Isolate IP/MAC per Port

easyswiss · March 8, 2016, 8:03pm

Hello,

I am completly new with routerOS.

I have the following scenario:

Router (CCR1036) ↔ SWITCH 1 (CRS125)
Router (CCR1036) ↔ SWITCH 2 (CRS125)
Router (CCR1036) ↔ SWITCH 3 (CRS125)
Router (CCR1036) ↔ SWITCH 4 (CRS125)
Router (CCR1036) ↔ SWITCH 5 (CRS125)
Router (CCR1036) ↔ SWITCH 6 (CRS125)

On the router a /24 is configured (public ipv4).

I will use all switchs in the bridge mode.
For security i want to bind all ports to a unique IP

Example
Port 1 is the connection to the router
Port 2 on Switch 1 have IP 123.123.123.2
Port 3 on Switch 1 have IP 123.123.123.3
Port 4 on Switch 1 have IP 123.123.123.4

How should i configure this? VLAN’s are no option, because this wastes 60% of the /24

Would be happy to get a feedback

easyswiss · March 8, 2016, 8:05pm

A important notice is: all ports must be open.
We use this /24 to sell root servers.

ShayanFiroozi · March 8, 2016, 9:06pm

Hi ,
First of all i strongly suggest you to use routing network not bridging because :
1- More control over IPs and use a stateful firewall.
2- Limiting your broadcast domain and reduce useless traffics and many other reasons you can search about !

if you have to use bridging there is a firewall for bridges we call it Bridge Firewall

there you have control over L2 and a little L3 frames and packets ,
you can easily add a rule to drop any traffic from a MAC address with unspecified IP