Port Based Access Control?

Van9018 · December 14, 2016, 11:55pm

What’s the best approach to isolating all ports on a single 24 port switch? Then sharing some…

This is in a shared office, desks are rented out along with 1 ethernet port.

If a customer wants two desks, those 2 ports should be able to communicate with each other.

Finally, there is 1 printer that everyone should have access to.

My problem with a VLAN is that I’d like customers to be able to detect the printer on the network, which would require the computer and printer to be on the same lan.

Ideally I’d like to be able to have all ports on the same lan, same DHCP, but prevent packets from forwarding through to other ports unless allowed.

chechito · December 15, 2016, 12:00am

mikrotik CRS switch series allow port isolation like you need

http://wiki.mikrotik.com/wiki/Manual:CRS_examples#Port_Level_Isolation

Van9018 · December 15, 2016, 1:50am

I’ve followed the examples twice, both times it causes none of the ports to work and I have to factory reset the switch.

Out of the box:
ether1-gateway (Goes to my modem for internet)
ether2-master
ether3-slave
ether4-slave
etc

ether2 to ether24 go to workstations.

To make ether2 to ether24 only have access to the internet… What would be the steps?

I set their profile to ‘1’ for isolated. At this point they can still ping one another and internet works.

Then the example says to set ether2 as an uplink port, but it’s not uplink port. Just another lan port in use by a workstation.

If I add a new port isolation entry, all ports stop working. Can’t ping 192.168.88.1 or other addresses.

I can’t find better tutorials online.