Hello for all..!
so i have Ros951ui, and i want to isolate two ethernet port from each other -(eth4 & eth5)-
i go to interface and create two Vlan with different ID
VLAN-4 & VLAN-5 and i just put eth-4 in VLAN-4 and eth-5 in VLAN-5. does that mean i isolate the two interface from each other…?
or i have to do some additional thing..?
VLAN handling is done on bridge nowadays, not on interface.
If your device supports it, HW offloading between VLANs will be handled by ROS.
You may want to spend some time first reading this excellent post and to digest very carefully the provided examples:
http://forum.mikrotik.com/t/using-routeros-to-vlan-your-network/126489/1
Then apply for your situation.
Personal view: I was never able to use these examples as copy-paste solutions in ROS7 (the initial post and examples were made using ROS 6) but they helped me IMMENSELY to understand how it should work.
If you need only two independent ports and they are not bridged, adding VLANs to them won’t make them any more independent than they already are. In both cases, if you want to block communication (routing) between them, it’s done using IP firewall. Because otherwise router tries to route everything it can, it’s the purpose of router.
If the ports are not bridged together, the ports are isolated by itself.
If you do NOT have the requiremnt to tag the frames with an IEEE802.1Q-tag (or if ingressing to understand tagged-frames), there is no need to create a VLAN-Interface.
All you need is to block the inter-network communication by a Firewall > Filter rule.
hello my friends ..! very very thanksful for all this replies and advises ..!
really appreciate every single replay here..