We want to use an RB1100AHx2 as router between an DSL router and a Cisco switch with 5 VLANs. The VLANs should be striclty seperated. But all need access to the Internet. One VLAN contains printers which should be accessable from two other VLANs. The Cisco switch is only doing level 2 stuff and we patch each VLAN from the switch to a dedicated router port. On the RB1100AHx2 we normally need only a default route to the DSL router. The Mikrtotic router acts also as VPN PPTP server. The DSL router forwards the PPTP port to the Mikrtotic router. That’s all work. Now comes the question where I hope it gives an easy answer.

RB1100AHx2 creates dynamic routes for each VLAN shown with /ip route print. I don’t want this dynamic routes. I would prefer to define only static routes. But no disable or remove is possible in the CLI or in WinBox for these dynamic routes. In Dennis Burges “Learn RouterOS” book I found on page 112 to this subject: “it is added dynamically due to adding an IP to the router, and as long as the interface is up and running, it will be active!”

If there is no way to delete or dissable theses dynamic routes what is the easiest way to prevent a not wanted routing between the Subnets/VLANs? Firewall? Sounds not really elegant. Or "Policy based Routing"?

Is there any easy solution?

We want to use an RB1100AHx2 as router between an DSL router and a Cisco switch with 5 VLANs. The VLANs should be striclty seperated. But all need access to the Internet. One VLAN contains printers which should be accessable from two other VLANs. The Cisco switch is only doing level 2 stuff and we patch each VLAN from the switch to a dedicated router port. On the RB1100AHx2 we normally need only a default route to the DSL router. The Mikrtotic router acts also as VPN PPTP server. The DSL router forwards the PPTP port to the Mikrtotic router. That’s all work. Now comes the question where I hope it gives an easy answer.

RB1100AHx2 creates dynamic routes for each VLAN shown with /ip route print. I don’t want this dynamic routes. I would prefer to define only static routes. But no disable or remove is possible in the CLI or in WinBox for these dynamic routes. In Dennis Burges “Learn RouterOS” book I found on page 112 to this subject: “it is added dynamically due to adding an IP to the router, and as long as the interface is up and running, it will be active!”

If there is no way to delete or dissable theses dynamic routes what is the easiest way to prevent a not wanted routing between the Subnets/VLANs? Firewall? Sounds not really elegant. Or "Policy based Routing"?

Is there any easy solution?

For 5 VLANs, maybe just firewall rules will help. Plus one for the printer situation. It seems the logical solution.

Tony

I'd use firewall rules. The router needs those routes so it knows where everyone is connected to it.



Sent from my SCH-I545 using Tapatalk