One router, two separated LAN

RouterOS Beginner Basics
1

Hi Forum
This is my first contact with MikroTik and I have to prove myself to my boss, so please help.
I have a hEXs router and would like to run two separate networks. One on eth2, eth3 ports and the other on eth4, eth5. Both networks with internet from eth1 port and different dhcp servers. Where should I start?

Thank you in advance,
Ann

2

From performance point of view not optimal, but sytactically correct and probably easier to comprehend way would be:

  1. create two bridges (e.g. named LAN1 and LAN2)
  2. add ether2 and ether3 to LAN1 and ether4 and ether5 to LAN2
  3. configure LAN1 with IP address for LAN network 1
  4. configure DHCP server for LAN1 … you need address pool and DHCP network setup matching address on LAN1 interface(bridge)
  5. repeat steps #3 and #4 for LAN2
  6. configure firewall rules. Very good starting point is default rule set (you can view it by running command /system default-configuration print inside terminal window. Note that default firewall relirs on properly maintained interfale lists, in particular those named LAN and WAN (and these are only names, no magical stuff happening behind). Don’t forget about SRC NAT (and DST NAT if needed), also take inspiration from default setup.
    Default setup assumes LAN subnets are not blicked between each other, so you have to add some rules for that if needed. Also mind that router (management access and all services) is ooen towards LAN by defaukt, you may want to add some restrictive rules …

Bridging traffic between pair of member ports for second bridge will bog down main CPU, only one bridge will be offloaded to device’s switch chip. That’s what I meant by mentioning performance in first sentence. This can be worked around by introducing VLANs (can be entirely internal to router), but doing VLANs the Mikrotik way is a bit of a hurdle for many newcomers, so you probably better skip it this time :wink:

3

No VLAN ? Party spoiler … :confused:


:laughing:

4

I’m sure @anav will jump out of the hEX s shortly and will tell all about VLANs :laughing:

5

Thx mkx, it works!
You’re the best, thanks :wink:

6

Nope, for less subnets then ports and user wants to dedicate a port to a subnet, I will go with the MKX solution.
No need to add the fun of vlans at this point. The user learning very basic setup is better off not quite yet making the logical jump.
I just figured mkx didnt want to fix expected vlan errors if recommending that route, so basically lazy :stuck_out_tongue_winking_eye: