Hello, i currently have the need to create a VLAN to isolate a host/computer from the “real” LAN. How can i create a VLAN, and then connect a computer to it, such that it cannot communicate with anything else, but has access to the internet. The idea is to create a inescapable “fake” LAN for this host, and this host alone.
With what a hammer?
If you are using an MT product, open Winbox and modify the default config accordingly.
Add a second network
Add a vlan
Add vlan to bridge
and voila mostly done and will probably need a firewall rule or two.
You can start reading here…
https://wiki.mikrotik.com/wiki/Manual:Interface/VLAN
and this is a very good forum thread…
http://forum.mikrotik.com/t/using-routeros-to-vlan-your-network/126489/1
Once you have a working config, would be keen to assist in reviewing a config to get it to fruition!
How do you add a VLAN to the existing bridge? Also, how do i then bind the VLAN to the new network i just made? with a bridge?
Use Winbox!
By creating all the the necessary structures such as dhcp server!
Yes!
Read the links provided, this is not spoon feeding class.
Better questions yields better results.
(telling you how to do something with zero understanding benefits no one - trust me a bit of work on your end will make support easier and faster)
Ok, so this is as far as I’ve gotten. Is this correct? it seems like Im missing something obvious.
Create Switch (PORT BASED)
Create VLAN (SAME ID AS SWITCH)
Assign VLAN Connection (WERE THE VLAN IS CONNECTING TO SOMETHING PHYSICAL)
Bridge VLAN to Physical Port (SO THAT THE VLAN CAN COMMUNICATE WITH THIS PORT, ALLOWING FOR A “CONNECTION”)
Create Address List/subnet for that bridge
Create DHCP for That Address List/subnet
Plug my client into the physical port, be on my new VLAN?
I should let somebody else, help as I have no patience with someone that doesnt have the courtesy to state what Mikortik unit we are talking about, what firmware they have nor any indication they have read any of the material.
Please do.
How do you connect that computer to LAN? In other words what is your infrastructure? That’s important.
All i want to do is create a working VLAN. So that this new VLAN, only houses one host. This can be done anyway possible. I don’t need trucking, or for this VLAN to be able to communicate with the “real” existing LAN. This host will be connected to the router with a patch cable
On a fixed port?
Or anything, a fixed port would work yes. All I’m looking for is ruff instructions. All the stuff i have been able to find on the internet is of literary no help. The device in question is a RB951Ui-2nD haP.
If it’s on a fix port, you wouldn’t even need vlan.
- separate the port from the bridge
- assign new subnet to it (with if needed dhcp server config)
2bis: for dhcp config, you might want to use an external dns, so that internal ip’s aren’t leaked - in firewall filter:forward disallow connection to other subnets, only to wan
So if I’m using Winbox, go to: Bridge ==> Ports ==> ether3 (double click) and just remove the bridge?
Will i need a new bridge or no?, also how is this done?, it looks like all i can do is change the bridge, not completely remove it.
After that: Create a new DHCP server that’s operating on ether3
Then: In the firewall, disallow communications between subsets.
Plug the device into ether3, be on a separate subnet?
If this is correct all i still need help with, is removing the bridge (only from ether3), if I’m missing something, what is that?
bridge: in ports, just remove the interface, , and leave the current bridge for the rest as is.
No need for another bridge
then configure ip for that interface, create new pool and then create dhcp server config
firewall config indeed
that’s it