Hi there,
I am using a RB4011 and some cAP acs for my network at home. The network is split into several VLANs. In the RB4011 I configured one bridge, which is bridging LAN and WLAN. The bridge contains physical ethernet ports of all internal networks (ether1-ether5) except the WAN port (ether10). The ports are all configured as trunk ports (ports are connected to a switch and contain only VLAN tagged traffic). All cap-interfaces managed by CAPsMAN are also included. VLAN filtering is enabled in the bridge, the traffic between networks is filtered by RB4011’s firewall.
Is it okay to use one big bridge for all networks or is there another best practice?
In the bridge configuration in WinBox there is the button “Settings” which contains the parameters “Use IP Firewall” and “Use IP Firewall for VLAN”. The wiki says that it is for “Send bridged VLAN traffic to also be processed by IP/Firewall.” I did not activate those two parameters, but nevertheless the traffic between VLANs is filtered by the firewall. What are those parameters for?
Best regards,
cyb