×

Mikrotik 2 WAN LOADBALANCE With Failour or Isolation

  • Home
  • Blog
  • Mikrotik 2 WAN LOADBALANCE With Failour or Isolation
Mikrotik 2 WAN LOADBALANCE With Failour or Isolation

Hướng dẫn cấu hình Load Blancing 2 WAN hoặc nhiều WAN trên Router Mikrotik | MikroTIK Việt Nam
We are going to create a MikroTik script that does the following:
1. Configures two WAN interfaces (wan1 and wan2) with the given IP addresses.
2. Configures the LAN interface with the given network (172.168.50.0/22). We'll assign an IP to the LAN interface, for example 172.168.50.1/22.
3. Sets up load balancing using PCC (Per Connection Classifier) for two WANs.
4. Configures NAT masquerade for both WANs.
5. Sets up a HotSpot service on the LAN.
6. Sets up a PPPoE server on the LAN.
Note: We assume that the WAN interfaces are named "wan1" and "wan2", and the LAN interface is named "lan".
Steps for Load Balancing:
- Mark connections from the LAN and routing marks for each WAN.
- Use PCC to split traffic into two streams (one for each WAN).
- Set up NAT for each WAN.
Steps for HotSpot:
- Configure the HotSpot server on the LAN interface.
- We'll set a default profile and user for testing.
Steps for PPPoE:
- Configure the PPPoE server on the LAN interface.
- Set up an IP pool for PPPoE clients.
- Configure a local profile for PPPoE.
Let's break down the script accordingly.

Here's a MikroTik script that configures load balancing, HotSpot, and PPPoE services according to your requirements:

routeros
# ========================
# BASIC CONFIGURATION
# ========================
/interface list
add name=WAN
add name=LAN

/interface ethernet
set [ find default-name=ether1 ] name=wan1
set [ find default-name=ether2 ] name=wan2
set [ find default-name=ether3 ] name=lan-master
set [ find default-name=ether4 ] name=lan-slave
set [ find default-name=ether5 ] name=lan-slave2

/interface bridge
add name=lan-bridge ports=lan-master,lan-slave,lan-slave2

/interface list member
add interface=wan1 list=WAN
add interface=wan2 list=WAN
add interface=lan-bridge list=LAN

/ip address
add address=192.168.10.12/24 interface=wan1 network=192.168.10.0
add address=172.168.20.12/24 interface=wan2 network=172.168.20.0
add address=172.168.50.1/22 interface=lan-bridge network=172.168.48.0

/ip dns
set servers=8.8.8.8,1.1.1.1

/ip route
add distance=1 gateway=192.168.10.1
add distance=1 gateway=172.168.20.1

# ========================
# LOAD BALANCING (PCC)
# ========================
/ip firewall mangle
add action=mark-connection chain=prerouting connection-state=new \
    in-interface=lan-bridge new-connection-mark=WAN1_conn per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting connection-state=new \
    in-interface=lan-bridge new-connection-mark=WAN2_conn per-connection-classifier=both-addresses:2/1
add action=mark-routing chain=output connection-mark=WAN1_conn new-routing-mark=to_WAN1
add action=mark-routing chain=output connection-mark=WAN2_conn new-routing-mark=to_WAN2
add action=mark-routing chain=prerouting connection-mark=WAN1_conn in-interface=lan-bridge new-routing-mark=to_WAN1
add action=mark-routing chain=prerouting connection-mark=WAN2_conn in-interface=lan-bridge new-routing-mark=to_WAN2

/ip route
add distance=1 gateway=192.168.10.1 routing-mark=to_WAN1
add distance=1 gateway=172.168.20.1 routing-mark=to_WAN2
add distance=1 gateway=192.168.10.1
add distance=1 gateway=172.168.20.1

/ip firewall nat
add action=masquerade chain=srcnat out-interface=wan1
add action=masquerade chain=srcnat out-interface=wan2

# ========================
# HOTSPOT CONFIGURATION
# ========================
/ip pool
add name=hotspot-pool ranges=172.168.50.100-172.168.50.200

/ip hotspot profile
set [ find default=yes ] dns-name=hotspot.local
add name=hs-profile dns-name=hotspot.local

/ip hotspot
add address-pool=hotspot-pool disabled=no interface=lan-bridge name=hs1 \
    profile=hs-profile

/ip hotspot user
add name=user1 password=12345678

# ========================
# PPPoE SERVER CONFIGURATION
# ========================
/interface pppoe-server server
add authentication=pap,chap,mschap1,mschap2 default-profile=pppoe-profile \
    disabled=no interface=lan-bridge service-name=PPPoE-Server

/ip pool
add name=pppoe-pool ranges=172.168.51.100-172.168.51.200

/ppp profile
add name=pppoe-profile local-address=172.168.50.1 remote-address=pppoe-pool

/ppp secret
add name=pppoe-user password=securepassword profile=pppoe-profile service=pppoe

# ========================
# FIREWALL RULES
# ========================
/ip firewall filter
add action=accept chain=input comment="Allow Established" connection-state=established,related
add action=drop chain=input comment="Block Invalid" connection-state=invalid
add action=accept chain=input comment="Allow ICMP" protocol=icmp
add action=accept chain=input comment="Allow LAN" in-interface=lan-bridge
add action=drop chain=input comment="Block WAN" in-interface-list=WAN

# ========================
# FINAL SYSTEM CONFIG
# ========================
/system identity
set name=NikhilTech

/system clock
set time-zone-name=Asia/Kolkata

/user
set admin password=strongpassword

Important Notes:

  1. Interface Configuration:

    • Assumes 5 ethernet ports (adjust if different)

    • wan1 and wan2 for WAN connections

    • Bridge lan-bridge combines multiple ports for LAN

  2. Load Balancing:

    • Uses PCC (Per Connection Classifier)

    • Balances based on source+destination addresses

    • Separate routes and NAT for each WAN

  3. HotSpot:

    • Enabled on LAN bridge

    • IP pool: 172.168.50.100-200

    • Test user: user1/12345678

    • Accessible via hotspot.local

  4. PPPoE Server:

    • Service name: "PPPoE-Server"

    • IP pool: 172.168.51.100-200

    • Test user: pppoe-user/securepassword

    • Uses PAP/CHAP/MSCHAP authentication

  5. Security:

    • Basic firewall rules included

    • WAN interfaces blocked for incoming connections

    • Change default passwords (admin, PPPoE, HotSpot)

Before Implementation:

  1. Verify physical interface names

  2. Replace gateway addresses (192.168.10.1 & 172.168.20.1) with actual ISP gateways

  3. Change all default passwords

  4. Adjust IP pools according to your needs

  5. Test during maintenance window

To implement:

  1. Paste in Winbox/Terminal

  2. Reboot router

  3. Test connectivity:

    bash
    ping 8.8.8.8
ping google.com

  4. Test HotSpot authentication

  5. Test PPPoE connection from client

For PPPoE client connection use:

  • Username: pppoe-user

  • Password: securepassword

  • Service: PPPoE-Server

Related Post

MIKROTIK STATIC ROUTING GAMES SCRIPT GENERATOR

MIKROTIK LB PCC / LOAD BALANCING PCC SCRIPT GENERATOR FOR ROUTEROS

Speedtest Regexp Layer-7 - Mikrotik Script RouterOS

Complete All Speedtest IP Address List - Mikrotik Script RouterOS

Domain List for Speedtest - Mikrotik Script RouterOS

Blog Categories

Related Posts

×

Notice!!

All Quantic user are requested to use our hybrid cloud drive for you project and Data base . We had added new module of cronjob to schedule and optimise your backup .