MikroTik VRRP Configuration with DHCP Server

MikroTik VRRP (Virtual Router Redundancy Protocol) ensures high available internet network. If any organization requires uninterrupted internet connection, MikroTik VRRP implementation will be a vital solution for them. MikroTik VRRP creates a virtual router accumulating two or more physical routers and ensures uninterrupted internet connection keeping activate one physical router always. That means, if any physical router fails to operate due to any hardware failure, MikroTik VRRP uses another backup router for internet gateway until the running router comes back again. In my previous article, I discussed how to configure MikroTik VRRP to establish a high available internet network. But most of the office network as well as ISP network use DHCP Server to assign their device IP automatically. So, in this article I will show how to configure MikroTik VRRP with active and backup DHCP Server.

Network Diagram

To configure VRRP network with MikroTik DHCP Server, I am following a network diagram like the below image.

In this network, two MikroTik RouterOS (Master_RouterOS and Backup_RouterOS) are the member of a MikroTik VRRP. So, when both routers are up and running, network traffic will pass through Master_RouterOS. If Master_RouterOS fails to operate due to hardware failure or any other cause, Backup_RouterOS will turn into Master Router and pass network traffic until the Master_RouterOS comes back again. When the Master_RouterOS recovers again, it turns into Master Router and Backup_RouterOS will turn into Back Router. So, a hardware redundancy network will be ensured using MikroTik VRRP. Also DHCP Server is configured in both RouterOS to provide IP address automatically to client devices. These DHCP Servers will be activated depending on their Router_OS state that means if Master_RouterOS is up and running, its DHCP Server will have up and running. Again, if Backup_RouterOS is activated due to Master_RouterOS hardware failure, its DHCP Server will work as active DHCP Server.

In the network diagram, Master_RouterOS is connected to ISP1 through ether1 interface having IP address 192.168.40.2/25 and ether2 port is connected to LAN network having IP address 10.10.200.1/24. VRRP will be configured on ether2 interface and a virtual interface will be created whose IP address will be 10.10.200.254. Similarly, Backup_RouterOS is connected to ISP2 through ether1 interface having IP address 172.30.30.2/25 and ether2 port is connected to LAN network having IP address 10.10.200.2/24. MikroTik VRRP will also be configured on ether2 interface and a virtual interface will be created whose IP address will be 10.10.200.254. Note that, both routers should always have the same type of configuration.

We have also two workstations (PC-1 and PC-2) that are connected to our virtual router (that will be created by MikroTik VRRP) through LAN_Switch and will get IP address automatically from active DHCP Server.

MikroTik VRRP Configuration with DHCP

MikroTik VRRP creates a virtual router accumulating two or more physical routers where one physical router works as a Master Router and others are Backup Router. If Master Router fails to operate due to hardware failure, one of the Backup Routers becomes Master Router based on priority setting. So, we have to configure both Master Router and Backup Routers and all routers should have the same type of configuration. Complete MikroTik VRRP configuration with DHCP can be divided into two parts according to the above network diagram.

• MikroTik VRRP and DHCP configuration in Master_RouterOS and
• MikroTik VRRP and DHCP configuration in Backup_RouterOS.

MikroTik VRRP and DHCP Configuration in Master_RouterOS

We will now configure MikroTik VRRP and DHCP Server in Master_RouterOS. In MikroTik VRRP, Master Router is identified by priority setting. The router whose priority is higher is identified as Master Router. The following steps will show how to configure Master_RouterOS so that it will act as a network gateway as well as a VRRP Master Router.

• Login to Master_RouterOS using Winbox with full permission user credential.
• Click on Interfaces menu item. Interface List window will appear.
• Click on VRRP tab and then click on PLUS SIGN (+). New Interface window will appear.
• Put VRRP interface name in Name input field or you can keep as default name (vrrp1).
• Now click on VRRP tab and choose physical interface (ether2 for this article) on which you want to create VRRP.
• Put Virtual Router ID (10 for this article) in VRID input filed. This VRID must be same in Master Router as well as all Backup Routers.
• Put Master Router priority (100 for this article) in Priority input field. As this is a Master Router, its priority will be higher than any other Backup Router.
• Make sure that Preemption Mode is enabled otherwise Master Router cannot be selected as master automatically if Master Router recovers due to any technical failure.
• Click on Apply and OK button. You will find a new VRRP interface (vrrp1) has been created in VRRP interface list.
• Go to IP > Addresses menu item. Address List window will appear. Click on PLUS SIGN (+). New Address window will appear.
• Put Master_RouterOS WAN IP (192.168.40.2/25) in Address input field and choose WAN interface (ether1) from Interface dropdown menu and then click on Apply and OK button. Click on PLUS SIGN (+) again and Put a LAN IP (10.10.200.1/24) in Address input field and choose LAN interface (ether2) from Interface dropdown menu and then click on Apply and OK button. Click on PLUS SIGN (+) again and put VRRP gateway IP (10.10.200.254/24) in Address input field and choose VRRP interface (default interface name is vrrp1) from Interface dropdown menu and then click on Apply and OK button.
• Now go to IP > DNS. DNS Settings window will appear. Put your DNS server IP (Public DNS IP: 8.8.8.8 or 8.8.4.4) in Servers input field and then click on Apply and OK button.
• Go to IP > Routes. Route List window will appear. Click on PLUS SIGN (+). New Route window will appear. Click on Gateway input box and put your internet gateway IP (192.168.40.1) in this Gateway input field and then click on Apply and OK button.
• Go to IP > Firewall menu and click on NAT tab. Now click on PLUS SIGN (+). New NAT Rule window will appear. Choose srcnat from Chain dropdown menu. Click on Action tab and choose masquerade from Action dropdown menu and then click on Apply and OK button.
• Go to IP > DHCP Server menu from your Winbox. DHCP Server window will appear.
• In DHCP Server window, click on DHCP Setup button and choose the created VRRP interface (in this article: vrrp1) from DHCP Server Interface drop-down menu and then click on Next
• Now put your LAN IP block (10.10.200.0/24) in DHCP Address Spaceinput box and click Next DHCP client/LAN user will get IP address from this network block.
• Choose gateway address for the given network (VRRP interface IP: 10.10.200.254) in Gateway for DHCP Networkinput box and then click Next
• Put IP range (10.10.200.10-10.10.200.253) from which your DHCP client/LAN user will get IP in Address to Give Outinput box and click Next
• Provide preferred DNS server IP and click Next
• Now provide IP lease time and click Next Default lease time is 3 days.
• DHCP setup is complete now and a successful message will be shown.
• Now connect any IP device (Desktop, Laptop, Smartphone etc.) to your network. Automatically an IP will be allocated for that device from your MikroTik DHCP server. Click Leases tab and observe IP lease status of that DHCP client.

Master_RouterOS configuration with VRRP and DHCP Server has been completed. We will now perform similar configuration in Backup_RouterOS so that it can handle network traffic if Master Router goes down due to any unwanted cause.

MikroTik VRRP Configuration with DHCP in Backup_RouterOS

Backup Router does nothing in VRRP network but check whether Master Router is alive or not. If Master Router goes down, Backup Router handles all network traffics like Master Router. So, Backup Router should have the similar configuration like Master Router but only priority keeps less than Master Router. The following steps will show how to configure Backup_RouterOS so that it can handle network traffic if Master Router fails to operate due to any unwanted issue.

• Login to Backup_RouterOS using Winbox with full permission user credential.
• Click on Interfaces menu item. Interface List window will appear.
• Click on VRRP tab and then click on PLUS SIGN (+). New Interface window will appear.
• Put VRRP interface name in Name input field or you can keep as default name (vrrp1).
• Now click on VRRP tab and choose physical interface (ether2 for this article) on which you want to create VRRP.
• Put Virtual Router ID (10 for this article) in VRID input filed. This VRID must be same in Master Router and all Backup Routers.
• Put Backup Router priority (50 for this article) in Priority input field. As this is a Back Router, its priority will be less than Master Router.
• Make sure that Preemption Mode is enabled otherwise Master Router cannot be selected as master automatically if Master Router recovers due to any technical failure.
• Click on Apply and OK button. You will find a new VRRP interface (vrrp1) has been created in VRRP interface list.
• Go to IP > Addresses menu item. Address List window will appear. Click on PLUS SIGN (+). New Address window will appear.
• Put Backup_RouterOS WAN IP (172.30.30.2/25) in Address input field and choose WAN interface (ether1) from Interface dropdown menu and then click Apply and OK button. Click on PLUS SIGN (+) again and Put a LAN IP (10.10.200.2/24) in Address input field and choose LAN interface (ether2) from Interface dropdown menu and then click on Apply and OK button. Click on PLUS SIGN (+) again and put VRRP gateway IP (10.10.200.254/24) in Address input field and choose VRRP interface (default interface name is vrrp1) from Interface dropdown menu and then click on Apply and OK button.
• Now go to IP > DNS. DNS Settings window will appear. Put your DNS server IP (Public DNS IP: 8.8.8.8 or 8.8.4.4) in Servers input field and then click Apply and OK button.
• Go to IP > Routes. Route List window will appear. Click on PLUS SIGN (+). New Route window will appear. Click on Gateway input box and put your internet gateway IP (172.30.30.1) in this Gateway input field and then click on Apply and OK.
• Go to IP > Firewall menu and click on NAT tab. Now click on PLUS SIGN (+). New NAT Rule window will appear. Choose srcnat from Chain dropdown menu. Click on Action tab and choose masquerade from Action dropdown menu and then click Apply and OK.
• Go to IP > DHCP Server menu from your Winbox. DHCP Server window will appear.
• In DHCP Server window, click on DHCP Setup button and choose the created VRRP interface (in this article: vrrp1) from DHCP Server Interface drop-down menu and then click on Next
• Now put your LAN IP block (10.10.200.0/24) in DHCP Address Spaceinput box and click Next DHCP client/LAN user will get IP address from this network block.
• Choose gateway address for the given network (VRRP interface IP: 10.10.200.254) in Gateway for DHCP Networkinput box and then click Next
• Put IP range (10.10.200.10-10.10.200.253) from which your DHCP client/LAN user will get IP in Address to Give Outinput box and click Next
• Provide preferred DNS server IP and click Next
• Now provide IP lease time and click Next Default lease time is 3 days.
• DHCP setup is complete now and a successful message will be shown.

Backup_RouterOS configuration with VRRP and DHCP has been completed. If you have more than one Backup Router, you have to apply similar configuration in all the Backup Routers except priority will be different from other VRRP router and must be less than Master Router. As a VRRP network administrator, it is also your responsibility to update Backup Router configuration whenever Master Router changes.

Now you can test your VRRP configuration by connecting any Desktop or Laptop with DHCP client. If everything is OK, your LAN PC will be able to get uninterrupted internet although your Master Router goes down.

If you face any confusion to follow above steps properly, watch the below video about MikroTik VRRP Configuration with DHCP Server. I hope, it will reduce you any confusion.

MikroTik VRRP configuration with DHCP Server has been discussed in this article. I hope, you will able to configure a VRRP network with MikroTik DHCP Server following the above steps properly. However, if you face any confusion to configure MikroTik VRRP network with DHCP, feel free to discuss in comment or contact with me from Contact page. I will try my best to stay with you.