Bridge “bridge-LAN”, which is associated with 4 ports: ether1,ether2,ether3,ether4.
Bridge “bridge-WAN”, which is associated with one port: ether5.
I want port “ether5” to be “standalone” - meaning, not associated with any bridge.
I tried via SSH to de-associate port ether5 from its bridge, but the available options require me to use a bridge, see terminal output:
/interface/bridge/port> :put [get [find interface=ether5] bridge]
bridge-WAN
/interface/bridge/port> set [find interface=ether5] bridge=bridge-
bridge-LAN bridge-WAN
/interface/bridge/port> set [find interface=ether5] bridge=""
ambiguous value of bridge, more than one possible value matches input
Also I tried to delete “bridge-WAN” from menu “/interface bridge” via WebFig, but it forced port “ether5” to be associated with “bridge-LAN”, which is NOT desired.
You want to remove ether5 from bridge-WAN, don’t you?
Just go to bridge->port and remove the interface from the bridge-WAN, then delete the bridge-WAN too if you want. That’s it!
You’d better use Winbox for that.
Once you know how to do it, it seems obvious, but since it is referenced in New User Pathway To Config Success, there should be a bit more explicit instructions when trying to explain how to do something to someone that has zero experience with ROS.
I know as someone that came from Ubiquiti EdgeRouters, knowing how to configure EdgeOS/vyatta isn’t much help in configuring ROS.
Here’s what the example shows as of 2023-04-26 16:00 EDT
And following it verbatim leads to a bad command on the add.
EXAMPLE - ether5, decide to use 192.168.5.55 as allowed IP.
Not sure what you mean, there is no danger??
Just in case added a few things…
EXAMPLE - ether5, decide to use 192.168.5.55 as allowed IP. Note: Since you have defined a subnet 192.168.5.0/24 you can pick any IP to enter into the IPV4 settings on the laptop.
If you can remember which one, feel free to narrow it down to lets say .55 in winbox rules or input chain rules etc…
add interface=ether5 name=ether5-access
/ip address
add interface=ether5-access address=192.168.5.1/24 network=192.168.5.0
/Interface list
add interface=Trusted
/interface list members
add interface=ether5-access list=Trusted
/ip neighbours discovery
add interface-list=Trusted
/tool mac-server mac-winbox
set allowed-interface-list=Trusted
/ip firewall filter
add action=accept chain=input src-address-list=Authorized
add action=accept chain=input in-interface=ether5-access src-address=192.168.5.55 add action=accept chain=input in-interface=ether5-access src-address=192.168.5.0/24 { if you do not want to narrow down access }
where firewall address list is comprised of all potential Admin IP addresses locally or coming in on VPN.
This one is likely one you will be adjusting from time to time and may screw up.
As long as the separate rule exists not touched for the ether5 port, you can access the config.
There are two things I was trying to indicate, but was not clear about. And here I was complaining that your instructions were not clear, a bit ironic.
The primary (but unfortuneately unstated) one is that you are clear about what the the problem is, what the intended solution concept is, and what needs to be done, but there are no instructions on how to do it. Saying “remove spare etherport from the bridge” may be simple to someone that knows how, but it isn’t obvious to someone that has never touched a MikroTik router before other than possibly to use Quick Set or a default config. A bit more guidance is needed. For most users I think doing it with WinBox would be easiest (or probably can be done with webfig, but I never use that). It is possible with the command line, but you have to know the syntax and what your interfaces are named. Assuming ether5 hasn’t been renamed
/interface bridge port remove [ find interface=ether5 ]
