What is the best way to separate two networks on the same router?
What I did before is make two separate bridges and use IP Firewall to block stuff, but works only for IP, not MAC stuff as it seems.
Other option is to create separate subnet and block subnet to subnet only. But that is the same like setup above, yes?
Any ideas welcome (+ please give links to documentation / examples so I can learn).
Thanks!
Configuring two bridges and assign ethernet ports to one of bridges should ensure L2 (MAC) separation between such subnets. Hence my question: what do you mean by “but works only for IP, not MAC stuff as it seems”?
I was able to access one mikrotik device over two such bridged and firewalled networks (wifi and local, main mikrotik router from wifi).
Your answer is not detailed enough to determine what works and what not. Mentioning router implies you did not pass MAC separation, but rather wrongly configured firewalls.
Describe your scenario (setup and test case) with more detail.
Using two different bridges,
One Lan on a bridge the other not on a bridge
Using one bridge but two vlans
Are some ways to avoid layer2 connectivity and thus the ROUTER can be firewalled at layer3 to block any traffic.
Having a look at your config as mkx stated will show if there are firewall issues with your setup.
I think anav defined this well; I understand the options now. Thanks!
Thanks, but thats because I know very little and thus can only keep it simple. If I knew any more I would probably give dangerous advice. 