I already have the hardware, and i don't have the luxury to plug the computers in the router.
The router has a link to the switch, i will eventually have computers that need to be isolated plugged in the router and the switch at the same time.
I agree that the VLAN way is the best way, but i don't have the RouterOS skills to configure this.
Nicolae, I thought the same abut XVO helped me through the worst bits, a few lost teeth, down a few pints of blood, but in the end I am fully recovered and I am exploding with VLANS I think I am up to 8 right now and some on Virtual APs no less. Somebody help me IM outta control!!
Seriously, if we take it slow, it may even feel good
Just do one VLAN, in slow time, step by step and it will be like magic.
The key is to ENSURE you have SAFE MODE ON, throughout the entire time.
(note: Being a complete idiot, I now hit the safe mode first thing ALWAYS each session I open up on winbox)
You will need to.
create vlan interface including assigning a Vlan name and number and assign the VLAN to your current bridge under the interface selection.
On the Interface LIST ensure you add the VLAN to the LAN interface ( the bridge should already be there under LAN as well)
UNDER IP MENU, create vlan ip pool, ip address, DHCP server (using the pool), DHCP network.
On the Bridge menu (ignore the first Bridge Tab, you will use it later)
ports tab - ensure the physical ports coming out of the router that carry vlans are associated with the bridge
vlans tab - ensure that the tagged ports include the vlans that your router is controlling, the bridge itself, and the physical ports on the router that carry the traffic.
In terms of firewall rules it depends if you have a drop everything rule as standard fare at the end of input/forward rules.
If so, then you will need to create an accept forward traffic rule, VLAN to WAN (in-interface: VLAN out-interface WAN, or if two ISPs use out-interface-list=WAN
If you are more of an allow everything and create rules to block then you may need something like Drop Forward Rule where one states, in-interface VLAN, Out-Interface=!
(meaning drop all traffic from vlan to anything but the WAN).
Last step and if you managed to forget, now is the time to hit SAFE MODE. Go back to Bridge, click on the bridge name in the menu and then select the VLAN TAB. (To be clear this is not the vlan tab that is viewable from when Selecting Bridge from the left hand menu, but one that becomes available when you double click on the bridgename itself (visible when the first tab (default tab called Bridge) on the menu is highlighted). At the popup menu select VLAN and you will see a checkbox next to VLAN filtering that is blank. Check this box.
You should be just about done!
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)