Hi guys.
I have a bunch of VLANs going through ether1 to the core switch. Let’s say that management VLAN IP’s are from 10.10.10.0/24 and the gateway address ends with .1 in all subnets.
- Mikrotik is a DHCP server, NTP server and main gateway for VLANs.
- Mikrotik configuration allows to log into it from Winbox and SSH from 10.10.10.0/24 and it works great, I cannot do it trying to access 10.10.50.1 from 10.10.50.0/24.
- Mikrotik doesn’t give a sh*t and welcomes with a high five everyone from every VLAN who connects through Winbox using MAC address (and knows the password of course).
I would like to get rid of the 3rd point, add some 2 layer security. I thougth about Bridge VLAN Filtering with Ingress filtering and accepting only tagged, but it’s like:
- adding bridge interface as tagged in VLAN section (of the bridge) - everything works great also 3rd point,
- not adding bridge interface there ends with not working networking (the rhymes Man!) - 1st point.
So my questions is - is it a good and possible way to achieve this with Bridge VLAN Filtering option or there’s another way to do it? At the same time, I would like to be able to access device through MAC from 10.10.10.0/24 scope (not block it globally).
