This makes a great deal of sense to me - thanks.Pre-empting the worst is probably the best summary.
If they're poking at certain ports when they shouldn't then you probably don't want them poking at anything.
@icsterm Thank you very much. I will give it a shot!Just filter out UDP broadcast packets with destination 255.255.255.255 & port 5678 on the devices you don't want taking part in MNDP.
This was very helpful - and perhaps the end game.Due to that, you can't consider blacklist as alternative to whitelists (which are useful only for incoming connections). It has different purpose and even with thousands of blocked IP's blacklist will not have significant impact on your CPU.
Yes in that case you can do it with the switch:
/interface ethernet switch port
set 5 default-vlan-id=172 vlan-header=always-strip vlan-mode=secure
This will make port 5 an untagged member of vlan 172.
Which one of the two hints?Thank you this was helpful and allowed me back in.
Thank you! Spot on - works now.I've run into this before with the EAP350. I think you need to have "Isolation" checked on SSIDs not part of the primary/management VLAN (so enable Isolation on your Guest SSID).
Thanks very much GBR for the help and clarification.@gbr - thank you very much for posting this. I kind of works for me.... have a couple of questions. Note: I am a novice at scripting and still learning.
I have the script I provided working successfully on three routers.
RB 2011 was the product in 2011 so i might be that RB 3011 will be released in Q2 of 3011?! no seriously i'm also waiting for that device. but it's also better if it get postponed rather than a not working release. nevertheless MT could give an update on the state.
If you mean can I Winbox into them remotely - yes. Is tunnel something you start on the Dude?Have you tried to use tunnels between your devices to have clear access to them?