Dear Friends need help my scenario is I want to run mikrotik rb750 in layer 3 switch mode I have ftp server
Ip is 192.168.10.10/24 on front of ftp server I want to add rb750 with routers of different ip ranges or classes if my client ip is 10.0.0.1/24 he can reached to ftp server
How its possible ?

If you setup an interface for each subnet on your router, then any of the networks should be able to talk to each other. You could, for example, you setup ether1 with IP address with 192.168.10.1/24 and connect your FTP server to it. Then you could configure ether2 with IP address 10.0.0.1/24 and users connected to it should be able to connect to the FTP server just fine. The same would be true for the other subnets.

Does that answer your question, or are you wanting to limit access to ONLY users from the 10.0.0.0/24 subnet, and block others?

you can add all ip subnets to the same interface and the router are going to route all together by default.

If you setup an interface for each subnet on your router, then any of the networks should be able to talk to each other. You could, for example, you setup ether1 with IP address with 192.168.10.1/24 and connect your FTP server to it. Then you could configure ether2 with IP address 10.0.0.1/24 and users connected to it should be able to connect to the FTP server just fine. The same would be true for the other subnets.

Does that answer your question, or are you wanting to limit access to ONLY users from the 10.0.0.0/24 subnet, and block others?

you can add all ip subnets to the same interface and the router are going to route all together by default.

thanks for reply

my purpose to add RB750 in Layer3 Switch because if user manually give wrong class ip address in his NIC if that class route exist in RB he can access ftp how this can be possible?

If you setup an interface for each subnet on your router, then any of the networks should be able to talk to each other. You could, for example, you setup ether1 with IP address with 192.168.10.1/24 and connect your FTP server to it. Then you could configure ether2 with IP address 10.0.0.1/24 and users connected to it should be able to connect to the FTP server just fine. The same would be true for the other subnets.

Does that answer your question, or are you wanting to limit access to ONLY users from the 10.0.0.0/24 subnet, and block others?

you can add all ip subnets to the same interface and the router are going to route all together by default.

thanks for reply

my purpose to add RB750 in Layer3 Switch because if user manually give wrong class ip address in his NIC if that class route exist in RB he can access ftp how this can be possible?

This can't. The connected devices must be in the same subnet as the interface connected to.
Otherwise the RouterBoard won't be able to route the traffic.

my purpose to add RB750 in Layer3 Switch because if user manually give wrong class ip address in his NIC if that class route exist in RB he can access ftp how this can be possible?

If you assign each subnet to a different port on the router, then only a valid IP address on that subnet can connect through the router. For example, let's say 192.168.1.1/24 is assigned on ether1, and 10.0.0.1/24 is assigned on ether2. If a user connects on ether1 with an ip address of 10.0.0.50/24 and a default gateway of 10.0.0.1, then he will not be able to pass traffic through the router. He must have an address from the 192.168.1.0/24 network.

This is because of the way the networking stack works (search OSI model on Google). When the destination IP address is on a different subnet from the source client, then the client will try to send the traffic to the default gateway (10.0.0.1 in this case). It will try to find the gateway using the address resolution protocol (ARP). ARP is a network layer (layer 2) protocol, and will not traverse subnets at the network layer (layer 3). This means the ARP request will not be resolved, and the client with the 10.0.0.50 address will never find the default gateway while plugged in on ether1.

If you setup your subnets on separate interfaces, and control which clients connect to which subnets, then it will be easy to control access to the FTP server using firewall filter rules.