Does any one know how to separate bridges using the bridge filters? I know that I can not VLAN on my Power Router 720 due to no switch chip functionality. So I want to be able to separate my two networks that have the same address scheme but of course they have unique addresses. Example I would have an IP address of 67.xxx.xxx.23 on network A and an address of 67.xxx.xxx.100 on Network B. I wish I could VLAN the ports but I do not think it is possible. All bridged ports are trying to get to the same common gateway. So I have them all connected to the same bridge but I want to separate the traffic. I do not want a broadcast to spill from network A to network B. Attached is my extremely generic drawing. Is there a way to make the traffic filterd using the bridging filter? I want to have both network feel that they are separate to minimize packet storms. Please advise.
Thanks
Perhaps you may split the subnet and assign /28/29 subnet to one interface, different /28/29 subnet to another interface. Routing should work fine between the interface and route traffic between the interfaces, when it is necessary.
I think it is a little too late for that my network has grown mighty big now. And then we added in the power router about 2 years ago(I think.) DO you know of any ways to VLAN it off or do the bridge filtering so that my traffic to one side of the network will not be seen on the other. See what happens is that if my backhaul goes down from Network A then my Network B receives the traffic which causes a brief interface shut down script to be ran to reconnect to the network B even though the main network A was down. It seems to be a large LAN based problem which I do not like but I did create this mess. SO I am trying to correct the problem if I could subnet all over again I would. But currently that is not an option.
If you have nay more suggestions that would be great.
Ok, it is possible with VLAN.
However, when the network is very big, it is not enough with one device (router) to ensure VLAN for the network, where users are connected without any order.
You can not do a VLAN with out using a bridge correct? Or do you have an example of how you would do a VLAN so that both interfaces have the same destination but use different VLANS. My problem was always when I would get stuck I would use a bridge but then that would defeat the purpose of the VLANs of the bridge has the same VLANS on it. I think I am confused as to how you would do a PORT based VLAN on two separate interface so that they both can route to the gateway. Any simple diagram or code example would help. Thanks for your advice it really helps.
… I think I am confused as to how you would do a PORT based VLAN on two separate …
You can do it.
VLAN is added to outgoing interface, multiple VLANs could be added to the same outgoing interface.
Create bridge and add appropriate VLAN to it.
Add local interface to bridge, when interface1 should be on VLAN1, bridge them together VLAN[from outgoing]+local interface.
However I do not see the way to apply the configuration to your diagram, as you have one bridge with two ports, where two networks users are mixed together.
The network A users do not need to see the network b just as long as they both have the same gateway out to the Internet. AS for the VLAN would I then have to tag all devices on the VLAN port side of the Network A or B or ifg I just tag the port then all the devices will know that they are on that VLAN ID from then on and not interfere with the other VLAN ids?
I know these are basic questions but it is really driving me crazy to have this scenario that I have built by no one else fault but my own.
So basically you want to stop the various ports from communicating with each other and only allow traffic to flow out the uplink?
/interface bridge filter
add action=drop chain=forward comment=
"Prevent Port To Port Communication" disabled=no in-interface=!ether1 out-interface=!ether1
There, if it's not going in our out the uplink port (ether1) then it will be dropped.
So traffic can not go from ether2 to ether3 for example
