RB hardware switch filtering using RouterOS

lblasc · November 8, 2012, 8:34am

Is there any way to filter some traffic from ports in RB hardware switch configuration using RouterOS ?

I’m building bridge firewall with RB450G on gigabit link using built in hardware switch, there are only 32 rules available which is not enough for this configuration.
So for this to work some traffic will need to go through RouterOS for additional filtering. Switch in configured on ether4 and ether5, uplink is on ether5.

For example, all traffic coming from 10.10.10.0/24 will need additional filtering:

/interface ethernet switch rule add copy-to-cpu=yes disabled=no mac-protocol=ip src-address=10.10.10.0/24 ports=ether4 vlan-header=not-present

Now RouterOS can work with this traffic but it cannot return it to ether5 port.

Any ideas ?

eosis · November 20, 2012, 3:45pm

I am also interested in this functionality. Is anyone able to help?

ditonet · November 20, 2012, 5:48pm

Now RouterOS can work with this traffic but it cannot return it to ether5 port.

If traffic flows through switch chip, only packet which meet your rule criteria is cloned and sent to CPU (router),
so don’t expect that this packet will be returned in any way.
If you need more than 32 rules, add interfaces to bridge and use bridge filter.

HTH,