reg vlan

vvishal5 · January 7, 2008, 2:44pm

Hi All,

we need to configure the following

ethernet1 (Intenret)
ethernet2 (lan)
ethernet3 (lan)
ethernet4 (lan)

ethernet2, 3 and 4 has to configured as vlan

there should we no traffic passthorugh betweeb ethernet2 3 and 4 but all should send and recived traffic from ethernet1 which is connected to our Internet router

all the three ethernet interface 2,3,4 should have the same lan IP block

Currently we have assigned internet ip for ethernet1 and have natted ethernet2 (lan ip configured) to ethernet1

We are also able route traffic betweeb ethernet2 to 1

any help ?

butche · January 7, 2008, 4:16pm

Sounds like you are just wanting port isolation and not vlan, but setting up vlan interfaces is very simple and documented very well.

there should we no traffic passthorugh betweeb ethernet2 3 and 4 but all should send and recived traffic from ethernet1 which is connected to our Internet router

Should be easy to configure in firewall. This is not complete, but something like the following should give you an idea:

/ip firewall filter
add chain=forward in-bridge-port=ether2 out-interface=ether1 action=accept
add chain=forward in-bridge-port=ether3 out-interface=ether1 action=accept
add chain=forward in-bridge-port=ether4 out-interface=ether1 action=accept
add chain=forward in-interface=ether1 action=accept
add chain=forward action=drop

This should come after your other filters.

all the three ethernet interface 2,3,4 should have the same lan IP block

Just bridge them and assign the IP to the bridge interface.