Page 1 of 1
Set multipe DHCP severs on Bridged Interface
Posted: Wed Jun 03, 2020 4:25 pm
by anhseo9m
Hi,
Our Hospital use a RB3011 and in this time we have more devices connect to the network (Cameras, Medical Machine, computer, IP Phones, Printer and scanner, Wifi network).
For visible of ports i bridge ether3 and ether4. But i need if i connect a device to ether3, it auto take an IP address (192.168.1.xx) and take (192.168.2.xx) if i connect it to ether4. When i create dhcp severs on them, it show " DHCP server cannot run on slave interface". How can i set DHCP on them ?
Re: Set multipe DHCP severs on Bridged Interface
Posted: Wed Jun 03, 2020 4:40 pm
by bpwl
Maybe ether3 and ether4 should not be bridged but routed (what happens by default if not bridged).
This might be better as well to contain broadcasts and multicasts in each subnet.
Re: Set multipe DHCP severs on Bridged Interface
Posted: Wed Jun 03, 2020 5:08 pm
by anhseo9m
Maybe ether3 and ether4 should not be bridged but routed (what happens by default if not bridged).
This might be better as well to contain broadcasts and multicasts in each subnet.
But how clients of ether3 can see clients of ether4 ? Ex i have 400 camera and setting it on ether4, i use computer that connect to either 3 and how can i see or ping to camera
Re: Set multipe DHCP severs on Bridged Interface
Posted: Wed Jun 03, 2020 5:35 pm
by bpwl
Maybe ether3 and ether4 should not be bridged but routed (what happens by default if not bridged).
This might be better as well to contain broadcasts and multicasts in each subnet.
But how clients of ether3 can see clients of ether4 ? Ex i have 400 camera and setting it on ether4, i use computer that connect to either 3 and how can i see or ping to camera
Just ping and traceroute. It will work. Only broadcasts and multicasts (auto discover techniques) will not be forwarded between the 2 interfaces.
The gateway for ether3 is 192.168.1.1, the gateway for ether4 is 192.168.2.1 , that is one and the same router, that will route your traffic between ether3 and ether4.
Re: Set multipe DHCP severs on Bridged Interface
Posted: Wed Jun 03, 2020 5:49 pm
by anhseo9m
Maybe ether3 and ether4 should not be bridged but routed (what happens by default if not bridged).
This might be better as well to contain broadcasts and multicasts in each subnet.
But how clients of ether3 can see clients of ether4 ? Ex i have 400 camera and setting it on ether4, i use computer that connect to either 3 and how can i see or ping to camera
Just ping and traceroute. It will work. Only broadcasts and multicasts (auto discover techniques) will not be forwarded between the 2 interfaces.
The gateway for ether3 is 192.168.1.1, the gateway for ether4 is 192.168.2.1 , that is one and the same router, that will route your traffic between ether3 and ether4.
Maybe because i use load balance setting and have mistake on mark routing ? I just disable all mark routing and all ether can see others
Re: Set multipe DHCP severs on Bridged Interface
Posted: Wed Jun 03, 2020 6:00 pm
by solar77
first I can tell you how to do it. then I explain why you shouldn't do it.
first
take these port out of the bridge
assign IP address to each port, 192.168.2.1/24, for example
create DHCP server on each port
by this point, you have achieved what you were asked for and Mikrotik will allow communication between different subset by default.
However
this means everything can access everything else. your server, your database, your printer, your CCTV camera,you wifi clients. all mixed up together.
This is a big security flaw and it will cost you big time at some point. Patient data leaked, lawsuit, compensation...
what is recommended.
separate subnet, you office network, CCTV, staff wifi, guest wifi etc. etc.by VLAN
only allow inter-vlan traffic for few devices if you need and block the rest.
not sure where you are but speak to an IT consultant and at least find out what level of security and data protection regulation you are subject to. GDPR is the one for EU members.
Re: Set multipe DHCP severs on Bridged Interface
Posted: Wed Jun 03, 2020 6:28 pm
by anhseo9m
first I can tell you how to do it. then I explain why you shouldn't do it.
first
take these port out of the bridge
assign IP address to each port, 192.168.2.1/24, for example
create DHCP server on each port
by this point, you have achieved what you were asked for and Mikrotik will allow communication between different subset by default.
However
this means everything can access everything else. your server, your database, your printer, your CCTV camera,you wifi clients. all mixed up together.
This is a big security flaw and it will cost you big time at some point. Patient data leaked, lawsuit, compensation...
what is recommended.
separate subnet, you office network, CCTV, staff wifi, guest wifi etc. etc.by VLAN
only allow inter-vlan traffic for few devices if you need and block the rest.
not sure where you are but speak to an IT consultant and at least find out what level of security and data protection regulation you are subject to. GDPR is the one for EU members.
Thank you,
Now all the newtworks still not communicate with other. But as you said that i can accept few devices can see all network. For the ex that my boss want to see all camera like me, so i will set an ip for boss'PC then setting it have permission to see camera from other network
I will find out the setting and comback
Thank so much.
Re: Set multipe DHCP severs on Bridged Interface
Posted: Wed Jun 03, 2020 6:49 pm
by solar77
good luck.
let us know if you have a problem
Re: Set multipe DHCP severs on Bridged Interface
Posted: Wed Jun 03, 2020 9:35 pm
by anav
This is a very troublesome thread from my perspective.
If I found someone from a Canadian Hospitals asking these types of questions on a mikrotik forum, I would be calling the hospital administration asap and then the Provincial Medical Board.
The only IT folks I know that run Hospital networks are XTREME professionals dealing with a HUGE level of accountability, and continually battling cyber issues big and small.
They know their stuff inside out and dont work with equipment they are not masters of..............
They would never contemplate civilian devices (wifi smartphones etc) and medical equipment, and report generating equipment such as printers being anywhere near each other.
Re: Set multipe DHCP severs on Bridged Interface
Posted: Wed Jun 03, 2020 10:45 pm
by Jotne
@anav
It may be a very small animal hospital
" DHCP server cannot run on slave interface". How can i set DHCP on them ?
What version of routerOS do you run on the router. The message above may tell that its rather old, and it may be at risk security wise.