Syed Jahanzaib Personal Blog to Share Knowledge !

October 19, 2017

Prevent Mikrotik from Chocking with Cisco Inter-Vlan Routing

Filed under: Cisco Related, Mikrotik Related — Tags: , , — Syed Jahanzaib / Pinochio~:) @ 4:50 PM

overload

Disclaimer:
I donot have professional level expertise with the mikrotik & specially Cisco. It’s just personnel R&D that sometimes leads me to a working solution. After posting on the internet, I got some clues & Alhamdoillah it worked !


Scenario: [example]

OP have mini ISP setup. Different areas are connected with Cisco 3750 switch where Vlan(s) for each port is configured. Trunk port is connected with Mikrotik Routerboard where vlan interfaces are configured accordingly. DHCP for each VLAN is configured on the Mikrotik RB which provides different subnet to each vlan with default gateway pointing to each VLAN IP.

PPPoE Server is configured on the RB to facilitate ppp dialing for each vlan. As per policy, user must dial pppoe dialer to connect with the mikrotik PPP server in order to access internet.


Problem:

OP have few media sharing server located on Vlan No 3. When user starts downloading heavy media files from the Vlan No 3, all of his traffic routes via Mikrotik Router which creates load on router.


Solution # 1: [that worked partially]

After some R&D, I implemented following

  • Moved DHCP role to Cisco
  • Setup intervlan routing. enabled ip routing
  • Added default gateway in DHCP options pointing to Cisco local vlan ip respectively

This partially solves the problem. When user join the LAN, he gets IP address from the Cisco dhcp with default gateway to its respective vlan IP. all goes well , communication was happening fine with in vlan without touching the Mikrotik. But as soon as users dial the PPPOE dialer, his traffic starts routing via Mikrotik . after some troubleshooting it appears that when user dials pppoe dialer, his routes changes and ppp gets preference over other routes which force all traffic to go via RB.

As showed in the image below …

Load on Trunk Port when ppp user download from vlan no 3

 

routes and ipconfig of client before dhcp option


Solution # 2: [worked 100% as required]

In Cisco Switch DHCP settings for each vlan, Remove Default Gateway,  and add static routes for the sharing media servers subnet via using DHCP classless static routes option

Sounds fair enough :~)


Working Example Config for Cisco Switch 3750

# Cisco Switch Part

[Model: ws-c3750e-24pd / Version 15.0(2)SE10a ]


!
system mtu routing 1500
ip routing
!
ip dhcp pool vlan2
network 192.168.2.0 255.255.255.0
dns-server 101.11.11.36
option 121 ip 24.192.168.3 192.168.2.1 ## This option provides route information , /24.x is the subnet info and other is gw
!
ip dhcp pool vlan3
network 192.168.3.0 255.255.255.0 ## This is media server vlan, we have added manual ip & gateway pointing to vlan ip 192.168.3.0
! to add multiple routes use below
! option 121 ip 24.192.168.3 192.168.2.1 24.192.168.100 192.168.2.1
!
ip dhcp pool vlan4
network 192.168.4.0 255.255.255.0
option 121 ip 24.192.168.3 192.168.4.1 ## This option provides route information , /24.x is the subnet info and other is gw
!

! This port is connected with the Mikrotik RB
interface GigabitEthernet1/0/1
switchport trunk encapsulation dot1q
switchport mode trunk

! This port is connected with user area 2
interface GigabitEthernet1/0/2
switchport access vlan 2
switchport mode access

! This port is connected with local FTP/Media sharing server's
interface GigabitEthernet1/0/3
switchport access vlan 3
switchport mode access

!This port is connected with user area 4
interface GigabitEthernet1/0/4
switchport access vlan 4
switchport mode access
!
interface Vlan1
ip address 192.168.254.1 255.255.255.0
!
interface Vlan2
ip address 192.168.2.1 255.255.255.0
!
interface Vlan3
ip address 192.168.3.1 255.255.255.0
!
interface Vlan4
ip address 192.168.4.1 255.255.255.0
! Following route is pointing to Mikrotik RB
ip route 0.0.0.0 0.0.0.0 192.168.254.2
!

# Mikrotik Routerboard Part


/interface ethernet

set [ find default-name=ether1 ] name=LAN-TRUNK

/interface vlan
add interface=LAN-TRUNK name=vlan2 vlan-id=2
add interface=LAN-TRUNK name=vlan3 vlan-id=3
add interface=LAN-TRUNK name=vlan4 vlan-id=4

# It is recommended to use small subnet, like /29 for below (zaib)
/ip address
add address=192.168.254.2/24 interface=LAN-TRUNK network=192.168.254.0

/interface pppoe-server server
add default-profile=pppoe-profile disabled=no interface=vlan2 max-mru=1480 max-mtu=1480 mrru=1600 one-session-per-host=yes service-name=service2
add default-profile=pppoe-profile disabled=no interface=vlan3 max-mru=1480 max-mtu=1480 mrru=1600 one-session-per-host=yes service-name=service3
add default-profile=pppoe-profile disabled=no interface=vlan4 max-mru=1480 max-mtu=1480 mrru=1600 one-session-per-host=yes service-name=service4

# FTP / Media Sharing Server Part

at your FTP server, which is under vlan no 3, define static ip like 192.168.3.2 and point its gateway to 192.168.3.1, That’s It 🙂

Results are showed as below …

 

client ROUTEs and ipconfig AFTER DHCP OPTIOIN

 

download gpoign via vlan only after addding dhcp option

 

no load on mikrotik router and local vlan download going via local vlan

 


 

Note:

I have posted minimalist configuration to reduce any complication. Most of parts are quite self explanatory. This exercise was done successfully in LAB & required results were achieved. However you must consult with some Cisco expert & conduct your own testing  before implementing it on production.

Also you may want to use ACL in order to restrict access to shared resources, YKWIM


Regard’s
Syed Jahanzaib

 

Advertisements

3 Comments »

  1. Use option 249 instead of 121 because option 121 will not work with Windows XP pc.

    Like

    Comment by Mohammad Shakir — October 19, 2017 @ 5:43 PM

    • 249 was left intentionally as XP is thing of past now. but still its good to document every thing.
      thank you for your contribution. Appreciated 🙂

      Like

      Comment by Syed Jahanzaib / Pinochio~:) — October 20, 2017 @ 8:45 AM

  2. jahanzaib bhai can you tell me how to obtain a class less ip route into hex code? for dhcp option in cisco its very easy and windows server is also easy… but how to calculate them for mikrotik… suppose 10.106.68.0/22 10.106.68.1 is default gateway and dst subnet is 10.101.8.0/22 and also 10.100.0.0/16…

    i would like to make pptp server on mikrotik
    10.106.68.1 is default gateway for the users pptp server is behind the gateway 10.101.8.0/22 and sharing content servers are in 10.100.0.0/16…
    but if i do in easy way pptp client is showing me a 10.106.68.1 ip in caller id i need to know the customer exact ip in caller id

    local area is 10.106.68.0/22
    gateway is 10.106.68.1
    and pptp server is behind the gateway ip is 10.101.8.0/22
    and content sharing servers is also on behind the gateway 10.100.0.0/16

    can u please guide me?

    Liked by 1 person

    Comment by waqas hussain — October 20, 2017 @ 1:56 AM


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: