Hello all,
I have a HEX-S router configured with two point-to-point links on ether1 and ether2, each connected to 2 upstream routers for redundancy.
In my current setup I have removed the two ports ether1 and ether2 from the default bridge. I thought by doing that the two ports would be isolated, at least at layer2. Now the little complication is that the connection on ether1 is not a real point-to-point connection since in fact it is connected to a switch on which other devices are connected.
My question is: How are those two interfaces treated at the Mikrotik switch level? Are they isolated? Is there a risk that layer2 frames arriving on the interfaces that are not connected to the bridge can find their way into the LAN?
YOu have to have clear requirements and an understanding of the role of the device you are using. For example it would appear the hex is to be used as a switch and is not connected to an ISP?
Identify all users/devices
Identify all traffic flows they need (external/internal)
Then a config can be designed accordingly
All this talks about bits of ports etc, is a waste of time at the moment.
Well my question is a bit theoretical: I just wanted to confirm how an interface that is not part of the default bridge is seen from the other interfaces that are listed as ports for that bridge.
They’re all interfaces to the router. RouterOS is also a [Layer 3] [IP] router & routers do routing. So with empty firewall… IP/IPv6 between traffic be allowed between all the interfaces, bridged or not.
But an off-bridge ethernet interface would not be able to use MAC addresses or have any other Layer2 access to things on the bridge. If you have a loop (or misconfiguration) elsewhere in your network… perhaps a bridge might see a standalone port (e.g. some VLANs cross on a switch outside of the router we’re talking about here) at Layer2. But it wouldn’t be RouterOS doing it at Layer2/MAC/Ethernet-level (only IP/IPv6 layer-3)