I would like my RB 3011 to get the public IP adress from my ISP.
At this stage my RB2011 gets the public adress from ubiquiti device of my provider (it works as AP Bridge) using PPPoE.
Then RB2011 has LAN interface (Bridge LAN) (which contains only sfp1 phycsicall port) and it is connected to RB 3011. RB3011 gets internet access, but WAN ip is not public (belongs to RB2011 LAN interface address pool).
My question is how would YOU setup both mikrotik devices to have public IP adress on WAN Port of RB3011.
The current set up is shown below:
I am thinking about setting RB 2011 as a switch, and try to connect vIA PPPoE from RB3011. Is it good approach ?
Does it requires any special firewall rules on RB2011 ? By setting RB2011 as a switch i mean deleting all settings and firewall rules, then creating a bridge between ethernet1 and sfp1 (then i will disable all unused ports, and access via ssh etc).
(I dont want my RB 2011 to be accessible from internet etc).
Thank you man. That is what i actually meant.
However if i bridge antenna output (ether1 port on rb2011) and 3011 uplink (sfp1 port on rb2011) do i have to set any firewall rules or it will work like a non-manageable (2-port) switch ?
Is there any way to acces RB 2011 from rb3011 network (no matter which) ?
If there is no IP configuration on the 2011 bridge no firewall rules required, you could exclude the interfaces for mac-telnet & mac-winbox access though.
However for management access you probably do want some IP configuration - you have a few options:
IP on the bridge, blocking IP on RB2011 ether1 with firewall rules (bridge filter might be more efficient)
IP on VLAN & VLAN aware bridge (bridge will not be hardware accelerated, may limit throughput)
IP on VLAN & hardware switch configuration (can be fiddly to set up, there are some good forum posts)
