Syed Jahanzaib Personal Blog to Share Knowledge !

December 6, 2013

Mikrotik Dual WAN [pppoe-client] PCC with PPPoE Server

Filed under: Mikrotik Related — Tags: , , — Syed Jahanzaib / Pinochio~:) @ 3:58 PM


I was stucked with a case (in K.S.A Tabook) regarding configuration for dual wan PCC using pppoe client as wan and pppoe serve for user end in one RB. I made this configuration last year but was unable to repeat it when it was required few days back.

I have a very short amount of brain memory , something like 16 KB only 🙂 So posting the export as a reference

Following is a short reference guide for Mikrotik base dual wan PCC (using pppoe clients) with PPPoE Server as a authentication server for local users in one Box. You can add as much wan (pppoe clients) as you like.

Make sure you change the interface name accordingly. In this example I have 3 interfaces.
ether0  (named as Local) is connected with Local LAN users.
ether  1   &   2  (named as WAN1 & WAN2) are connected with ISP WAN switch.

Also change the user name passwords in the pppoe client section, or create manually via PPP/Interfaces

PPPoE users IP pool is (internet is allowed for this series only means when the user will be connected via pppoe dialer, he will be able to use internet)


# Setting up INTERFACES names for our comfort (Zaib)

/interface ethernet
set 0 name=Local
set 1 name=WAN1
set 2 name=WAN2

### Adding PPPoE Client connections for each WAN interface, Make sure to change it or add via GUI

/interface pppoe-client

add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 dial-on-demand=no disabled=yes interface=WAN1 max-mru=1480 max-mtu=1480 mrru=disabled name=pppoe-out1 password=hahaha \
profile=default service-name="" use-peer-dns=no user=user-1
add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 dial-on-demand=no disabled=yes interface=WAN2 max-mru=1480 max-mtu=1480 mrru=disabled name=pppoe-out2 password=hahaha \
profile=default service-name="" use-peer-dns=no user=user-2

### Starting the MANGLE MAGIC : ) PCC SCRIPTING START Here (Zaib)
/ip firewall mangle

add action=accept chain=prerouting disabled=no in-interface=pppoe-out1
add action=accept chain=prerouting disabled=no in-interface=pppoe-out2

add action=mark-connection chain=prerouting disabled=no dst-address-type=!local new-connection-mark=wan1_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:2/0 src-address=
add action=mark-connection chain=prerouting disabled=no dst-address-type=!local new-connection-mark=wan2_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:2/1 src-address=

add action=mark-routing chain=prerouting connection-mark=wan1_conn disabled=no new-routing-mark=to_wan1 passthrough=yes src-address=
add action=mark-routing chain=prerouting connection-mark=wan2_conn disabled=no new-routing-mark=to_wan2 passthrough=yes src-address=

### NATTING both WAN connection for PPPoE IP Pool users only

/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface=pppoe-out1 src-address=
add action=masquerade chain=srcnat disabled=no out-interface=pppoe-out2 src-address=

### Setting Default Routes for MARKED packets for both WAN and for local router use. (zaib)

/ip route
add check-gateway=ping disabled=no distance=1 dst-address= gateway=pppoe-out1 routing-mark=to_wan1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address= gateway=pppoe-out2 routing-mark=to_wan2 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address= gateway=pppoe-out1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=2 dst-address= gateway=pppoe-out2 scope=30 target-scope=10

Some screenshots for the results.




Side Note: [had this issue at local who had DSL modems]

If you are facing difficulty in opening dsl modem page, then try following code.

/ip firewall address-list
add list=exempt-from-pcc address=
add list=exempt-from-pcc address=
#(change ips to your adsl modem ip’s)

/ip firewall mangle
add chain=prerouting dst-address-list=exempt-from-pcc action=accept

Move above mangle rule to TOP (above all other rules in mangle) .Try and let me know.

Syed Jahanzaib

ESXI 5.5 static mac address “conflicts with VMware reserved MACs”

Filed under: VMware Related — Tags: , , — Syed Jahanzaib / Pinochio~:) @ 11:36 AM



You may see above error in ESXI 5.5 after changing dynamically generated MAC address to STATIC mac address dueto application MAC bind restriction.

In new ESXI 5.5 ,  new policies have been added where the statically assigned MAC addresses can only be in the range 00:50:56:xx:xx:xx series, If you try to change it to something else and then power on the guest machine, you may see above error.

Few days before, a friend of mine upgraded his ESXI from ver 5.0 to 5.5. One of his guest application was binded with the MAC address and the new esxi 5.5 doesn’t allow to use that specific series mac address. So I googled and found following solution that worked (at least for me 😉 )

To RESOLVE this issue, follow this.

1- Enable SSH in ESXI Server Configuration

2- Turn off the target guest machine and change the mac address as per your requirements for the required interface.

3- Turn off the V-Sphere ESXI client.

3- Login to ESXI server via SSH using any ssh client like PUTTY

4- Goto your data store / guest machine folder and open the VMX file.


For example I have guest machine with ‘123‘ name. So I used following

~ # cd /vmfs/volumes/
/vmfs/volumes # ls

52a18cdd-49376389-86aa-000c29d1de32  61031d71-0233e8da-be74-f942274c16c3
52a18ce5-9d0863e6-e50b-000c29d1de32  8901537a-ad66db83-fd1f-38ac926cce01
52a18ce7-bd9d6e2a-dacf-000c29d1de32  datastore1
/vmfs/volumes #

/vmfs/volumes # cd datastore1/
/vmfs/volumes/52a18ce5-9d0863e6-e50b-000c29d1de32 # ls

/vmfs/volumes/52a18ce5-9d0863e6-e50b-000c29d1de32 # cd 123
/vmfs/volumes/52a18ce5-9d0863e6-e50b-000c29d1de32/123 # ls

123-flat.vmdk               vmware-14.log
123.nvram                     123.vmxf                      vmware-15.log
123.vmdk                      vmware-11.log                 vmware-16.log
123.vmsd                      vmware-12.log                 vmware.log
123.vmx                       vmware-13.log

As showed in the image below . . .


Now open the VMX file of the guest machine.

for example

vi 123.vmx

now press I and add this line anywhere.

ethernet0.checkMACAddress = "false"

(Change the ethernet0 to match your local ethernet number)

Now save and exit it by pressing :wq

Now start V-Sphere ESXI client and start the machine as you normally do 🙂

Congrats you are UP with new MAC address activated 😀


Following is an sample of working .vmx file for static mac address.

ethernet0.networkName = "LAN"
ethernet0.addressType = "static"
ethernet0.present = "TRUE"
ethernet0.checkMACAddress = "false"
ethernet0.address = "00:0C:29:Ha:Ha:Ho"

Syed Jahanzaib

%d bloggers like this: