Jump to content

This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

Router - RouterOS and Routerboard: Difference between revisions

← Older edit
Content deleted Content added
Hendry (talk | contribs)
2 edits
QoS tip
AA-Andrew (talk | contribs)
autoreview, Bureaucrats, editor, Interface administrators, reviewer, Administrators
12,652 edits
mNo edit summary
 
(9 intermediate revisions by 6 users not shown)
Line 1: Line 1:
*Also see: [[Router - RouterOS and Routerboard bonding]]
*Also see: [[Router - RouterOS and Routerboard bonding]]
*[irc://irc.z.je/routerboard irc://irc.z.je/routerboard] - which is hosted on the same irc server that AAISP use and contains (among others) lots of AAISP customers using Mikrotik
*[irc://irc.snoonet.net/routerboard irc.snoonet.net/routerboard] - which is hosted on the Snoonet IRC server and contains users of Mikrotik. You might also find some users in the main A&A [[IRC]] server.


= Overview =
= Overview =

'''As of 2024, this page is rather old now, so be wary.'''


*Page created by Nicholas Barnes - [http://www.vitell.co.uk/ Vitell] - [http://www.vitell.co.uk/ RouterOS Consultants].
*Page created by Nicholas Barnes - [http://www.vitell.co.uk/ Vitell] - [http://www.vitell.co.uk/ RouterOS Consultants].
Line 10: Line 12:
Here we will build a basic configuration for RouterOS/Routerboard. The examples are relevant for ADSL (Be and BT) as well as FTTC/FTTP through AAISP.
Here we will build a basic configuration for RouterOS/Routerboard. The examples are relevant for ADSL (Be and BT) as well as FTTC/FTTP through AAISP.


With the exception of IPv6, the examples shown should work on any stable release. IPv6 requires versions prior to and including 3.17 or version 5.0rc7 onwards.
With the exception of IPv6, the examples shown should work on any stable release. IPv6 requires versions prior to or including 3.17 or version 5.0rc7 onwards.


We have an AAISP ADSL line with the following details:
We have an AAISP ADSL line with the following details:
Line 19: Line 21:
*Routed IPv6 block = 2001:DB8::/48 (we will allocate 2001:DB8::/64 to the router)
*Routed IPv6 block = 2001:DB8::/48 (we will allocate 2001:DB8::/64 to the router)


Note that the IPv4 block 192.0.2.0/24 and the IPv6 block 2001:DB8::/32 are special blocks reserved for documentation (rfc5737 and rfc3849). Also note that A&A supply a /48 block of IPv6s by default and this example will only use the first /64 in this block.
Note that the IPv4 block 192.0.2.0/24 and the IPv6 block 2001:DB8::/32 are special blocks reserved for documentation (RFC5737 and RFC3849). Also note that A&A supplies a /48 block of IPv6 addresses by default and this example will only use the first /64 in this block.


= Default Config =
= Default Configuration =


This example assumes that the router is at its default configuration with any example/demo/supplied settings removed. Further, it is assumed that your WAN (ADSL/VDSL/whatever modem) is plugged into interface 'ether1' and LAN into 'ether2'.
This example assumes that the router is at its default configuration with any example/demo/supplied settings removed. Furthermore, it is assumed that your WAN (ADSL/VDSL/whatever modem) is plugged into interface 'ether1' and LAN into 'ether2'. The following snippet changes the default interface names so that the examples below won't depend as closely on your hardware setup.

<pre>
/interface ethernet
set [ find default-name=ether1 ] name=uplink-wan
set [ find default-name=ether2 ] name=lan
</pre>


= Configuring Initial Basic Settings =
= Configuring Initial Basic Settings =
Line 51: Line 59:
broadcast=192.0.2.15 \
broadcast=192.0.2.15 \
disabled=no \
disabled=no \
interface=ether2 \
interface=lan \
network=192.0.2.0
network=192.0.2.0
/ipv6 address add \
/ipv6 address add \
Line 58: Line 66:
disabled=no \
disabled=no \
eui-64=no \
eui-64=no \
interface=ether2</pre>
interface=lan
</pre>

Set basic firewalling (all out, none in!)
Set basic firewalling (all out, none in!)
<pre>/ip firewall filter
<pre>/ip firewall filter
add action=accept chain=forward comment="LAN traffic can go anywhere" disabled=no in-interface=ether2
add action=accept chain=forward comment="LAN traffic can go anywhere" disabled=no in-interface=lan
add action=accept chain=forward comment="Established traffic" connection-state=established disabled=no
add action=accept chain=forward comment="Established traffic" connection-state=established disabled=no
add action=accept chain=forward comment="Related traffic" connection-state=related disabled=no
add action=accept chain=forward comment="Related traffic" connection-state=related disabled=no
Line 67: Line 77:
add action=drop chain=forward comment="Drop the rest" disabled=no
add action=drop chain=forward comment="Drop the rest" disabled=no
add action=accept chain=output disabled=no
add action=accept chain=output disabled=no
add action=accept chain=input comment="LAN traffic can go anywhere" disabled=no in-interface=ether2
add action=accept chain=input comment="LAN traffic can go anywhere" disabled=no in-interface=lan
add action=accept chain=input comment="Established traffic" connection-state=established disabled=no
add action=accept chain=input comment="Established traffic" connection-state=established disabled=no
add action=accept chain=input comment="Related traffic" connection-state=related disabled=no
add action=accept chain=input comment="Related traffic" connection-state=related disabled=no
Line 74: Line 84:


/ipv6 firewall filter
/ipv6 firewall filter
add action=accept chain=forward comment="LAN traffic can go anywhere" disabled=no in-interface=ether2
add action=accept chain=forward comment="LAN traffic can go anywhere" disabled=no in-interface=lan
add action=accept chain=forward comment="Established traffic" connection-state=established disabled=no
add action=accept chain=forward comment="Established traffic" connection-state=established disabled=no
add action=accept chain=forward comment="Related traffic" connection-state=related disabled=no
add action=accept chain=forward comment="Related traffic" connection-state=related disabled=no
Line 80: Line 90:
add action=drop chain=forward comment="Drop the rest" disabled=no
add action=drop chain=forward comment="Drop the rest" disabled=no
add action=accept chain=output disabled=no
add action=accept chain=output disabled=no
add action=accept chain=input comment="LAN traffic can go anywhere" disabled=no in-interface=ether2
add action=accept chain=input comment="LAN traffic can go anywhere" disabled=no in-interface=lan
add action=accept chain=input comment="Established traffic" connection-state=established disabled=no
add action=accept chain=input comment="Established traffic" connection-state=established disabled=no
add action=accept chain=input comment="Related traffic" connection-state=related disabled=no
add action=accept chain=input comment="Related traffic" connection-state=related disabled=no
Line 102: Line 112:
dial-on-demand=no \
dial-on-demand=no \
disabled=no \
disabled=no \
interface=ether1 \
interface=uplink-wan \
max-mru=1492 \
max-mru=1492 \
max-mtu=1492 \
max-mtu=1492 \
Line 145: Line 155:
disabled=no \
disabled=no \
hop-limit=64 \
hop-limit=64 \
interface=ether2 \
interface=lan \
managed-address-configuration=no \
managed-address-configuration=no \
mtu=1492 \
mtu=1492 \
Line 162: Line 172:
= Next Steps, Bonding a Second, or multiple Lines =
= Next Steps, Bonding a Second, or multiple Lines =


See: [[Router - RouterOS and Routerboard bonding]]
See: [[Router_-_RouterOS_and_Routerboard_bonding]]
or, the original at: [[http://0hq.net/RB/ros.txt]] for hints
or, the original at: [http://0hq.net/RB/ros.txt] for hints


= QoS =
= QoS =
Line 171: Line 181:
<pre>
<pre>
/queue tree add max-limit=YOUR_UPLOAD_SPEED name=Upload parent=AAISP queue=default
/queue tree add max-limit=YOUR_UPLOAD_SPEED name=Upload parent=AAISP queue=default
</pre>

To determine YOUR_UPLOAD_SPEED, you could query your line details, like so:

<pre>
curl -s -H "Content-Type: application/json" -X POST \
-d '{"control_login": "YOUR_LOGIN@a","control_password":"CONTROL_PASSWORD", "service": "YOUR_NUMBER"}' https://chaos2.aa.net.uk/broadband/info |
jq .info[].rx_rate
</pre>
</pre>


Line 182: Line 200:
<pre>/ipv6 address
<pre>/ipv6 address
add address=2001:8b0:XXX::1/64 advertise=yes comment="advertise on lan" disabled=no eui-64=no \
add address=2001:8b0:XXX::1/64 advertise=yes comment="advertise on lan" disabled=no eui-64=no \
interface=ether2
interface=lan
</pre>
</pre>


Line 210: Line 228:
Once all these changes have been made and the LCPFix option is enabled, the PPPoE connection should be restarted.
Once all these changes have been made and the LCPFix option is enabled, the PPPoE connection should be restarted.


= WebFig and PPPoE =

Configuration via WebFig is possible, though this does not always do what it looks like it will do. Specifically, if you do not specify 'Keepalive timeout' on the PPPoE client it does *not* default to the default value of 10 seconds, but actually creates a config including 'keepalive-timeout=disabled' which disables keepalive LCP probes altogether, and consequently if the PPPoE goes or the line loses sync the router will not restart PPPoE and the line will just stay down.


Note: This is being documented for the benefit of anyone else who experiences this and spends as long as I have trying to fix it. This may be the wrong place for this information so please do move it if needed (and/or delete this comment!).


[[Category:3rd Party Routers|RouterOS]]
[[Category:3rd Party Routers|RouterOS]]
Retrieved from "http://support.aa.net.uk/Router_-_RouterOS_and_Routerboard"