Community discussions

MikroTik App
 
jeroenp
Member Candidate
Member Candidate
Topic Author
Posts: 159
Joined: Mon Mar 17, 2014 11:30 am
Location: Amsterdam
Contact:

Name network or group of networks?

Sun May 01, 2016 1:49 pm

I see a lot of places where I use various networks, for instance these:

- 192.168.71.0/24 - LAN
- 192.168.171.0/24 - WAN side of my ADSL connection
- 192.168.172.0/24 - WAN side of my fiber connection

Is it possible to give these a (descriptive) alias

That will make specifying the allow for services and graphs a lot more readable.

--jeroen
 
Revelation
Member
Member
Posts: 338
Joined: Fri Dec 25, 2015 5:59 am

Re: Name network or group of networks?

Tue May 03, 2016 2:21 am

The only thing I can think of is adding a comment to the address space.
 
jeroenp
Member Candidate
Member Candidate
Topic Author
Posts: 159
Joined: Mon Mar 17, 2014 11:30 am
Location: Amsterdam
Contact:

Re: Name network or group of networks?

Tue May 03, 2016 12:25 pm

Where would I add that comment in the "/ip service" list?

(That's one of the places I have an extensive set of network addresses).
 
Revelation
Member
Member
Posts: 338
Joined: Fri Dec 25, 2015 5:59 am

Re: Name network or group of networks?

Fri May 06, 2016 2:59 am

Where would I add that comment in the "/ip service" list?

(That's one of the places I have an extensive set of network addresses).
Really? IP service would be for ports / protocols, not IPs....

You should have your networks under IP addresses....
 
jeroenp
Member Candidate
Member Candidate
Topic Author
Posts: 159
Joined: Mon Mar 17, 2014 11:30 am
Location: Amsterdam
Contact:

Re: Name network or group of networks?

Fri May 06, 2016 8:30 am

Really: Image

This besides what I have under /IP/addresses: Image

There will be firewall rules too...

--jeroen
 
pe1chl
Forum Guru
Forum Guru
Posts: 6914
Joined: Mon Jun 08, 2015 12:09 pm

Re: Name network or group of networks?

Sat May 07, 2016 10:59 am

Putting a range on ip services (and snmp communities) is a quick way to limit access to the admin features
to a single or a few networks, but when you want long lists like that it is probably better to use the firewall filter
for "input", where you can use an ip address list, which can contain elements with comment.
"input" is only used for access to the router itself (admin, services like DNS running on the router), so it is easy
to keep the filter separate from "forward" which is the routed traffic which will have less limitations.
 
jeroenp
Member Candidate
Member Candidate
Topic Author
Posts: 159
Joined: Mon Mar 17, 2014 11:30 am
Location: Amsterdam
Contact:

Re: Name network or group of networks?

Sat May 07, 2016 4:12 pm

Putting a range on ip services (and snmp communities) is a quick way to limit access to the admin features
to a single or a few networks, but when you want long lists like that it is probably better to use the firewall filter
for "input", where you can use an ip address list, which can contain elements with comment.
"input" is only used for access to the router itself (admin, services like DNS running on the router), so it is easy
to keep the filter separate from "forward" which is the routed traffic which will have less limitations.
I'm relatively new on Mikrotik stuff, so these kinds of answers are very valuable to me.
Thanks a lot!

--jeroen

Who is online

Users browsing this forum: gnommon and 27 guests