https://help.mikrotik.com/docs/display/ROS/Switch+Chip+Features#SwitchChipFeatures-Portisolation
According to the docs, if you’re using vlan-mode secure, fallback etc then you should create a switch rule with a new-dst-ports, however if you try do that, the switch complains that it is not supported.
/interface ethernet switch rule> add ports=ether2,ether3,ether4,ether5 new-dst-ports=ether1 switch=switch1
failure: not supported for this switch
So how do you enable port-isolation using this switch chip?
What is your device? RouterOS version?
Yes, I’m sure it is. Thats what the router shows
[admin@Switch-1-2] > sys routerboard print
routerboard: yes
board-name: PowerBOX
model: RouterBOARD 750P r2
serial-number: 5BBC052DEA60
firmware-type: qca9531L
factory-firmware: 3.22
current-firmware: 3.22
upgrade-firmware: 6.48.6
[admin@Switch-1-2] > interface ethernet switch print
Flags: I - invalid
# NAME TYPE MIRROR-SOURCE MIRROR-TARGET SWITCH-ALL-PORTS
0 switch1 Atheros-8227 none none
[admin@Switch-1-2] > interface ethernet switch rule add ports=ether1,ether2,ether3,ether5 new-dst-ports=ether4
switch: switch1
failure: not supported for this switch
[admin@Switch-1-2] >
Running 6.48.6 (long-term)
Uh… upgrade firmware with
/sys rou upgrade
Because your device still use the old 3.22
Your device is supposed to support such feature.
If not work the update, contact directly support@mikrotik.com
https://help.mikrotik.com/docs/display/ROS/Switch+Chip+Features#SwitchChipFeatures-Portisolation
According to the docs, if you’re using vlan-mode secure, fallback etc then you should create a switch rule with a new-dst-ports, however if you try do that, the switch complains that it is not supported.
/interface ethernet switch rule> add ports=ether2,ether3,ether4,ether5 new-dst-ports=ether1 switch=switch1
failure: not supported for this switch
So how do you enable port-isolation using this switch chip?
rules not supported on that switch
you must use
/interface ethernet switch port-isolation