Port ( Interface ) isolation in RB450 G /RB750 G ?

shreekrishna · November 21, 2012, 11:01am

Hi,

One of my customer needs a solution for physically isolating the traffic between ports.
One of the interface ( in the port 2-5 range ) is connected to the corporate network,
another one to a broadband router and the third one to a printer. The idea is to see that
individually , both the internet and corporate interfaces can send / receive packets to /from
the printer interface , but the two interfaces can’t exchange packets between themselves.

Is there anyway this can be done with firewall alone ? or does it need VLAN ?

regards
Shree

sytex · November 21, 2012, 12:07pm

Are the three interfaces bridged together or is there routing between the interfaces (different ip ranges on each)?

shreekrishna · November 22, 2012, 10:59am

They are on seperate IP range.. I believe bridging will have to removed to get the isolation

Shree

sytex · November 23, 2012, 1:00pm

Don’t delete the bridge!!!

Leave them bridged together, and use Bridge Filters. I haven’t used bridge filter many years ago, so I cannot give you the exact solution.

shreekrishna · November 27, 2012, 11:36am

But if we bridge them, there will be broadcast packets received at all the ports , I assume !
How will it give us the physical isoltaion ? The requirement is that the packets arriving at
internet port (say) should not go anywhere else except the print port ..and the ones from
enterprise side should go to the print port and no where else !

Pls correct me if my assumptions on bridge filtering are wrong here..

regards
Shree