**Good evening !
I have a MikroTik ‑ CCR1036, but I have setup up that many address are on the same interface I have attached my configuration. Your help will be greatly appreciated
I have set the many IP address to Ether2, is this correct?? can I do this?**
Nothing wrong with multiple IP’s on the same interface.
Can only have one default route unless you do policy routing, but otherwise you’re fine.
Is that port really directly connected to all those networks?
Seems that you have public IPs and private networks mixed on the same port.
All packets flowing from WAN to your router are visible to all local 10.x.x.x devices and all private packets from 10.x.x.x are sent to public network. You should avoid such configuration. The nearest corrctly configured router/gateway on the WAN side should however “kill” these private packets to not pass them to the “wild”.
It is ! is that bad?
Could you please be more specific?
Forget router for a moment … let stay with “stupid” switch … switch receives packets on one interface and resends them to all other interfaces to let packets reach their targets … of course switch is quite smart and learns where devices are connected as it remembers which interfaces particular MACs are coming from/to to optimize traffic and not to send all packests to all ports … hubs are even more stupid and really send all-ports-to-all-ports. Switch does not look at packet’s Layer2+ data and does not care about source and target IP (I am talking about L2 layer switch … L3 layer switches are smarter). If you send data from one computer to other one via switch then all other computers receive it and should ignore as they are not targets … it is not true for multicasting but it is different story. So … if you connect computers from different subnets then all packets are send to all devices despite which subnet their belongs to. If someone wants to intercept such data then it is served right to his hands.
If your private LAN port is the same as the public WAN then all your private data is send to the world and all incoming data is send to all local devices.
You should avoid such configuration just for your security.
Now … back to the router … router is the switch with much higher IQ.
It’s lets you filter your private data and public one and route it from particular interface to proper one inspecting IP headers to match routing/firewall rules but the rule of thumb is not to mix LAN and WAN data on the same interface. Sending private IPs to public network is forbidden by RFC and all routers should kill such traffic if they see it. Think … what your ISP should do with your 10.111.x.x packets if someone else uses same addressing ? Should send your packets to your neighbours and their data to your lan ? What if devices’ IPs are duplicated ? Where data should be send ? How to differ your data and their data ?
I hope that I have explained the problem enough.