Send all Vlan Traffic back though the Core Router

xsoldier777 · October 6, 2020, 11:55pm

Hi All Mikrotik Gurus,

I am loving the new Bridge Vlan setup and I have been testing the Bridge Setting that allows the Bridge to use the IP firewall rules to control bridge traffic. And that feature is absolutely amazing and gives such control over any traffic on the bridge… I was wondering if it is possible for me to have my switches send all their vlan traffic back to the Core Router so that I have only one firewall to manage traffic… I realise that this will cause more load all hardware involved but was wondering if it is even possible. Any Ideas would be greatly appreciated. And thanks in advance for your time! Have a Blessed Day!

Thanks

xsoldier777 · October 7, 2020, 6:43pm

After some testing, looks like the only way that this is possible is to make each switch port a separate VLAN, then all packets have to head back to the core though the Nat tables to route to the next VLAN. I guess I answered my own question but if anyone else has a better way to control all traffic from the core router I would greatly appreciated it. :). Now I just need to create a script to create all the vlans necessary… lol.

tippenring · October 7, 2020, 6:53pm

In typical modern network design, your core should be engineered to simply forward packets as quickly as possible. Filtering and traffic manipulation should be kept to a minimum if not completely eliminated. This allows the the best efficiency and scalability of network resources.

You might look at some potential network automation that syncs your firewall rules between your access switches/routers. That might simplify things for you. If you are really using switches like the CRS units, my limited experience is that they’re pretty weak on CPU, so that might not end up scaling well though. I think it would be fun and educational to test in the lab.