isolate bridge ports

D3L05 · August 24, 2010, 2:45pm

Hi,

I’ve this setup:

pppoe server---------switch---------rb493[bridged ether1,2,3,4,5,6…](from ether2 to ether9 UBNT rockets as wds bridge where the clients connect)

some clients, some times, can’t authenticate in the pppoe server, like packets lost before reach the pppoe server.

so how can I do the traffic (in rb493) only goes from ether1 to etherx, and from etherx to ether1

thanks!

mrz · August 27, 2010, 6:30am

set up bridge filters to block communication between ports except etherx and ether1

D3L05 · August 27, 2010, 2:57pm

something like this could work?

add chain=forward action=drop in-interface=!ether1 out-interface=!ether1

fewi · August 27, 2010, 3:10pm

It should, as long as you turn on the IP firewall on the bridge.

D3L05 · August 27, 2010, 3:13pm

thanks,

the idea is to do something like private vlans, where ether1 do the job as the uplink port

blake · August 27, 2010, 5:29pm

Its not possible to emulate private VLANs on MikroTik. The closest thing to it is creating a separate VLAN for each customer…each with its own /30 subnet.

If you want the L2 separation of each customer while still allowing them to share the same IP subnet, use Cisco.

JorgeAmaral · August 28, 2010, 10:46pm

You can/should use split-horizon on the bridge ports.

Read here: http://wiki.mikrotik.com/wiki/MPLSVPLS#Split_horizon_bridging

Best regards,

Jorge Amaral

D3L05 · August 28, 2010, 10:56pm

thanks Jorge,

using split horizon, in my setup, I should set for example horizon 1 for ether2-ether9 and horizon 2 for ether1, is that correct?

thanks

JorgeAmaral · August 28, 2010, 11:08pm

yes, you are correct.

Best regards,

Jorge Amaral

wifi442 · August 29, 2010, 4:35am

What symptoms are you having? Occasional dropped pppoe sessions? I have a similar layout to yours with rockets. I am getting random packet loss from the RB450G to the rockets connected via lan cable. Netwatch reports drops every now and again, maybe 2 or 3 times a day. My pppoe server at the main office loses some of the clients every so oftern and it usually coincides with the packets that are lost.

My RB450G is set up as a bridge with all ports bridged.

D3L05 · August 29, 2010, 5:16pm

my problem is similar, the worst thing is, the clients sometime can’t connect, the nanostations show
ppp not connected, but no error in the log (nanostation or pppoe server)

wifi442 · August 30, 2010, 2:20am

Interesting, I am just losing packets, mostly from the RB50G to the directly connected Main Ubnt Rocket Dish. That dish links back to the office where the pppoe server and the internet pipe are. Everyone’s sessions stay connected most of the time. Only every other day does the packet loss kick a session off. So far they are coming back up right away though.

Did you have any luck with the horizon setting?

I am leary to mess with the routerboard until I am in the same room with it. It sits way up on a mountain and wouldn’t want to render it unreachable!

chm0d755 · February 12, 2013, 11:05pm

I will test port isolate in the following way:

[admin@MikroTik] > interface bridge filter print
Flags: X - disabled, I - invalid, D - dynamic

0 chain=forward out-interface=!ether5 action=drop in-interface=ether1

1 chain=forward out-interface=!ether5 action=drop in-interface=ether2

2 chain=forward out-interface=!ether5 action=drop in-interface=ether3

3 chain=forward out-interface=!ether5 action=drop in-interface=ether4

All 5 ports are common Bridge - “bridge1”

samansenju · January 21, 2015, 11:31pm

hi folks…

can you give me some example .. rules of brdge filtering, to fillter loop between bridge ?

what protocol or port causing loop usually ? i will drop it, and what happen/effect if i drop it ?