Community discussions

MikroTik App
 
User avatar
mrmut
Member Candidate
Member Candidate
Topic Author
Posts: 199
Joined: Mon May 18, 2009 2:10 pm

How to completely separate two networks?

Thu Jan 17, 2019 9:39 am

What is the best way to separate two networks on the same router?

What I did before is make two separate bridges and use IP Firewall to block stuff, but works only for IP, not MAC stuff as it seems.

Other option is to create separate subnet and block subnet to subnet only. But that is the same like setup above, yes?

Any ideas welcome (+ please give links to documentation / examples so I can learn).

Thanks!
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: How to completely separate two networks?

Thu Jan 17, 2019 12:02 pm

What I did before is make two separate bridges and use IP Firewall to block stuff, but works only for IP, not MAC stuff as it seems.

Configuring two bridges and assign ethernet ports to one of bridges should ensure L2 (MAC) separation between such subnets. Hence my question: what do you mean by "but works only for IP, not MAC stuff as it seems"?
 
User avatar
mrmut
Member Candidate
Member Candidate
Topic Author
Posts: 199
Joined: Mon May 18, 2009 2:10 pm

Re: How to completely separate two networks?

Thu Jan 17, 2019 12:47 pm

I was able to access one mikrotik device over two such bridged and firewalled networks (wifi and local, main mikrotik router from wifi).
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: How to completely separate two networks?

Thu Jan 17, 2019 12:54 pm

Your answer is not detailed enough to determine what works and what not. Mentioning router implies you did not pass MAC separation, but rather wrongly configured firewalls.

Describe your scenario (setup and test case) with more detail.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: How to completely separate two networks?  [SOLVED]

Thu Jan 17, 2019 2:06 pm

Using two different bridges,
One Lan on a bridge the other not on a bridge
Using one bridge but two vlans
Are some ways to avoid layer2 connectivity and thus the ROUTER can be firewalled at layer3 to block any traffic.
Having a look at your config as mkx stated will show if there are firewall issues with your setup.
 
User avatar
mrmut
Member Candidate
Member Candidate
Topic Author
Posts: 199
Joined: Mon May 18, 2009 2:10 pm

Re: How to completely separate two networks?

Thu Jan 17, 2019 3:26 pm

I think anav defined this well; I understand the options now. Thanks!
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: How to completely separate two networks?

Thu Jan 17, 2019 9:38 pm

Thanks, but thats because I know very little and thus can only keep it simple. If I knew any more I would probably give dangerous advice. :-)

Who is online

Users browsing this forum: Majestic-12 [Bot] and 33 guests