Hi,
we use a RB2011UiAS-2HnD-IN.
The first Eth-Port is the gateway.
I´ve tried to setup two different networks (work and guests).
Example:
Network:
Ethernet Ports 2-7
IP Range: 192.168.5.0/24
Network:
Ethernet Port 8-10
IP Range: 10.5.50.0/24
Both Networks should use Port 1 as Gateway. And they should not see each other.
Questions:
Is it somehow possible with one Router? If Yes, how 
?
Such things are new for me.
Sorry for my bad english (I´m from austria)
Best regards
Rutzki
Hi ,
you can easily drop communication in IP/Firewall/Filter Rules
chain=forward action=drop src-address=192.168.5.0/24 dst-address=10.5.50.0/24 log=no log-prefix=“”
chain=forward action=drop src-address=10.5.50.0/24 dst-address=192.168.5.0/24 log=no log-prefix=“”
In the ethernet interfaces menu, set ports 8, 9, and 10 to have master-port=none
Then create a second lan bridge (name it something appropriate like GUEST)
Add the IP address and dhcp server for the second network to the new bridge interface.
If your srcnat masquerade rule simply states that packets going out-interface=ether1, then this is good enough for both LANs. If it mentions IP addresses, I would modify it to only specify out-interface=ether1.
Forward filter rules - after the fasttrack/accept rules for connection-state=established,related , create a new rule:
action=drop out-interface=!ether1 (! means ‘not’ and is the little checkbox next to the interface selection in winbox.)
If you have a rule that accepts dstnat packets, then that rule should come before this new rule.
Done.
I have a similar question, but in my case i need that both networks have independent gateways. Routers are not really my thing and this is the first time using a Mikrotik hardware.
Something like:
Network 1
Network 2
I am substituting two routers for one RB2011 Ui AS-RM.
How can it be done?
Route marking and route policy,search them,tutorials are available
Route marking and route policy,search them,tutorials are available
Thanks, I will try those.