Hello all,
I have a HEX-S router configured with two point-to-point links on ether1 and ether2, each connected to 2 upstream routers for redundancy.
In my current setup I have removed the two ports ether1 and ether2 from the default bridge. I thought by doing that the two ports would be isolated, at least at layer2. Now the little complication is that the connection on ether1 is not a real point-to-point connection since in fact it is connected to a switch on which other devices are connected.
My question is: How are those two interfaces treated at the Mikrotik switch level? Are they isolated? Is there a risk that layer2 frames arriving on the interfaces that are not connected to the bridge can find their way into the LAN?
Thank you.
Re: What happens to an interface that is not part of any bridge?
On layer2 interfaces are isolated. So possibility of leaking frames is slim. If frames do leak, it's probably due to errors in configuration.
Also note that without special config, router will pass packets in all directions and L2 isolation alone can't do magic.
Also note that without special config, router will pass packets in all directions and L2 isolation alone can't do magic.
Re: What happens to an interface that is not part of any bridge?
YOu have to have clear requirements and an understanding of the role of the device you are using. For example it would appear the hex is to be used as a switch and is not connected to an ISP?
Identify all users/devices
Identify all traffic flows they need (external/internal)
Then a config can be designed accordingly
All this talks about bits of ports etc, is a waste of time at the moment.
Identify all users/devices
Identify all traffic flows they need (external/internal)
Then a config can be designed accordingly
All this talks about bits of ports etc, is a waste of time at the moment.
Re: What happens to an interface that is not part of any bridge?
Thanks for the reply.
Re: What happens to an interface that is not part of any bridge?
Well my question is a bit theoretical: I just wanted to confirm how an interface that is not part of the default bridge is seen from the other interfaces that are listed as ports for that bridge.YOu have to have clear requirements and an understanding of the role of the device you are using.
Re: What happens to an interface that is not part of any bridge?
"Seen" is where the theory meets practice.
They're all interfaces to the router. RouterOS is also a [Layer 3] [IP] router & routers do routing. So with empty firewall... IP/IPv6 between traffic be allowed between all the interfaces, bridged or not.
But an off-bridge ethernet interface would not be able to use MAC addresses or have any other Layer2 access to things on the bridge. If you have a loop (or misconfiguration) elsewhere in your network... perhaps a bridge might see a standalone port (e.g. some VLANs cross on a switch outside of the router we're talking about here) at Layer2. But it wouldn't be RouterOS doing it at Layer2/MAC/Ethernet-level (only IP/IPv6 layer-3)
They're all interfaces to the router. RouterOS is also a [Layer 3] [IP] router & routers do routing. So with empty firewall... IP/IPv6 between traffic be allowed between all the interfaces, bridged or not.
But an off-bridge ethernet interface would not be able to use MAC addresses or have any other Layer2 access to things on the bridge. If you have a loop (or misconfiguration) elsewhere in your network... perhaps a bridge might see a standalone port (e.g. some VLANs cross on a switch outside of the router we're talking about here) at Layer2. But it wouldn't be RouterOS doing it at Layer2/MAC/Ethernet-level (only IP/IPv6 layer-3)
Re: What happens to an interface that is not part of any bridge?
Perfect, thank you this is very clear.
Re: What happens to an interface that is not part of any bridge?
Quick and easy answer:
It's like it's another bridge.
It's like it's another bridge.