Community discussions

MikroTik App
  4. RouterOS
  5. General

isolating rb750 ports

Post Reply
 
victoryharmony
just joined
Topic Author
Posts: 6
Joined: Thu Jan 28, 2010 2:35 pm

isolating rb750 ports

Thu Jan 28, 2010 7:21 pm

hi everyone, :D

I have 2 LANs using simple 8 port non manageable switches.I've connected these switches to another simple 5 port switch and then connected it to my VPN-Server LAN Card.
the problem is that users of each LAN can see the other LAN users.
recently I've got an RB750 and am going to use it instead of the central 5 port switch.
is there any way to isolate these 8 port switches users from each other.
ports on rb750 are going to be used as follows:

ether2 is connected to VPN Server
ether3 is connected to 8 port switch(LAN 1)
ether4 is connected to 8 port switch(LAN 2)

Thanks a lot
Last edited by victoryharmony on Sun Jan 31, 2010 11:53 am, edited 1 time in total.
Top
 
kirshteins
MikroTik Support
MikroTik Support
Posts: 592
Joined: Tue Dec 02, 2008 10:55 am

Re: isolating rb750 ports

Fri Jan 29, 2010 2:06 pm

In case ether3 and ether4 are not switched together, you can try to use IP firewall filter to isolate LANs. For example,
Code: Select all
/ip firewall filter
add action=drop chain=forward in-interface=ether3 out-interface=ether4
add action=drop chain=forward in-interface=ether4 out-interface=ether3
Top
 
victoryharmony
just joined
Topic Author
Posts: 6
Joined: Thu Jan 28, 2010 2:35 pm

Re: isolating rb750 ports

Tue Feb 02, 2010 1:48 pm

thanks for your answer,

but what if we use the ports as slaves for the ether2.
or if we use pppoe concentrator instead of VPN server.
in these situations is ther anyway to isolate ports?

Regards :)
Top
 
MicroTikNewby
Frequent Visitor
Frequent Visitor
Posts: 51
Joined: Thu Dec 31, 2009 4:54 am

Re: isolating rb750 ports

Fri Feb 05, 2010 7:12 am

I have a similar configuration. Why not assign the three to different subnets and then used a variety of firewall rules to allow port3 and port4 to see port2 but be invisible to each other.

Such as:

Port2: 192.168.88.x
Port3: 192.168.77.x
port4: 192.168.66.x

Then add firewall rules, such as given in the earlier example. Just make sure to include rules that allow the communication between ports2 & 3 and ports2 & 4.

I'm not sure how it would work with pppoe, however. (I'm new myself)
Top
 
kirshteins
MikroTik Support
MikroTik Support
Posts: 592
Joined: Tue Dec 02, 2008 10:55 am

Re: isolating rb750 ports

Fri Feb 05, 2010 9:20 am

RB750 switch does not have advance packet filtering, so it is impossible to isolate networks (it is still possible to isolate VLANs). You can try to use bridge instead of a switching. With "/interface bridge settings set use-ip-firewall=yes" you can use IP firewall.
Top
 
victoryharmony
just joined
Topic Author
Posts: 6
Joined: Thu Jan 28, 2010 2:35 pm

Re: isolating rb750 ports

Fri Feb 05, 2010 8:32 pm

Thanks again for your helpful answers,

Finally I've made a bridge and assigned 2,3,4,5 ports to it and in bridge filter rules added 6 rules to isolate ports 3,4,5.
but if i were using a rb493 and wanted to isolate ports 2 to 9 there must be 56 rules!!!!.

I've googled the forum for similar threads and have found port-based vlan solutions which did not work for me.
the problem is there is nothing like /Interface ethernet switch in the rb750. recently I've got a Rb450g and a rb493ah, and there is no switch Item in them too.

:D :D :D
Top
Post Reply

Who is online

Users browsing this forum: Spine and 37 guests
  4. RouterOS
  5. General