Subscribe For Free Updates!

We'll not spam mate! We promise.

Sunday 24 November 2013

Howto Exempt any User / Website from Mikrotik PCC

Unknown    No comments

I recently deployed Dual WAN P.C.C configuration  at a local cable.network. The scenario is something like below . . .
USERS  >>  MIKROTIK  PPPOE SERVER >>> MIKROTIK RB 750 PCC with 2 DSL Link>>> INTERNET
The problem they were facing of one particular Banking web site name bankalhabib.com , The best method to resolve such P.C.C issues is to use src-address as classifier, this way user WAN ip won’t be change and they will be stick to 1 wan for there session. But in above scenario I cant use src-address as users are not directly hitting PCC. So I made a workaround and exempted the user and in one case , the destination website from being processed by the P.C.C
The simple theory is to make a address with the user ip or the destination web site IP address. and then create an rule in mangle to exempt it from P.C.C, Then create a new default route in with your desired WAN selected , for that traffic which is exempted from P.C.C
Important:  Move this rule above of other PCC rules, so it will accept the data before PCC catches it.
=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x

To Exempt Any User IP from PCC Rule,

/ip firewall address-list
add list=usere-exempted-from-pcc address=172.16.0.2/32
Now create Mangle Rule to accept traffic from above list, then PCC will not precess this user ip address , and Mikrotik will use the Default route for this user Traffic. (We will add it later)

Example:
/ip firewall mangle
add action=accept chain=prerouting disabled=no src-address-list=user-exempted-from-pcc

To Exempt Any Web Site from PCC, first track its IP Address (or pool), then add it in exempt list.

/ip firewall address-list
add list=site-exempted-from-pcc address=108.59.160.167/32
(108.59.160.167/32 is mywanip.com for test purpose)
Now create its mangle rule
/ip firewall mangle
add action=accept chain=prerouting disabled=no src-address-list=site-exempted-from-pcc


Adding Route for Un-Marked Traffic

You have to add Default ROUTE rule to tell Mikrotik to use this ROUTE as default route for all other UNMARKED traffic not processed / marked by the PCC. and in this route, you can bind exempted traffic request to always go through Specific Link only.

/ip route
add comment=”Default Route For Un-Marked Traffic” disabled=no distance=3 dst-address=0.0.0.0/0 gateway=101.11.11.36 scope=30 target-scope=10
(Change IP Address as per your network configuration)

=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x

Please Give Us Your 1 Minute In Sharing This Post!
SOCIALIZE IT → ,
,
FOLLOW US →
SHARE IT →

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

 

Copyright © 2013 Learn It. Free software seo friendly blogger templates

".