We deal with a number of clients on a day to day basis that are SMB’s (our primary focus) and as such most have an ADSL connection because NBN has not been delivered to their area yet or is in the process of being rolled out. For the select few lucky ones on the NBN this failover scenario also works. It is a very basic setup, and we have more advanced setups out there that route particular traffic (some VPN links etc) over 4G if the ADSL is subject to multiple dropouts throughout the day, however this is intended to suit most cases.
This guide will make use of the default MikroTik configuration so that we don’t need to step through DHCP, firewall rules, IP pools, bridging a wireless interface to the LAN (if you have inbuilt wireless) etc.
For this tutorial the following equipment is required:
- MikroTik router with a USB port such as the hAP or RB2011 (via OTG cable supplied) in default mode
- USB 4G Dongle, some common and proven ones include the Huawei Telstra Pre-Paid 4G USB WiFi Plus (we can turn off the WiFi) or ZTE MF823
- ADSL Modem for bridge mode such as the TP-Link TD8817 or, as it has now been discontinued, the TD-W8950N which is of a similar price and you can just turn off the wireless capability
From scratch, here is what we are going to do:
- Run a patch lead between the MikroTik on port 1 (ether1) over to your TP-Link modem. There is no need to configure the modem with bridge mode as both these models from factory will passthrough PPPoE, have DHCP enabled etc.
- Power up your MikroTik and connect to it via another patch lead or inbuilt WiFi using the Winbox application
- Your MikroTik will be pre-configured from factory for the NBN if you leave the default scripts on. This means ether1 receives an IP address via DHCP and all traffic out ether1 is masqueraded. We just need to add a couple more rules if we are running on ADSL.
- Go to Interfaces, hit the plus and choose PPPoE client
- Enter in the ADSL user/pass on the Dial Out tab and also choose the ether1 interface so that it knows to establish a PPPoE connection via your bridged modem. Give it a name. In this case we have just named it Telstra.
- Modify the default firewall filter rules so that the ;;; defconf in interfaces that were set to ether1 before now use whatever you named your PPPoE client interface as, as this will be your public facing connecting on ADSL
- Create a new NAT rule to srcnat all outbound traffic that goes via your PPPoE interface (in this case called Telstra) and masquerade it
- Plug in your 4G dongle with SIM card inserted. This will show up as an lte1 interface by default in your interface list
- Add a DHCP Client under IP -> DHCP Client by clicking the blue plus. You’ll want to set interface to lte1, untick use Peer DNS and Peer NTP and add default route to Yes. Under Advanced, set the default route distance to 2 or more
- Head back to IP -> Firewall -> NAT and add a new masquerade rule like we did in Step 7. This time we will srcnat to out interface lte1 and masquerade so that all traffic via our dongle is NATted
That’s it ! A very basic setup but nonetheless a working 4G failover scenario. Of course this isn’t limited to Telstra, but we’ve used them because they’ve got the monopoly for coverage. You might say don’t pull all your eggs in one basket, ADSL and 4G with Telstra and should use separate providers, and you’re very right.
There’s a lot more you could do here (and should) and I will briefly list them but am not going to go into detail:
- Add firewall rules to block inbound traffic on your 4G link, duplicating the default rules from your ADSL input rules would be sufficient
- Change the IP address, DHCP pool etc. to match your network
- Add other firewall rules to suit your network
- Add rules to block particular activities when on 4G that may chew up your data allowance or run your bill up, such as Dropbox, Google Photos, CrashPlan PRO backups etc.
- With some 4G dongles, they won’t come up immediately with a router reboot so in some cases we have added a system scheduler script to run a USB Power Reset on the Routeboard approx 10 seconds after bootup
- Turn off the wifi on your dongle if it has inbuilt wifi, sometimes this can put un-necessary power drain on the USB port and you don’t want staff connecting to this network
- Add monitoring to your Nagios setup to check the operational status of the 4G and ADSL/NBN connections to notify you about extended outages or add monitoring to the total data used inbound and outbound on your 4G interface