What's new

/31 Mikrotik help

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

delid4ve

Occasional Visitor
Following on from this post we now have up and running our fibre connection. Currently connecting through our existing Asus RTn66u and working perfectly.

So other business's are now approaching me as they want in on the connection so ive taken the plunge and bought the RB1100ahx2 routerboard. EEK!

connected up, can setup my lan etc etc. For the life of me though i cannot get the WAN connected!

We have been given by our ISP a /31 address (will be expanding this eventually but need to get to grips first).

So the quick setup on the RB doesnt allow a /31 mask? my little ASUS does this fine.
Looking for some help here please, had a search around but cant find anything concrete.

so the way i thought to set it was:
ISP supplied:
ip: 1.2.3.4
gw: 1.2.3.5
mask: 255.255.255.254

local:
192.168.0.0/24
ip 192.168.0.254

Routes:
0.0.0.0 <-- 1.2.3.4 scope 30 tscope 10
1.2.3.4/31 <-- ether1 scope 10 tscope 10 psource 1.2.3.4
192.168.0.0/24 <-- ether2 scope 10 tscope 10 psource 192.168.0.254

Addresses
address 1.2.3.4 network 1.2.3.4 int ether1
address 192.168.0.254/24 network 192.168.0.0

But it dont work. A: am i setting this up right and B: is this actually going to work with a /31 static IP for the WAN.

Please help :)
Thanks in advance
 
you can use a 31 mask, shouldnt be an issue. You can even use a 0 mask if you wanted with routerOS as well.

Your WAN will need 3 routes.
dst 0.0.0.0/0 distance 1 (at least) no preferred source but gateway should be 1.2.3.5
dst 1.2.3.5 distance 0 preferred source should be 1.2.3.4
dst 192.168.0.0./24 distance 0 preferred source should be 192.168.0.254

Your 1st and 2nd entry are wrong.

note how i did not include the subnet in the 2nd entry, this is because it is a point to point network and not a network of many PCs to talk to. Your 1st entry should be the gateway as a source as thats where your traffic has to go through to get to network 0.0.0.0/0 (which means every IP). Since its every IP it needs to have a greater distance.

If the /31 has a few IP address you can change the route like this
dst 1.2.3.4/31 (assuming thats the detail the ISP gave), gateway 1.2.3.4 pref source 1.2.3.4 distance 0

Its easy for configuration to be complicated even i cant instantly give a solution here. Its easier to sit back and try to draw/figure out some logic as thats what helps me configure routerOS. Trying to visualise the flow of traffic (in the networking sense of numbers not physical) and drawing out your network. In routerOS many things can happen that you cant do on other routers like having 2 interfaces with the same IP address.
 
Last edited:
So, just changed like you advised, the gateway is now reachable
DNS not working though


Sent from my iPhone using Tapatalk
 
So, just changed like you advised, the gateway is now reachable
DNS not working though


Sent from my iPhone using Tapatalk
Did you enable the allow remote requests in DNS? Did you add a DNS server as well?

You will also need to secure your router as well. Use a combination of layer 2 and layer 3 firewall rules to secure the WAN side. You whitelist your DNS and NTP by being specific and blocking the rest on input. You should also do the same with output as well.
 
Got it, swapped the gateway and IP around from what you said above and its up and running ;)
Onto the next step
 
Did you enable the allow remote requests in DNS? Did you add a DNS server as well?

You will also need to secure your router as well. Use a combination of layer 2 and layer 3 firewall rules to secure the WAN side. You whitelist your DNS and NTP by being specific and blocking the rest on input. You should also do the same with output as well.

So i have now setup a couple of networks:
192.168.0.0 eth2 (my office subnet)
192.168.1.0 eth3 (test 1)
192.168.2.0 eth4 (test 2)

Under IP - DNS this is set to my ISP supplied DNS servers
I have setup a dhcp server for each of the subnets
For testing i have put my ASUS router into Access point only mode and connected it to my 2nd local subnet. To this i have connected to the wireless my iPhone.

I seem to be having an issue with the DNS which i cannot get my head around.
These are the connection details my iPhone receives:
IP: 192.168.1.253
Mask: 255.255.255.0
Router: 192.168.1.254 (the mikrotik)
DNS: 192.168.0.254 (the mikrotik but on the wrong subnet)

Is this how it should be? im assuming the DNS server of the mikrotik will only run on 1 interface and there is no way to set up separate DNS servers?

Apologies for my naivety.
Thanks

EDIT:
Ignore me - for some reason my iphone wouldnt release the DNS from the existing setup and i had to manually remove it. Its working ok.
 
Last edited:
Hi all

so ive just had my additional ip address added and i dont quite know how this is meant to be set up.

At present i have my /31 setup, its working as per the above. Now the new details they've given me:

Interconnect: my original /31 network (xx.xx.xx.78/31)
Routed networks:
xx.xx.xx.xxx/30 (xx.xx.xx.153 - xx.xx.xx.154 usable)
xx.xx.xx.xx/28 (xx.xx.xx.49 - xx.xx.xx.62 usable)

So my understanding here is that they have given me 11 new ip address's that i can use (15 minus the gateways,network and broadcasts)
The bit im not sure of is how to route this taking into account the /31 that is still present.
 
you use it the same way. If you are giving the address to your clients than add the address to your DHCP pool and make sure that routing is set up.

Essentially it should appear like this - ISP---RB1100AHx2---routers as now they no longer have to rely on you giving out LAN addresses so they can manage their own network.

If you still wish to control LAN than you assign the ip addresses to your interfaces which you run a dhcp server on each to give out LAN addresses instead.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top