Iam8up Blog

This guide is using one connection in which the IP is obtained through the dhcp-client and a second one is static. It can easily be modified for two static IPs or two dhcp-client addresses. The guide uses static route distances to determine which to use. It works for my customer but your mileage may vary.

Start by making sure you can use both interfaces to route out. You’ll need to add the static information and the dhcp-client. Simply disable the default gateway of one or the other, then vice versa to confirm you’re able to correctly use both when the other is unused. I suggest a ping test to 4.2.2.2 after route changes.

If not done already, be sure to document both public IPs. Be aware you may be able to use safe mode if you’re careful. Hit Control+X in the terminal window to enter and leave safe mode. If connectivity is lost to the router, any commands issued during safe mode are undone. You can save these commands by exiting and re-entering the terminal window as often as you wish.

Assuming you’re doing NAT make sure you do masquerade rules for both or all outgoing interfaces:

/ip firewall nat add action=masquerade chain=srcnat comment=”masquerade-lan-network” disabled=no src-address=192.168.1.0/24

Set the dhcp-client to a distance of 5 – this feature was added in 3.11:

/ip dhcp-client set etherX default-route-distance=4

Set the static default gateway to a distance of 10:

/ip route set [find dst-address=0.0.0.0/0] distance=9

Now it should look like this:

[jluthman@hisawesomecustomer] > ip route pr
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
 #      DST-ADDRESS        PREF-SRC        G GATEWAY         DISTANCE IN..
 0   S  0.0.0.0/0                          r 2.2.2.2         10       et..
 1 ADS  0.0.0.0/0                          r 1.1.1.1         5        et..
 2 ADC  10.0.0.0/24      10.0.0.1                            0        et..

Now make sure you are using the primary connection. Confirm you are on this network with a traceroute. You will now add one final static route that the netwatch tool will utilize to deterimine if the connection is down, through a ping test.

/ip route
add comment=”FORCE FOR PRIMARY CONNECTION TEST” disabled=no \
gateway=1.1.1.1 distance=1 dst-address=4.2.2.1/32

Add this netwatch script:

/tool netwatch
add host=4.2.2.1 interval=30s timeout=1s

Add this for up:

/ip route set [find distance=4] distance=10
:log error “main route is up”
/ip firewall connection remove [find]

and down:

/ip route set [find distance=10] distance=4
:log error “main route is DOWN”
/ip firewall connection remove [find]

From this point on, through your static route to 4.2.2.1 it will only use the gateway specified (that is from the primary connection). If this ping fails even once, it will perform the down section – changing the distance of your static IP route from 10 to 4, making it closer then the dhcp-client route of 5. The final command in both up and down sections erases the current connections as needed if you’re running NAT (masquerading). Note that the ping test will continue to run while on the down condition, once again through the 4.2.2.1/32 static route.

For alternative or more complicated MikroTik assistance join the mailing list or ask Butch Evans