cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
224
Views
0
Helpful
0
Replies

Help Choosing Router and Configuration

Hi all,

hope to find everyone well. 

Once again I come to you guys looking for your expertise. 

I don't have much experience in routing since I mostly use L3 switches to do everything but I was given a job where I have to pass the configuration below from a Mikrotik router (that I never touched before) to another router, and this router has to act as a core router and a firewall to the internal network, the configuration currently on the Mikrotik is the following:

 

/interface bridge
add name=bridge_MPLS protocol-mode=none
add name=bridge_vlan100_CCTV protocol-mode=none
add name=bridge_vlan217_Court
add name=bridge_vlan218_management
add name=lobridge
/interface ethernet
set [ find default-name=combo1 ] disabled=yes
set [ find default-name=ether1 ] comment=WAN speed=100Mbps
set [ find default-name=ether2 ] comment="COURT" speed=100Mbps
set [ find default-name=ether3 ] comment="VLAN 100 Synectics Network" speed=\
100Mbps
set [ find default-name=ether4 ] comment="Mikrotik Switch CAB01" speed=\
100Mbps
set [ find default-name=ether5 ] disabled=yes speed=100Mbps
set [ find default-name=ether6 ] disabled=yes speed=100Mbps
set [ find default-name=ether7 ] name=ether7_Management speed=100Mbps
set [ find default-name=sfp-sfpplus1 ] advertise=\
10M-full,100M-full,1000M-full disabled=yes
/interface vlan
add interface=ether4 name=vlan100_CCTV_ether4 vlan-id=100
add interface=ether4 name=vlan200_MPLS_ether4 vlan-id=200
add interface=ether4 name=vlan218_Switch_ether4 vlan-id=218
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add address-pool=dhcp_pool_Management disabled=no interface=\
bridge_vlan218_management name=dhcp1_Management
add address-pool=dhcp_pool1 disabled=no name=dhcp1
/routing ospf instance
set [ find default=yes ] redistribute-connected=as-type-1 router-id=\
10.255.255.1
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/interface bridge filter
/interface bridge port
add bridge=bridge_vlan218_management hw=no interface=ether7_Management
add bridge=bridge_vlan217_Court hw=no interface=ether2
add bridge=bridge_vlan100_CCTV hw=no interface=ether3
add bridge=bridge_vlan218_management interface=vlan218_Switch_ether4
add bridge=bridge_MPLS interface=vlan200_MPLS_ether4
add bridge=bridge_vlan100_CCTV interface=vlan100_CCTV_ether4
/interface pptp-server server
set enabled=yes
/ip address
add address=192.168.219.254/23 interface=bridge_vlan218_management network=\
192.168.218.0
add address=192.168.217.254/24 interface=bridge_vlan217_Bell_ network=\
192.168.217.0
add address=192.168.100.254/24 interface=bridge_vlan100_CCTV network=\
192.168.100.0
add address=192.168.0.253/24 interface=ether1 network=192.168.0.0
add address=10.255.255.1 interface=lobridge network=10.255.255.1
add address=10.40.250.1/29 interface=bridge_vlan100_CCTV network=10.40.250.0
/ip cloud
set ddns-enabled=yes update-time=no
/ip dhcp-client
add interface=ether1
/ip dhcp-server network
add address=192.168.218.0/23 dns-server=8.8.8.8 gateway=192.168.219.254
add address=192.168.230.0/24 gateway=192.168.230.254
/ip dns
set allow-remote-requests=yes servers=1.1.1.1
/ip firewall address-list
/ip firewall filter
add action=drop chain=forward comment="Internet Block" dst-port=53 protocol=\
tcp src-address=192.168.0.0/24
add action=drop chain=forward comment="Internet Block" dst-port=53 protocol=\
udp src-address=192.168.0.0/24
add action=drop chain=forward comment="Internet Block" dst-port=123 protocol=\
udp src-address=192.168.0.0/24
add action=drop chain=forward protocol=icmp src-address=192.168.217.0/24
add action=accept chain=forward comment="Court" dst-address=\
192.168.100.0/24 dst-address-list=NVR src-address=\
192.168.217.0/24 src-address-list=hi
add action=accept chain=forward comment=" Out" src-address=\
192.168.100.0/24
add action=drop chain=forward dst-address=192.168.0.0/16 src-address=\
192.168.212.0/29
add action=drop chain=forward dst-address=192.168.0.0/16 src-address=\
192.168.213.0/29
add action=drop chain=forward dst-address=192.168.0.0/16 src-address=\
192.168.214.0/29
add action=drop chain=forward dst-address=0.0.0.0/0 src-address=\
192.168.217.0/24
add action=drop chain=input dst-address=0.0.0.0/0 src-address=\ (dont know)
192.168.217.0/24
/ip route
add distance=1 gateway=192.168.0.254 routing-mark=WAN01
add distance=1 gateway=192.168.0.254
/mpls ldp
set enabled=yes lsr-id=10.255.255.1 transport-address=10.255.255.1
/mpls ldp interface
add interface=bridge_MPLS
/routing ospf network
add area=backbone network=10.40.250.0/29


I was given a Draytek Router to do this but the router doesn't support OSPF or MPLS and also I created another network (vlan) 192.168.101.0 in order to separate some devices from the network 192.168.100.0 and the router had the cpu always at 80 plus % what was creating all kind of issues. Obviously the router was not being man enough to handle the routing process from the network 192.168.100.0 to 192.168.101.0 what is weird when the load on the interfaces was only of 270Mbps.

Well, I tried everything to put things to work the best I could but could never bring some cameras that are connected to the ETHER4 but no matter what I did I wasn't able to. 

Now I'm going to remove this Draytek and I'm going to install a Cisco but since I don't work with routers very much don't know what router/firewall is going to be the best one to this kind o job,

What router do you guys recommend and if possible what kind of coniguration should I add or the routing process to happen?

 

Thank you

0 REPLIES 0