Community discussions

MikroTik App
  4. RouterOS
  5. General

CRS125/CRS226/etc - Help with port isolation!

Post Reply
 
User avatar
arturportella
newbie
Topic Author
Posts: 46
Joined: Wed Oct 30, 2013 3:16 pm

CRS125/CRS226/etc - Help with port isolation!

Fri Jul 08, 2016 1:40 am

Hello!


I'm trying to isolate port groups with CRS. What happen is if I try to listen the network with wireshark on a port that doesn't have a Master port (Master port set to none) a lot of broadcast leaks to it.

I want a uplink in ether1 to isolated ports between ether2 to ether20. What I did was using ether1 as promiscuous profile override and from ether2 to ether20 isolated profile override. Thats fine with port isolation group. I've created another switch group with CRS125 (as far I know, just create another group with another port as master port). I've used ether24 as master port for ether21, ether22 and ether23.

Everything from ether1 (Broadcast, multicast, etc) is leaking to ether 21, ether22, ether23 and ether24 also! What is going on?

It's freaking me out!

Those CRS are extremely hard to deal with!
Top
 
Miracle
Member Candidate
Member Candidate
Posts: 106
Joined: Fri Sep 11, 2015 9:04 am

Re: CRS125/CRS226/etc - Help with port isolation!

Fri Jul 08, 2016 4:05 am

You can set more than a Master port ?
Top
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 3156
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:
Contact chechito

Re: CRS125/CRS226/etc - Help with port isolation!

Fri Jul 08, 2016 5:39 am

have you tested this??

http://wiki.mikrotik.com/wiki/Manual:CR ... _Isolation

i have not tested multiple master ports but with that guide i have configured port isolation sucessfully, but that wall some time ago i dont remember well if have to tune something more
Top
 
User avatar
arturportella
newbie
Topic Author
Posts: 46
Joined: Wed Oct 30, 2013 3:16 pm

Re: CRS125/CRS226/etc - Help with port isolation!

Fri Jul 08, 2016 6:43 am

You can set more than a Master port ?
I think so
Hello!


I'm trying to isolate port groups with CRS. What happen is if I try to listen the network with wireshark on a port that doesn't have a Master port (Master port set to none) a lot of broadcast leaks to it.

I want a uplink in ether1 to isolated ports between ether2 to ether20. What I did was using ether1 as promiscuous profile override and from ether2 to ether20 isolated profile override. Thats fine with port isolation group. I've created another switch group with CRS125 (as far I know, just create another group with another port as master port). I've used ether24 as master port for ether21, ether22 and ether23.

Everything from ether1 (Broadcast, multicast, etc) is leaking to ether 21, ether22, ether23 and ether24 also! What is going on?

It's freaking me out!

Those CRS are extremely hard to deal with!
I already tried that. I want to isolate them from uplink port, the way this setup works doesn't allow me to isolate my community from uplink ports (ether1). Still without knowing what to do.
Top
 
vortex
Forum Guru
Forum Guru
Posts: 1130
Joined: Sat Feb 16, 2013 6:10 pm

Re: CRS125/CRS226/etc - Help with port isolation!

Fri Jul 08, 2016 5:19 pm

I use multiple master ports on my RB2011.
Top
 
User avatar
arturportella
newbie
Topic Author
Posts: 46
Joined: Wed Oct 30, 2013 3:16 pm

Re: CRS125/CRS226/etc - Help with port isolation!

Fri Jul 08, 2016 5:53 pm

That's right, with other routerboards, I was able to isolate ports just doing this. It's not working with CRS125 or 226.
I use multiple master ports on my RB2011.
Top
Post Reply
  4. RouterOS
  5. General