VLAN Setup Please Help

RouterOS General
1

All of the offices can communicate with the server and vice versa.
The IT Office can communicate to server and all offices also but I don’t want the Sales Office and Admin to communicate to each other.

How to configure this kind of setup?

Pls. See attach image, thank you..!
Screenshot_21.png

2

Short answer: Firewall
Please read: http://forum.mikrotik.com/t/using-routeros-to-vlan-your-network/126489/1 (and search for intervlan).

3

One bridge and the link provided get you 90% there.

4

Sir, can this firewall rules solve my problem?

Screenshot_22.png
Screenshot_22.png833×334 37.1 KB

5

can you pls elaborate more sir? i’m newbie in mikrotik configuration.

6

Once you have your bridge and vlans, the firewall rules are easy…

For example…
ONE ONLY HAS TO ADD ALLOW RULES HERE ************************* Everything else will be dropped automatically by the last rule.
Order is important within a chain!!
Organized sets of chains, make reading and troubleshooting issues easier!!

/ip firewall filter
{ Input Chain }
(default rules to keep)
add action=accept chain=input comment=“defconf: accept established,related,untracked” connection-state=established,related,untracked
add action=drop chain=input comment=“defconf: drop invalid” connection-state=invalid
add action=accept chain=input comment=“defconf: accept ICMP” protocol=icmp
add action=accept chain=input comment=“defconf: accept to local loopback (for CAPsMAN)” dst-address=127.0.0.1
(user rules)
add action=accept chain=input in-interface-list=LAN
add action=drop chain=input comment=“drop all else” { this rule should the last rule added }
{ Forward Chain }
(default rules to keep)
add action=fasttrack-connection chain=forward comment=“defconf: fasttrack” connection-state=established,related
add action=accept chain=forward comment=“defconf: accept established,related, untracked” connection-state=established,related,untracked
add action=drop chain=forward comment=“defconf: drop invalid” connection-state=invalid
(user rules)
add action=accept chain=forward comment=“internet traffic” in-interface-list=LAN out-interface-list=WAN
*******************************
add action=accept chain=forward comment=“port forwarding” connection-nat-state=dstnat disabled=yes { enable if required }
add action=drop chain=forward comment=“drop all else”