I have a hotel and i want to configure each port as a secure port
example i want DHCP and get internet in each port but no comunication between each port or room (layer 2 or 3)
something similar than client insolation of wifi
thanks for the help
Seems like you could assign different subnet to each port and use firewall rules to drop between the subnets? Not sure if that would be the best way but just what came to mind for me…
any idea how to implement the cisco swich “secure port” opcion
all port can comunicate to 1 (output port) but not between them (service ports) all layer 2
You can bridge the ports and switch the bridge firewall on. Then drop all packets between selected ports or address ranges.
This is what came to mind for me as well and is how I would do it. Disable switching and bridging, assign a subnet to each port and create firewall rules. A single masquerade rule should allow them to all communicate to WAN.
Thanks for the ideas
I found the solution on CRS examples
http://wiki.mikrotik.com/wiki/Manual:CRS_examples
Isolation
Port Level Isolation
combined with vlan tagged the final config was
port1 connected to router and hotspot server in vlan35
port2 to next CRS 24ports same config than swich1
port2 to 24 fro rooms, use vlan35 untagged, isolated to each other, but get ip and from hotspot server on vlan 35 port1
now testing and almos ready to send to hotel
feel free to comment or make suggestions
attaching the export
finaltest.rsc (2.81 KB)