how to set up multiple networks on a mikrotik router

4/4/2014 How to set up multiple networks on a Mikrotik router | Networking For Integrators

http://networkingforintegrators.com/2013/01/how-to-run-multiple-networks-from-a-mikrotik/ 1/18

January 27, 2013 admin Mikrotik 29 Comments

Have a question? Ask or enter a search term. SEARCH

How to run multiple networksfrom a Mikrotik / Mikrotik / How to run multiple networks from a Mikrotik

5 Port Router?

Since a Mikrotik (example being a 750GL) is a true 5 port router and

not just a consumer-grade router (which is actually a router with 4 port

switch), you can set them up to run multiple networks, use multiple

ISPs for WAN failover, and more. Why you would want to do any of

these things is beyond the scope of this post, but this will show you

how to do it.

Lets take an RB750GL and have it run 4 internal networks instead of

one. Like this:

Master Port

Out of the box, the 750 is set up for ether1 to be the WAN port and

ether2, ether3, ether4, and ether5 to be your LAN port. The reason

Latest Articles

Mikrotik cable-test

Winbox for OSX

Integrators

Commonly used SSH

commands for Control4

Popular Articles

Mikrotik how to

Networking For Integrators/Basics /Mikrotik /Ubiquiti /Tips /FAQ Request new topic



these 4 ports all work together is because ether2 has all of the LAN

settings and DHCP server, then ether3, 4, and 5 are all slaves of

ether2. In Mikrotik terms, ether3, 4, and 5 have their Master Port set

to ether2. The ports are even name as such, and there is an S in the

left column showing which ports are slaves:

If we want ether3-5 to run separate networks, we need to set them to

have NO Master Port. Its important to note that the Name of the

interface will not change based on your settings. If you change ether3

from a Slave to a Master, the name will not update on its own. Its just

a name. You could call it Port 3 or Fred or I have my NAS plugged in

here. It doesnt really matter to the functionality of the router Dont

get confused by the port names when you start making changes.

Change the Master Port on ether3, 4, and 5 like this (and change the

interfaces name if you like):

When youve set up ether3-5 to have no Master Port, none of the ports

should show an S in the left column.

Like this? Donate Bitcoin

to admin at:

1B7jJzVkjHVCbSMYjxoLF

JaWqDeciqCQ7h

import a script in an .rsc

file

[Quick Steps] Hairpin

NAT

How to request a new

article or update to an

old one

Port Forwarding on

Mikrotik

Login / Register / RSS

Register

Log in

Entries RSS

Comments RSS

WordPress.org

Related Searches:



Now, for a port to run its own network, it needs a few things:

IP Address

DHCP Server

Route

IP Addresses

To give each port its own IP address, go into IP, then Addresses. Click

the +, type in the Address you want to give the port, type in the

Network you want to assign to the port, and select the port from the

Interface drop-down menu. To set up the 192.168.3.xyz subnet on

ether3, it would look like this:

When all 4 subnets are set up, your Address List screen should look

similar to this (ether3, 4, and 5 are in italics because there is nothing

plugged into them):

DHCP Servers & IP Pools

Wireless LAN

VPN Client Software

Setting Up A Wireless

Network

Cisco VPN Client

VPN Solutions

Wireless Network

Security

Wireless LAN Security

?



Next is to set up a DHCP server for each port. Its the same concept as

changing the default DHCP range, but youre just adding additional

DHCP servers and IP Pools for your network to use.

First set up the additional IP Pools youre going to use for each server.

Youll want to do this first so that when youre setting up the new DHCP

Server you can just select the new IP Pool from the drop-down instead

of having to close it, go back and create the new Pool, then go back to

creating the new DHCP server.

Go to IP / Pool and click the +. Name the Pool whatever you want (like

pool1 for the .1 subnet, pool2 for the .2 subnet, or whatever you find

easy to remember). Then enter the Addresses as the DHCP range you

want to use for that port so for the .3 subnet you may want

something like 192.168.3.50-192.168.3.100.

Do this for each port and your Pool screen should look something like

this (I have a VPN pool set up as well, and my default-dhcp was already

set up and I didnt want to change it just for these screenshots):

At this point those IP Pools arent being used by anything. You have to

set up new DHCP Servers to use them.



Go to IP / DHCP Server / DHCP and click the +. Name the new server

whatever you like, set the Interface to the port you want to have use

this server, and set the Address Pool you want this Server to draw

from. In other words

Do this for each port and your DHCP Server screen should look

something like this:

Next you have to set up your DHCP Networks, so that each DHCP Client

will receive the correct DHCP information like what its Gateway and

DNS servers are. For example:



After you do this for all 3 new DHCP servers (not counting the one that

was already set up on ether2), your DHCP Server / Networks screen

should look like this:

At this point, if you plug your laptop into ether3, it will grab an IP

address in the 192.168.3.xyz range. If you unplug it and plug it into

ether5, it will grab an IP address in the 192.168.5.xyz range.

Routes

Last step, which isnt really a step but you need to know about it, is

what Routes are set up for these new networks youve set up. Look at

this screenshot.

I did NOT enter any of these myself. The D in the left column means

that each Route was added Dynamically. When you set the IP

Addresses for each port, as soon as you added a new Address, the

router added a dynamically created Route for that network for you. In

this simple scenario you just need to be aware of this, you dont need

to do anything with it. Note the screenshot shows unreachable on the



ports that dont have anything plugged into them.

You now have 4 LAN networks running on your Mikrotik. Since they are

all on different subnets, you will not get any broadcast traffic between

them. You can, however, reach from one subnet to another by going to

a specific IP. For example, with Control4, when you open their

programming software it picks up a broadcast that the Control4

processor sends out. If you are on a different subnet you will not see it

and the processor will never populate in the software. But, you can

manually add the IP address of the processor and it will work fine, even

if its on a different subnet. (this isnt a suggestion of how to do it, just

an example). Same goes for things like Airplay and other streaming

protocols. Many of them rely on broadcasting to tell everyone that

they are there and waiting for you to send them a music stream. This

can get rather complicated when you start trying to segment off

different parts of your networks.

This post isnt about WHY you would segment everything, just how you

could do it. :)

Last updated: August 27, 2013 at 18:01 pm



Share this:

Related Posts

Zemanta

Mikrotik + Fios

router

My First MikroTik DHCP

Reservations

[Quick Steps]

Hairpin NAT

Hairpin NAT or

how to use your

DynDNS address

internally or

externally

Facebook 13 Google Twitter 1 Email

YJNews

Bar customers freak

out after drunk man...

YJNews

Monkey steals camera

from tourist and...

YJNews

Doctors find 42 pearls

in mans...

YJNews

New pizza will stay

fresh for three ...

Man puts girlfriend up

for sale on ebay...

University student

faces charges for...

Toddlers adorable

reaction when...

Voc talvez goste de ler:



Mikrotik cable-test Winbox for OSX

[Quick Steps] Hairpin NAT Mikrotik + Fios router

Mikrotik how to import a script

in an .rsc file

Hairpin NAT or how to use your

DynDNS address internally or

externally

Reply

Related Articles

Comments

HZ

March 19, 2013 at 10:33 am

Hi, i just do it exactly as you presented here, DHCP is Ok, i

get the IP, but there is no internet connection on the

networks.

Where did i messed up?

YJNews YJNews YJNews

YJNews

Woman burned after

toilet explodes

inside...

ReplyAndrew

May 31, 2013 at 6:04 am

Im having the same issue. Not sure what Ive done

wrong!

My config:

ether1 = gateway

ether2 = lan

ether3 = wifi



ether 2 gets net just fine, ether 3 gets no net but

dhcp is running right etc.

Not sure if this is a routing issue?

NAT issue?

Please help

Replyadmin Article Author

May 31, 2013 at 9:12 am

First, check in IP / Routes and make sure

there is a route showing for each network

you have set up. There should be one for

0.0.0.0, one for the subnet you have on

ether2, and one for the subnet on ether3.

ReplyAndrew

June 3, 2013 at 4:59 am

Thanks for the response.

All the routes seem to exist. Ive

attempted to recreate the DHCP

server on ether 3 etc just to make

sure I feel as though I am

understanding everything

correctly.

It seems that there is intermittant

traffic through my WIFI ap

connected on ether 3. Im not

sure why that is happening. It

seems like net access is there,

then it isnt, then there, then not

etc. It seems as well that there is

constant Rx on the interface but

no Tx

Could you help me out further?

Appreciate it!

David

October 14, 2013 at 6:32 am



Reply

Reply

Jason

March 27, 2013 at 10:03 am

Is there really a difference between this and a basic VLAN?

Does this route offer traffic segmentation so a network

doesnt get bogged down but still allow communication

between them?

Greg

April 7, 2013 at 1:06 pm

So If I wanted to set up a Static IP for ONE particular

computer that may move from ONE network to another, all

I would do is set a Lease for EACH subnet Id pick the IP

that I would like for THAT machine on each subnet, and

instead of selecting ALL for the server when setting up the

lease, Id select the DHCP Server (that has been assigned to

that port ) and is handling that internal network .

Is that correct?

Also, if I wanted to make sure that traffic could NOT travel

from one internal network to another, how would one set

up the firewall rule?

Lastly, Id love to see how youd set up bandwidth

tracking/throttling on a per IP or MAC basis and if

possible how youd use it with THIS configuration.

These articles are the best explanation of how to use the

MikroTik routers adn Winbox I have come across. I find the

MicroTik site to be utterly useless when it comes to using

Winbox as they do everything in Terminal. They really need

to get a grip on that!

Please the NAT under

firewall.Thats what he

forgot to

include.Otherwise the

rest is ok


May 13, 2013 at 8:51 pm



Reply

Reply

Eric

April 24, 2013 at 10:18 pm

Nice article. How different is it to program 2 different WAN

ports not for load balancing but for specific applications?

WAN 1 = general Internet use, WAN 2 = VoIP only. When I

do it, the 2nd WAN port does not work.

Thanks

bbbbb

June 3, 2013 at 8:12 pm

So with a firewall rule someone can isolate the traffic ? If i

connect to port 1 the wan a cable from my modem router

is it going to work ? or it is double nat ?

Well you can click the little triangle next to

Server: in the DHCP Lease window and it will

assign your IP based on one of those servers

so if you had a different DHCP server assigned to

different ports, then I would think it would see that

MAC address show up on port X so it would pull an

IP from DHCP server X. Might work. I might have

to test that out, but I cant really see how I would

use it in the real world.

To block traffic in the firewall, you would want to

set up a drop rule. For example you can say for

any traffic coming from 192.168.123.0 that is

destined for 192.168.234.0, DROP it. You can also

do it by address lists, depending on your situation.

Bandwidth throttling/queues are on the list for

some future posts..


May 13, 2013 at 8:38 pm

Unfortunately I havent had any first hand

experience with dual WAN setup, and nowhere to

test it out I do know dual WAN with failover can

work well on Mikrotik, so I would assume there

would be a way to do what you are looking for



Reply

Reply

Talha Ahmad

July 2, 2013 at 3:16 am

Hi,

I am facing problem with my RB 750 GL. I am using 3

connection with my router. Two connection are PTCL and

one connection is Worlcall. Due to fail of power failure the

world call goes down after every hour. When world call is

down. My RB 750 not working properly. I got noting from

the RB 750 for five or ten minutes. After then ten mins my

RB start working properly. Can you please guide me in this

matter

Rio

September 3, 2013 at 2:54 am

ive used same rb 750 gl, and 3 different network..

WAN

|

eth0 eth1 eth2 eth3 eth4

LAN| SlaveLAN |Hotspot AP

eth1 & eth2 >> poolA 192.168.10.25-254, eth2: static

linux/server 192.168.10.111

eth4 >> poolB 192.168.20.25-254

ReplyRadek

November 29, 2013 at 3:56 pm

If you have only cable modem, modem probably

does not NAT. If your modem is also router and

router is switched on, you have double NAT.


July 28, 2013 at 5:59 pm

Unfortunately I havent gotten a chance to test any

multiple-WAN scenarios, but give this page a read

and see if it helps at all

http://wiki.mikrotik.com/wiki/Advanced_Routing_Failover_without_Scripting



Reply

both pool, had been successfully setup as hotspot.

But, the problem is, how can I make a client on poolA IP

(Access Point) can discover another client computers

(shared folder on network) resources on poolB (local) and

vice versa. and also note, that icmp service either direct

network explore \\ip_address between them is work fine.

thx for your help..

Andy

September 16, 2013 at 7:38 pm

Hi,

I have a little problem.

I tried doing that on my router.

Configuration is simple, DHCP on eth2 subnet

192.168.141.0/24 with address 192.168.141.254 and

gateway 192.168.141.254 and DHCP on eth3 subnet

192.168.142.0/24 with address 192.168.142.254 and

gateway 192.168.142.254

Starting from here, everything is working fine, i get one

dhcp on one interface, and the other dhcp on the other

interface.

My problem ? if i m on a computer on the 141 network, i

cant ping one that is on the 142 ?

I got no firewall rules set so if i m right, its full accept by

defaut ?

Anyone could help me with that please?

Thanks a lot!


October 15, 2013 at 6:31 pm

Having them on different subnets means that the

broadcasts arent going to travel between them

you can access the other machines, but the

broadcasts arent transmitted.

You may want to try just giving the poolB a range

in the same subnet (192.168.10.xxx) if you can.



Reply

Reply

Reply

Dave

November 4, 2013 at 3:03 am

All worked well but cant for the life of me find Routes List

on the RB750.

Am now looking at trying to Bridge to of the lans.

Dave


Found Routes List under IP

Still working on joining two lans, ports 3&4.

DAMIEN


I have a mikrotik V5.12, how is the configuration to get the

internet comes from the modem iDirect onto the switch

Reply

Reply

admin Article Author

October 15, 2013 at 6:28 pm

Ive had a couple issues with this as well but have

been busy and havent tracked down whats going

on. On others its fine. Its on routers that are

already set up and dont need the 2nd subnet, its

usually just me testing something and I just do

without. I need to take a stock 750GL and retry

everything one step at a time

Radek

November 29, 2013 at 4:15 pm

Andy, what is your main requirement connect

networks 141.x to 142.x or divide them?



Reply

Reply

Reply

Gendra

December 1, 2013 at 8:20 am

I have exact same network scenario. so, how can I configure

the port forwarding for my DVR in exact same network

scenario?

diako

December 20, 2013 at 7:59 am

IF you want to connect to the internet than you need to set

up Nat, so all your private ip address are translated to a 1

public ip address.

Eric

February 7, 2014 at 3:38 pm

Hi,

Thank you for this smart manual. I want to discover and

ping from subnet A to subnet B, but from subnet B to

subnet A not. Is this possible? If yes, how? Thanks


December 23, 2013 at 5:10 pm

The default configuration works out of the box for

internet access without doing any manual setup.

What model routerboard is it?


December 23, 2013 at 5:11 pm

Good point, I need to revisit that.



You should be able to do this in firewall rules,



ReplyEric


Hi,

I have RB751 and I want to make ether1 to ether5 and

wlan1 in Bridge mode and wlan2 in Router mode (another

subnet). Ether1 is connected to previous router where is

working DHCP server for this ether1 to ether5 and wlan1.

Any idea? Thanks

Leave a Reply

Your email address will not be published. Required fields are marked

Name

Email

Website

You may use these HTML tags and attributes:

Post Comment

Notify me of followup comments via e-mail

might have to get creative though. You can tell it to

not allow traffic from subnet a to subnet b, for

example, but you may find some issues with

replies from one subnet to the other.

*

*

*



Notify me of new posts by email.

Subscribe without commenting

E-Mail: Subscribe

Copyright, A Swish Theme

how to set up multiple networks on a mikrotik router

Documents

mikrotik mikrotik

port router andnot

mikrotik5 port router

port names

lan port

mikrotik router networking

wan port andether2

master port setto ether2