Hi
I have an RB850 with port 1 handling POE back to my switch (native vlan1)
Port 2 is connected to a cable modem (DHCP client enabled) and is the main gateway
Port 3 is connected to another RouterBoard (via my switch) with an LTE 4G miniPCI modem and is the secondary gateway
Port 4 handles vlan4 & vlan5 from the switch
Port 5 handles vlan3 from the switch
Now, the 4G RB is connected to my switch (untagged vlan2) for POE purposes.
Port 3 of my RB850 is connected to another port on the switch (tagged vlan2). There are only 2 ports configured on my switch for vlan2
[So I’m using my switch like a POE injector]
native =192.168.1.0/24
vlan2 = 192.168.2.0/24
vlan3 = 192.168.0.0/24
vlan4 = 172.16.0.0/16
vlan5 = 192.168.5.0/24
The RB850 uses the x.x.x.1 address for each vlan. The 4G RB uses 192.168.2.2.
The RB850 switches to 192.168.2.2 if the modem on port 2 fails, so that’s fine BUT, can I prevent a vlan from accessing the secondary gateway?
The reason I need to do this is that vlan4 is for public wifi & should the modem fail, we don’t want vlan4 to have 4G internet access..
Would a simple firewall rule achieve this? Say drop all from 172.16.0.0/16 to 192.168.2.0/24
I’m not sure as even with inter vlan routing drop rules, each vlan can ping x.x.x.1 from another subnet (presumably as these are the ethernet IP’s on the RB itself)
As usual, any suggestions are most welcome..
Regards
MrB