This is my first post and I am new to using Mikrotik.
I have several Mikrotik hEX RB750Gr3 that I need to set up a unique way.
I want to have the Internet port (Port 1) set up with a IP address assigned by my DHCP server, I have no problem configuring that.
But, I want to have port 2&3 to get an IP address from the DHCP server on the same subnet that provides IP addresses for port 1.
Then I want ports 4&5 to have a separate subnet configured on the Hex , I have no problem configuring that.
I just need to figure out how to do “pass thru DHCP” on ports 2&3. I do not need the devices on ports 2&3 to communicate with the devices on ports 4&5
Basically have ports 1,2,&3 act as a switch. But use port 1 to route packets for the subnet defined on ports 4&5.
It isn't clear to me when you say "I want to have port 2&3 to get an IP address from the DHCP server on the same subnet that provides IP addresses for port 1."
If what you want to do is the equivalent of putting a 4 port switch connected to:
Your "ISP" router with DHCP server providing the ip address via dhcp to your router's WAN port
Your router's WAN port
a second external device that will obtain its ip addresses from the ISP router's dhcp server
a third external device that will obtain its ip addresses from the ISP router's dhcp server
And the LAN side of the router connected to a "virtual 3 port switch, one switch-port to the router, and two switch-ports for devices connected to the router's LAN interface that will be getting internet service from the router's WAN connection.
If that's what you are wanting
Then start with the default config where ether1 is the WAN and the LAN are the other four ports configured in the bridge device.
Then it is possible. you essentially want ports 1-3 to be in one vlan with the bridge as the parent interface and a new vlan-id (e.g. 666) and then you will need to make that the vlan666 interface your WAN interface. The other two bridge-ports (ether4,ether5) can remain in the bridge proper (leave the pvids the default 1), or you can create another vlan interface for the LAN connection.
I need have to get to sleep now. But it can be done. Not in one step, it is a multistep process. I would recommend not being connected to the internet when configuring.
I am less wordy than buckeye.
a. please provide a network diagram that depics the devices and the subnets
b. please provide a config export
/export file=anynameyouwish ( minus router serial number, any public WANIP information, keys, dhcp lease lists).
Your post as is, makes no sense as evidenced by the contortions buckeye goes through trying to GUESS what you are talking about.
In general, yes all ports on a bridge are connected at layer2 and thus not able to separate them.
If you need separation between users then you need to put them on different subnets.
assign ports their own IP address
ex ether1 is wan port , ether2,ether3 are on bridge and ether4 gets its own IP and ether5 gets its own IP.
Thus you can using firewall rules ensure that ether2,3 (bridge) do not see 4 or 5 and ether4 does not see bridge or 5 and ether 5 does not see bridge or 4.
another option is to use vlans, the use case for this is if you need to pass multiple subnets over one port like to a smart switch.
I do go into more details than most are interested in.
But it looks like the OP was a hit and run, since he hasn't been back.
@mbarrett2025 if you are still interested, answer this simpler question.
Are you just trying to eliminate the need for a single cheap 5 port switch that the RB750Gr3's WAN interface is connected through? That's a trivial solution, and may be better than spending the time figuring out how to do it with vlans. And if only two RB750Gr3 are involved (which could require two extra small external switches, that's what I would suggest. The only reason for doing it with vlans is if you want to learn how, or if you had the need for 10 setups and wanted a to achive everything with a single device (the RB750Gr3) per setup instead of a set of two devices (RB750Gr3 plus a dumb ethernet switch). It is possible to do what you want with just the RB750Gr3, just not a 5 minute task.
When I first read it I though you were asking how to setup three "WAN" interfaces on the RB750Gr3, each interface with it's own dhcp client, but all connected to the same dhcp server, and that made very little sense.
It is possible to do something like what this Ubilquit forum post did using an ER-X (but with 3 switch-ports on the WAN side and 2 on the LAN side).
Yes, after re-reading my post, it even confused me !
I think ANAV made the best suggestion, I’ll use a mini-switch in front of the RB750Gr3 and connect the WAN port to it, and configure all 4 ports of the router to be a separate subnet.
That’s the easiest config without an overly complex config.
As I have stated many times buckeye,
The issue as always is having a standard of posting where the OP makes the requirements clear first, and provides evidence, config, network diagram...........
In that manner, the OP has to articulate his plan without muddling up the post with half solutions that confuse more than help, and so that we can provide a response that is accurate and to the point probably cutting threads down by more than half !!!
@anav It's unfortunate that you deleted your thread aimed a new users. Then we could have pointed the vague questions to them. And unfortunately, when you deleted the threads you started, it also deleted all the responses written by others along with it.
That effort was in response or lack thereof for MT to make the Forums a better experience, especially for new users. It was not meant to be permanent but a filler until we could get new users to articulate their issues in a logical, efficient and accurate manner. If done, many threads would be
a. Op here is my problem
b. buckeye--> here is the solution and why
c. OP --> Thankyou
Instead we get threads like this........
Where, we get facts ONLY at the end............ he doesnt even have a ISP provider and gets internet from his neighbour LOL.................... Just a complete waste of everyones time and all due to laziness and quite frankly irresponsible forum managment. THis is not reddit or some social friggen experiment its a technology focussed assistance for free, because quite frankly its the only way MT can fill the void for documentation that is so so lean on why.
Before writing, I read forums and ran various checks.
I learned some things immediately, and others became clear through discussions on the forum.
The fact that you received certain details at the end doesn’t reflect laziness or irresponsibility on my part, but rather my desire to thoroughly understand the issue - some information was simply not easy to find, and certain aspects are generally not covered in sufficient detail.
I hope you’re doing well, Anav.
If it personally bothers you that someone knows less than you, then don’t look down on such messages at all - better yet, just don’t look at them.
Your behavior is disgusting.
My apologies if you interpreted my text as in any way negative towards yourself. I thought I made it clear, but when I stated the below.
Just a complete waste of everyones time and all due to laziness and quite frankly irresponsible forum managementits the only way MT can fill the void for documentation that is so so lean on why
Its not your fault or any new posters fault for creating posts that are not of sufficient quality to allow for a good experience. Some basic instructions on how to formulate a good post will help with any IT or software issue, not just at this forum, and will ensure your thoughts are organized before posting and will allow us, to answer your questions more rapidly and accurately.
Let me say it again, my beef has nothing to do with the posters, and only to do with Forum structure and their hands off lazy approach to running the forums.
My posts were also in response to buckeye and not you.
If I wanted to lambaste you directly I would have, for not providing requested information, such as - are you generally uncooperative, or do you think you know better what is needed then someone who has helped 1000s before you. But that is not the purpose here.............
The purpose is to get your issue resolved and to do that we have to understand the requirement, THE WHY, the how is not important yet.
a. identify all the users/devices including admin
b. identify all the traffic they need to accomplish