Each port a seperate Subnet

CamefromEdgeOS · April 14, 2021, 9:49pm

hello. i’m new to microTIK and came from Ubiquitys Edge OS.

I want to set each LAN port as a seperate subnet. I can’t find a way to do this.

Of course Port 1 is WAN.
I’d like
LAN 1 to be 192.168.1.1, DHCP off
LAN 2 to be 192.168.2.1, DHCP on
LAN 3 to be 192.168.3.1, DHCP on
LAN 4 to be 192.168.4.1, DHCP on

Where in (preferably the GUI) settings can i do this? Over command line is fine to get it done, but i need to show my subordinates where to set this as well.

mkx · April 15, 2021, 5:57am

Default configuration depends on mikrotik device type, so are necessary steps to be taken.

Most SOHO type devices come with default config which uses ether1 as WAN interface, other wired and wireless interfaces are made part of a bridge (all ports are bridged/switched) which is then used for LAN. If you want to use ports as interfaces for different subnets (either LAN or WAN), then you have to remove needed interfaces from bridge. That can be done under bridge → ports. After interface is “freed” from bridge, one can proceed by configuring L3 on it (IP address, DHCP server, …).
Default firewall on these devices comes with “abstraction layer” … meaning that certain filter rules target interface-lists … hence if you’re using multiple LAN subnets, then only necessary change is to add appropriate interface to LAN interface list (interfaces → interface list). E.g. if you’d like to use two WAN links (for failover, load sharing, whatever), configured on ether1 (default) and ether4 (your addition), add ether4 to WAN inteface list (after you’ve set WAN interface details such as running DHCP client or whatever applies) and SRC NAT etc. is already configured for you.
If you want to block traffic between different LAN subnets, then you’ll have to add appropriate firewall filter rules.
Beware that default firewall rules allow management access to router from interface list LAN. If you’re constructing “untrusted” LAN subnets, don’t add those interfaces to LAN interface list.

CamefromEdgeOS · April 15, 2021, 1:26pm

Thanks for the response. I can see where I can remove the ports from Bridge and have done so.

What do you mean by “configure L3” on them? Where are those settings.

Also unrelated but may be a quick answer. I can only seem to access the WebFig via its static WAN address. How can i enable the ability to access it via its static LAN address?

anav · April 15, 2021, 2:07pm

L3 typically refers to the ip firewall filter rules, to prevent routing between subnets when not wanted.