Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
3631
Views
0
Helpful
1
Replies

Mikrotik to Cisco Configuration Convert

Sellamuthu Ravi
Level 1
Level 1

‎06-20-2019 05:08 AM

Hello Everyone,

 I am new to Mikrotik ROuter Configuration ,

i Will Share the Mikrotik Commands to be convert Cisco Commands

Can we please anyone help to me

 

1 .

/ip firewall mangle add action=mark-routing chain=prerouting comment=infyn in-interface=WAN_IFACE new-routing-
mark=infyn passthrough=yes protocol=tcp src-port=80 disabled=yes

 

2.

/ip firewall mangle add action=mark-routing chain=prerouting comment=infyn dst-port=80 in-interface=LAN_IFACE
new-routing-mark=infyn passthrough=yes protocol=tcp src-address=!CACHE_SERVER_ADDRESS disabled=yes

 

3. /ip firewall nat add action=dst-nat chain=hotspot dst-port=53 protocol=udp src-address=!CACHE_SERVER_ADDRESS to-
addresses=CACHE_SERVER_ADDRESS \
to-ports=53 disabled=yes

 

4.

/ip firewall nat add action=dst-nat chain=dst-nat dst-port=53 protocol=udp src-address=LAN_NET_IP_POOL to-
addresses=CACHE_SERVER_ADDRESS to-ports=53 disabled=yes

 

5. ip firewall mangle action=mark-routing chain=prerouting comment=infyn dst-port=53 add in-interface=LAN_IFACE
new-routing-mark=infyn passthrough=yes protocol=udp src-address=!CACHE_SERVER_ADDRESS disabled=yes

 

6.

/ip firewall mangle add action=mark-routing chain=prerouting comment=infyn in-interface=WAN_IFACE \
new-routing-mark=infyn passthrough=yes protocol=udp src-port=53 disabled=yes

 

7.

/ip route add comment=infyn distance=1 dst-address=10.254.200.0/24 gateway=CACHE_SERVER_ADDRESS scope=30 target-
scope=10 routing-mark=infyn disabled=yes

 

 

 

Thank You

YOUR FRIEND.

Labels:
0 Helpful
1 Reply 1

Raul W. Flores Rodriguez
Level 1
Level 1

‎04-13-2020 09:31 AM - edited ‎04-14-2020 06:39 PM

Hi,

Line 1 an 7 are similiar to a PBR with extended ACL in Cisco.

Line 1 is marking any TCP traffic with source port 80 ingress from WAN Interface. In MikroTik you can put a name to an Interface so WAN_IFACE could be a G0/0 in Cisco.

Line 7 is defining in the route table that trafic that match the Line1 parameters goes to the gateway CACHE_SERVER_ADDRESS, this gateway is just an IP that is replaced with a name. In the example that I giving to you is 10.50.0.1. Just replace.

ACL

#ip access-list extended infyn
#permit tcp any eq www 10.254.200.0 0.0.0.255

PBR
#route-map infyn permit 10
#match ip address infyn
#set ip next-hop 10.50.0.1

Apply PBR on Interface
# interface G0/0
#ip policy route-map infyn


It could be done by other ways but this is the most easy that I know

Bye,
Raul from Peru

 

 

0 Helpful
Top