Syed Jahanzaib Personal Blog to Share Knowledge !

October 19, 2017

Prevent Mikrotik from Chocking with Cisco Inter-Vlan Routing




Disclaimer! This is important!

My humble request is that kindly donot consider me as an expert on this stuff, I am NOT certified in anything Mikrotik/Cisco/Linux or Windows. However I have worked with some core networks and I read , research & try stuff all of the time. When you are enslaved by private job & working as one man army, you have to perform many task in which you are not formally trained for. So I am not speaking/posting about stuff I am formerly trained in, I pretty much go with experience and what I have learned on my own. And , If I don’t know something then I read & learn all about it.

So , please don’t hold me/my-postings to be always 100 percent correct. I make mistakes just like everybody else. However – I do my best, learn from my mistakes and try to help others

For adding classless routes under Mikrotik DHCP , Please read below

Scenario: [Example]

OP have mini ISP setup. Different areas are connected with Cisco 3750 switch where Vlan(s) for each port is configured. Trunk port is connected with Mikrotik Routerboard where vlan interfaces are configured accordingly. DHCP for each VLAN is configured on the Mikrotik RB which provides different subnet to each vlan with default gateway pointing to each VLAN IP.

PPPoE Server is configured on the RB to facilitate ppp dialing for each vlan. As per policy, user must dial pppoe dialer to connect with the mikrotik PPP server in order to access internet.


OP have few media sharing server located on Vlan No 3. When user starts downloading heavy media files from the Vlan No 3, all of his traffic routes via Mikrotik Router which creates load on router.

Solution # 1: [that worked partially]

After some R&D, I implemented following

  • Moved DHCP role to Cisco
  • Setup intervlan routing. enabled ip routing
  • Added default gateway in DHCP options pointing to Cisco local vlan ip respectively

This partially solves the problem. When user join the LAN, he gets IP address from the Cisco dhcp with default gateway to its respective vlan IP. all goes well , communication was happening fine with in vlan without touching the Mikrotik. But as soon as users dial the PPPOE dialer, his traffic starts routing via Mikrotik . after some troubleshooting it appears that when user dials pppoe dialer, his routes changes and ppp gets preference over other routes which force all traffic to go via RB.

As showed in the image below …

Load on Trunk Port when ppp user download from vlan no 3


routes and ipconfig of client before dhcp option

Solution # 2: [worked 100% as required]

In Cisco Switch DHCP settings for each vlan, Remove Default Gateway,  and add static routes for the sharing media servers subnet via using DHCP classless static routes option

Sounds fair enough :~)

Working Example Config for Cisco Switch 3750

# Cisco Switch Part

[Model: ws-c3750e-24pd / Version 15.0(2)SE10a ]

system mtu routing 1500
ip routing
ip dhcp pool vlan2
option 121 ip ## This option provides route information , /24.x is the subnet info and other is gw
ip dhcp pool vlan3
network ## This is media server vlan, we have added manual ip & gateway pointing to vlan ip
! to add multiple routes use below
! option 121 ip
ip dhcp pool vlan4
option 121 ip ## This option provides route information , /24.x is the subnet info and other is gw

! This port is connected with the Mikrotik RB
interface GigabitEthernet1/0/1
switchport trunk encapsulation dot1q
switchport mode trunk

! This port is connected with user area 2
interface GigabitEthernet1/0/2
switchport access vlan 2
switchport mode access

! This port is connected with local FTP/Media sharing server's
interface GigabitEthernet1/0/3
switchport access vlan 3
switchport mode access

!This port is connected with user area 4
interface GigabitEthernet1/0/4
switchport access vlan 4
switchport mode access
interface Vlan1
ip address
interface Vlan2
ip address
interface Vlan3
ip address
interface Vlan4
ip address
! Following route is pointing to Mikrotik RB
ip route

# Mikrotik Routerboard Part

/interface ethernet

set [ find default-name=ether1 ] name=LAN-TRUNK

/interface vlan
add interface=LAN-TRUNK name=vlan2 vlan-id=2
add interface=LAN-TRUNK name=vlan3 vlan-id=3
add interface=LAN-TRUNK name=vlan4 vlan-id=4

# It is recommended to use small subnet, like /29 for below (zaib)
/ip address
add address= interface=LAN-TRUNK network=

/interface pppoe-server server
add default-profile=pppoe-profile disabled=no interface=vlan2 max-mru=1480 max-mtu=1480 mrru=1600 one-session-per-host=yes service-name=service2
add default-profile=pppoe-profile disabled=no interface=vlan3 max-mru=1480 max-mtu=1480 mrru=1600 one-session-per-host=yes service-name=service3
add default-profile=pppoe-profile disabled=no interface=vlan4 max-mru=1480 max-mtu=1480 mrru=1600 one-session-per-host=yes service-name=service4

# FTP / Media Sharing Server Part

at your FTP server, which is under vlan no 3, define static ip like and point its gateway to, That’s It 🙂

Results are showed as below …


client ROUTEs and ipconfig AFTER DHCP OPTIOIN


download gpoign via vlan only after addding dhcp option


no load on mikrotik router and local vlan download going via local vlan




I have posted minimalist configuration to reduce any complication. Most of parts are quite self explanatory. This exercise was done successfully in LAB & required results were achieved. However you must consult with some Cisco expert & conduct your own testing  before implementing it on production.

Also you may want to use ACL in order to restrict access to shared resources, YKWIM

Syed Jahanzaib



  1. Use option 249 instead of 121 because option 121 will not work with Windows XP pc.


    Comment by Mohammad Shakir — October 19, 2017 @ 5:43 PM

    • 249 was left intentionally as XP is thing of past now. but still its good to document every thing.
      thank you for your contribution. Appreciated 🙂


      Comment by Syed Jahanzaib / Pinochio~:) — October 20, 2017 @ 8:45 AM

  2. jahanzaib bhai can you tell me how to obtain a class less ip route into hex code? for dhcp option in cisco its very easy and windows server is also easy… but how to calculate them for mikrotik… suppose is default gateway and dst subnet is and also…

    i would like to make pptp server on mikrotik is default gateway for the users pptp server is behind the gateway and sharing content servers are in…
    but if i do in easy way pptp client is showing me a ip in caller id i need to know the customer exact ip in caller id

    local area is
    gateway is
    and pptp server is behind the gateway ip is
    and content sharing servers is also on behind the gateway

    can u please guide me?

    Liked by 1 person

    Comment by waqas hussain — October 20, 2017 @ 1:56 AM

  3. […] I am not sure if FASTTRACK can help you as I have never tested it.Just to share another idea , At my friend ISP he had 10 TB of media sharing servers which users uses to download different sharing data which was also counted in users monthly internet traffic report. therefore we used intervlan routing method and then the problem gets solved. now only internet traffic is counted in reports.One working example … n-routing/… […]


    Pingback by General • Re: how to bypass radius accounting with FastTrack !? – Mags Forum Technology — June 24, 2019 @ 9:29 AM

  4. Dear Jahanzaib

    I did it like your solution and everything works fine, Now I ‘m getting issue in other aspects in interVlan Routing..
    I want to use IPTV from an ISP provider, they gave me thier VLAN pool and everything, I’m trying to fix it but I cant able to route traffic from my network over there… See below link and help me If you can

    Your suggestion are welcome


    Comment by kashifzai86 — November 13, 2019 @ 7:26 PM

  5. […] This post is a sequel of Prevent Mikrotik from Chocking with Cisco Inter-Vlan Routing […]


    Pingback by Intervlan Routing with Mikrotik DHCP Option 121 & 249 | Syed Jahanzaib Personal Blog to Share Knowledge ! — December 5, 2019 @ 12:18 PM

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: