain=prerouting in-interface=WAN1 action=mark-routing new-routing-mark=to_LAN1 passthrough=yes
add chain=prerouting in-interface=WAN2 action=mark-routing new-routing-mark=to_LAN2 passthrough=yes
# Route gateway interface
/ip route
add dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=to_LAN1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=to_LAN2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=1.1.1.1 routing-mark=to_LAN1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=8.8.8.8 routing-mark=to_LAN2 check-gateway=ping
# Failover with gateway check to 1.1.1.1
/tool netwatch
add host=1.1.1.1 timeout=2s interval=5s up-script="/ip route set [find gateway=192.168.1.1] distance=1" down-script="/ip route set [find gateway=192.168.1.1] distance=10"
add host=1.1.1.1 timeout=2s interval=5s up-script="/ip route set [find gateway=192.168.2.1] distance=1" down-script="/ip route set [find gateway=192.168.2.1] distance=10"