i am planning to use my routerboard half as switch, half as router.
currently I have my isp´s router (192.168.8.0/24)
and the new routerboard.
the idea is to use eth1-5 as switch and eth 6-10 as router (192.168.0.0/24).
devices attached to eth 6- 10 should be able to use the internet access from my isp, but should not be able to connect to other devices from 192.168.8.0/24
I guess this is basically doable by creating 2 bridges (one “router bridge” and one “switch bridge”) right?
But what about using the internet access from 192.168.0.0/24? do I have to physically connect one of the router ports with a switch port or can this also be achieved by configuration? (which would be good to have 2 more ports available for use)
i guess isolation 2 subnets is the just some firewall rules (for disabling access from 192.168.0.0 to 192.168.8.0).
You seem to know everything you need. If I understand it correctly, ether1-5 will be still connected to ISP’s router, so the bridge with these ports will be router’s WAN port. As such, it will have IP address from 192.168.8.0/24 subnet, and router will happily route between this one and 192.168.0.0/24 (no need for extra cables). Which you don’t want, so you’ll stop it using firewall.
Another slightly different way would be one common bridge with vlan filtering, where untagged ports ether1-5 would be one vlan, and also untagged ports ether6-10 would be another vlan. It’s pretty much the same as two bridges, just different interfaces, but rest of config would be the same. Difference could be performance, where I’m not sure what’s better, but I think that one bridge is supposed to use hw acceleration, if the device supports it.