Greetings.
On MikroTik CRS326 with SwitchOS there is a port isolation option, which allows to
easily separate client ports from one another. These ports then have access to the
uplink. For example, ports 2-24 can be assigned client hosts, while port 1 is the uplink.
My question is, how can I achieve the same configuration on RouterOS 6.41.3 using
vlan-filtering and hw-offload?
Thank you!
+1
I would also like to know this
I have 30x crs326 that for now is useless
Sincerely
Carsten Larsen
Here is how you can do it.
Create a rule in Switch Rule menu like this:
switch=switch1 ports=ether12,ether2,ether3,ether4,ether5,ether24,ether23,
ether6,ether7,ether8,ether9,ether10,ether11,ether13,ether14,ether15,
ether16,ether17,ether18,ether20,ether19,ether21,ether22,ether1
copy-to-cpu=no redirect-to-cpu=no mirror=no new-dst-ports=sfp-sfpplus1
What this does is that it redirects all traffic from the users ports to the uplink port (the one going towards Internet).
That way users traffic can only go to the Internet, and not to each others.
This rule also disabels loop-protect on the lan ports, as the loop-protect packet also gets redirected to uplink, so if you need this feature, then add this before the above rule.
switch=switch1 ports=ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,ether11,
ether12,ether13,ether14,ether15,ether16,ether17,ether18,ether19,ether20,ether21,ether22,ether23,ether24
mac-protocol=loop-protect copy-to-cpu=no redirect-to-cpu=no mirror=no
Hope that helps.
Claus
And i can confirm that this works
Thanks alot