Normally I connect RB (router to public network) to switch (which switches public network to other PCs) Is it possible to set RB962UiGS-5HacT2HnT (hAP ac) to take work of this switch?:
Switch:
2 cables to other PCs
1 cable to ISP
1 cable to RB's WAN
RB:
1 cable to Switch (NAT + router)
2 cables to local PC behind this NAT and router
In other words is it possible to set some ports to be in inner network and other ports to behave as switch on outer network?
Thanks in advance.
Re: How to set RB to work as router and public switch at one time
Yes.In other words is it possible to set some ports to be in inner network and other ports to behave as switch on outer network?
Re: How to set RB to work as router and public switch at one time
Could someone lead me closer to how to set this to work or some links?
Re: How to set RB to work as router and public switch at one time
Configure a bridge with the ports you want to be switched in it, with hardware accel enabled.
Re: How to set RB to work as router and public switch at one time
Well, my previous post was super-brief just to reflect the wording of the question.
I use the CLI names of the configuration sections but the configuration tree structure is almost the same in Winbox and WebFig.
Look how the current LAN setting is done - there is a default /interface bridge name=bridge to which all the IP configuration is attached, and the individual ethernet interfaces are configured as its member ports. You need to replicate this for the WAN side - rename the default bridge e.g. to br-lan for clarity, add another brigde named e.g. br-wan and make sure that you set protocol-mode=none on it to avoid eventually confusing your ISP's equipment, move all the IP configuration (static address or dhcp client) from ether1 to br-wan, and make ether1 a member port of br-wan under /interface bridge port, setting hw=yes. The last two steps must be done while the PC you use for configuration is connected to the LAN - it is quite unlikely it would be connected via the WAN but just for the case. In any case, I'd recommend to use safe mode to prevent locking yourself out; before logging out intentionally, you have to terminate the safe mode, otherwise the changes would be lost. If you do anything with the firewall, I recommend to connect another time before disconnecting the session you use for configuration.
Now check the /interface list member section - in all items where ether1 is mentioned, change it to br-wan, and do the same for all firewall rules where in-interface or out-interface refer to ether1, if any such rules exist. Usually it is either-or but without seeing your current configuration I better draw your attention to both variants.
Now, change the /interface bridge port section - change br-lan to br-wan for the rows representing the ethernet interfaces you want to make ports of the WAN side bridge, and remove the checkmark for hardware acceleration (i.e. set hw=no) from those rows which keep binding interfaces to the original bridge (assuming that your LAN devices don't send much traffic to each other so the "hardware acceleration" feature will be more useful for the WAN side).
I use the CLI names of the configuration sections but the configuration tree structure is almost the same in Winbox and WebFig.
Look how the current LAN setting is done - there is a default /interface bridge name=bridge to which all the IP configuration is attached, and the individual ethernet interfaces are configured as its member ports. You need to replicate this for the WAN side - rename the default bridge e.g. to br-lan for clarity, add another brigde named e.g. br-wan and make sure that you set protocol-mode=none on it to avoid eventually confusing your ISP's equipment, move all the IP configuration (static address or dhcp client) from ether1 to br-wan, and make ether1 a member port of br-wan under /interface bridge port, setting hw=yes. The last two steps must be done while the PC you use for configuration is connected to the LAN - it is quite unlikely it would be connected via the WAN but just for the case. In any case, I'd recommend to use safe mode to prevent locking yourself out; before logging out intentionally, you have to terminate the safe mode, otherwise the changes would be lost. If you do anything with the firewall, I recommend to connect another time before disconnecting the session you use for configuration.
Now check the /interface list member section - in all items where ether1 is mentioned, change it to br-wan, and do the same for all firewall rules where in-interface or out-interface refer to ether1, if any such rules exist. Usually it is either-or but without seeing your current configuration I better draw your attention to both variants.
Now, change the /interface bridge port section - change br-lan to br-wan for the rows representing the ethernet interfaces you want to make ports of the WAN side bridge, and remove the checkmark for hardware acceleration (i.e. set hw=no) from those rows which keep binding interfaces to the original bridge (assuming that your LAN devices don't send much traffic to each other so the "hardware acceleration" feature will be more useful for the WAN side).