Mikrotik Routerboard connected to ISP via Cisco 2900 Router

mikrotik cisco

I'm sorry it's a bit of a long one and I had to mask some information.

With that said, I am in a conundrum and need help. Our network guy left and I've been tasked with getting the house in order. I do have a bit of background in networking but that's well over a decade ago.

Key Details:

About 2,000 workforce mostly connected via omnidirectional & sectoral WLAN

A Cisco 2900 router and a Mikrotik RouterBoard were purchased

DIA via microwave

Connection should be ISP IDU to Cisco Router to Mikrotik RouterBoard to end-users

ISP given addresses:

IP 1xx.xx.x.162

NM 255.255.255.252

GW 1xx.xx.x.161

ISP given DNS:

xxx.xxx.xxx.1

xxx.xxx.xxx.2

Summarily, I configured the Cisco:

#GE0/0 - 1xx.xx.x.162 255.255.255.252
#GE0/1 - 192.168.xx.1 255.255.255.0

#DHCP pool 192.168.xx.0 255.255.255.0

#Default Route 1xx.xx.x.162

#dns-server xxx.xxx.xxx.1 xxx.xxx.xxx.2

#excluded 192.168.xx.241 192.168.xx.254

#GE0/0 nat outside

#GE0/1 nat inside (also source list & overloaded)

#ip route 0.0.0.0 0.0.0.0 1xx.xx.x.161

It's been a while since I did this but I believe it's ok (corrections will be appreciated if otherwise)

My challenge is Mikrotik. I've gotten a refresher and I believe setting up hotspot, profiles and users won't be an issue rather IP addressing, DHCP and NAT as there may be a double/conflict with Cisco.

So, I configured the Mikrotik:

**eth1:** 192.168.xx.1/24 (IP of Cisco GE0/1)

**eth2:** 192.168.1.0/24


**DHCP client:** eth1

Routes:

Destination 0.0.0.0/0
 
Gateway 1xx.xx.x.161 (or should I use IP of GE0/1 i.e., 192.168.xx.1?)


**NAT:**
Source 192.168.1.0/24

Destination 0.0.0.0/0, Action Masquerade

DHCP Server Using DHCP setup:

Int 2

Address 192.168.1.0/24

Gateway 192.168.1.1(IP of Mikrotik)

Address to give out (192.168.1.2, 192.168.1.254)

DNS servers (192,168.1.1, xxx.xxx.xxx.1, xxx,xxx,xxx,2)

NAT:

port-forwarding using netmap on port 80.

That's it with Mikrotik and like I said, hotspot, profiles and users won't be an issue But I really need help on the others.


Solution 1:

Until somebody actually versed in Mikrotik provides a better answer, I think you could:

  • change Mikrotik eth1 to be 192.168.xx.2/24 instead of 192.168.xx.1
  • change Mirkotik default route to: Destination 0.0.0.0/0 Gateway 192.168.xx.1 instead of ISP's .161
  • add DNAT of port 80 also to Cisco to chain to Mikrotik
  • later consider dropping SNAT from Mikrotik and instead add a route on Cisco destination 192.168.1.0/24 gateway 192.168.xx.2 (are there reasons for the SNAT to exist?)

Related

How does Apache choose which certificate to use?
Measuring network bandwidth usage
How to enable PIN login for domain-joined Windows 10 Pro via Group Policy
Monit "can't find filesystem"
Which setting is limiting my active connections (ip_conntrack)?
PXE boot with grub: root variable unset
How can I find a computer on my network that is doing mass mailings?
ISO file much smaller than extracted data
What is the maximum number of activations Microsoft allows for an OEM Windows 7 license?
Windows 7 Explorer: How to change the columns displayed for file attributes?
Pinging localhost versus pinging 127.0.0.1
External sound card not working with Windows 10