Seems like a bad idea posting this here.... oh well! I haven't really touched these. I disabled the rules temporally because I'm testing this in production Anything look bad above the rules?

If 192.168.88.1 is router (most likely), then it's correct, you can ping it, but it doesn't really matter. If you want to block it too, you can, but this time chain=input would be correct one. But again, it's probably pointless, it makes sense only if you want to block access to router completely, ...

It won't do much good in input chain, the right place is forward chain.

I can still ping 192.168.88.1 with the rule on forward. Although I can see there was traffic on these rules.

Use firewall.

I've tried these without luck.

/ip firewall filter add chain=input action=drop src-address=192.168.88.0/24 dst-address=10.10.1.0/24
/ip firewall filter add chain=input action=drop src-address=10.10.1.0/24 dst-address=192.168.88.0/24

I'm not going to watch some video tutorial to learn your wishes. You better express them in a few sentences. But anyway, if you remove ether port from bridge (/interface bridge port), then it'll be isolated from the rest of network(s). Nothing to do with VLANs (as in IEEE 802.1Q) so far. If you the...

Is it possible to create a scenario in which connecting an ethernet to a specified port patches you into a totally isolated VLAN? I've been able to achieve something very similar to this using Wi-Fi with a tutorial found here: https://www.youtube.com/watch?v=1ZJ-pM89N7o How would one go about "...

First you need some sort of routes. Devices that should communicate must know how to reach each other. Client must either use VPN as default gateway or needs route to the other subnet (192.168.1.0/24) leading to VPN tunnel. Devices in the other subnet don't need anything special. Neither does the o...

Hello, recently I've needed to reach my home network and some servers that are on said network remotely. I've setup a PPP VPN on my MikroTik and i can log into the VPN over the internet but there is a problem. I can only reach\ping computers and server on the MikroTik's subnet. Attached to the Mikro...

In setting up a new Hotspot i noticed that RouterOS might use MD5 as a hash function. Is there anyway i can further secure this; like say using SHA-1 or 2?. Or is MD5 hard coded and the only option?. I enabled SSL on the login page but it would be nice if the storage of Hotspot credentials could be ...

So recently I created a guest Wi-Fi network witthin a VLAN. A few days ago I got the idea of employing a Captive Portal with a EULA that users would need to accept to be granted access to the Wi-Fi. I’ve looked around the internet on how to do this with Router OS but all I found were tutorials on Ho...

If it's on a fix port, you wouldn't even need vlan. 1. separate the port from the bridge 2. assign new subnet to it (with if needed dhcp server config) 2bis: for dhcp config, you might want to use an external dns, so that internal ip's aren't leaked 3. in firewall filter:forward disallow connection...

Or anything, a fixed port would work yes. All I'm looking for is ruff instructions. All the stuff i have been able to find on the internet is of literary no help. The device in question is a RB951Ui-2nD haP.

How would i go about isolating a host from the rest of the LAN? so this computer has internet access, but no access to other local computers.

All i want to do is create a working VLAN. So that this new VLAN, only houses one host. This can be done anyway possible. I don't need trucking, or for this VLAN to be able to communicate with the "real" existing LAN. This host will be connected to the router with a patch cable

Please do.

Ok, so this is as far as I've gotten. Is this correct? it seems like Im missing something obvious. Create Switch (PORT BASED) Create VLAN (SAME ID AS SWITCH) Assign VLAN Connection (WERE THE VLAN IS CONNECTING TO SOMETHING PHYSICAL) Bridge VLAN to Physical Port (SO THAT THE VLAN CAN COMMUNICATE WITH...

How do you add a VLAN to the existing bridge? Also, how do i then bind the VLAN to the new network i just made? with a bridge?

Hello, i currently have the need to create a VLAN to isolate a host/computer from the "real" LAN. How can i create a VLAN, and then connect a computer to it, such that it cannot communicate with anything else, but has access to the internet. The idea is to create a inescapable "fake&q...

Hello, I'm having a bizarre problem were none of the Queues i create do anything. I have a client that i want to limit to 3Mbits down and 512kbps up. When i run a speed test, that client has my full ISP provided speed. Am i using the wrong feature?. The goal is to limit the max speed this computer c...

Hello, I'm writing this form post because i cant seem to make port forwarding work. I want to allow WAN connections to communicate with a Windows box on the LAN. For VNC, and possibly RDP. I'm aware this is not a good idea, and that's exactly why i want to do it...wink wink nudge nudge.

Its my understating that this port is used for neighbor discovery. Ive turned neighbor discovery off but nmap is saying that its still open. Can you close it?, after all its like there's anything listening there.

First of all make sure that mikrotik's LAN IP subnet (M20's WAN) does not overlap M20's LAN IP subnet. E.g. if your LAN has IP subnet 192.168.88.0/24, then Mikrotik's LAN should have something else, such as 192.168.188.0/24. Secondly, beware of the method of connecting to internet through Modem. If...

The M20 running DD-WRT .... do you want that to be a wireless access point only? Then I suspect DD-WRT has an option to place it in Bridge Mode. Then give it a static IP address / gateway / DNS ... and you are done. No, i wanted the M20 to be its own independent router who's WAN is the Microtiks LA...

Does your modem hand out DHCP or did you forget to setup a PPPoE-Client on the Mikrotik? Yes i believe so, i did manage to fix the problem by unplugging the modem. Not sure why a modem would require MAC addresses to match but it does. So the cable companies can charge you for additional IP addresse...

Does the M20 have the appropriate default route pointing to the MT? Is the problem with IP subnets on the M20 not getting out? If so, then does the MT have routes for these subnets pointing back to the M20? I haven't tried any of this, the furthest i got was plugging the M20 into the MicroTik, shou...

The original plan for my recently acquired MicroTik router was to act as a Firewall. My idea was Modem ==> Microtik ==> Internal Router. The Microtik can access the internet, but when i connect my Cisco M20 to the Microtik, i get no internet on the M20. As an added complication the M20 is a client o...

This a cable modem? When you change the attached device, you need to either clone the MAC from the current one, or just reboot the modem.

Yes, this was the problem, thanks.

Does your modem hand out DHCP or did you forget to setup a PPPoE-Client on the Mikrotik?

Yes i believe so, i did manage to fix the problem by unplugging the modem. Not sure why a modem would require MAC addresses to match but it does.

Hello,recently i purchased a RB951Ui-2nD haP series device and when i plug the router into my modem it seems that RouterOS cant get an address from the modem. To test this i attached the MicroTik device to an existing router, and it both reserved an address and i was able to access the internet. Any...