Community discussions

 
Link100
just joined
Topic Author
Posts: 15
Joined: Mon Aug 12, 2019 3:39 am

Port Group Isolation

Mon Aug 12, 2019 4:40 pm

If I understood it correctly, I can separate ports under Bridge?

There are two external DHCP/DNS/Gateway servers:
Server 1 has the IP: 192.168.2.1/24
Server 2 has the IP: 192.168.3.1/24

On the MikroTik CRS326-24G now two port groups should be set up:
Group1: ether1 to ether8
Group2: ether9 to ether16

Group1 must not communicate with Group2.
Group2 must not communicate with Group1.

In MikroTik I have set it this way:

Mode: Bridge

1. under Bridge->Ports: two bridges created and this BridgeGroup1 and BridgeGroup2 named
2. then under Bridge->Ports: assign ether1 to ether8 to BridgeGroup1 and assign ether9 to ether16 to BridgeGroup2

3. IP->DHCP-Client Add New and selected under Interface BridgeGroup1
4. IP->DHCP-Client Add New and selected under Interface BridgeGroup2

DHCP Server1 is connected to ether1
DHCP Server2 is connected to ether9

If I now connect a PC with ether2, the PC gets an IP from "DHCP Server1" assigned

And if I connect another PC to ether10 then the PC gets an IP from "DHCP Server2" assigned

Is the configuration correct?
 
User avatar
Exiver
Frequent Visitor
Frequent Visitor
Posts: 88
Joined: Sat Jan 10, 2015 6:45 pm
Location: Germany

Re: Port Group Isolation  [SOLVED]

Mon Aug 12, 2019 7:22 pm

Yes your configuration is logically correct. You may need to check whether the Switch allows you to use Hardware Offloading ( https://wiki.mikrotik.com/wiki/Manual:I ... Offloading ) on two different bridges on the same switch chipset. If it does not you may see performance problems on the bridge which is not hardware offloaded. And you should check that devices from both groups are not able to communicate with each other (/ip firewall filter) or you could disable routing functionality.
 
Link100
just joined
Topic Author
Posts: 15
Joined: Mon Aug 12, 2019 3:39 am

Re: Port Group Isolation

Mon Aug 12, 2019 9:28 pm

Thank you for your answer.

It is a CRS326-24G router switch.
 
blingblouw
Member Candidate
Member Candidate
Posts: 259
Joined: Wed Aug 25, 2010 9:43 am

Re: Port Group Isolation

Tue Aug 13, 2019 12:00 am

But why would you not use vlans?

Put ether1-8 in vlan1 and ether9-16 in vlan2?
 
Link100
just joined
Topic Author
Posts: 15
Joined: Mon Aug 12, 2019 3:39 am

Re: Port Group Isolation

Tue Aug 13, 2019 2:16 am

That would also be a possibility. But it also works as mentioned above.
 
cifzo
just joined
Posts: 10
Joined: Mon Feb 18, 2019 10:35 pm

Re: Port Group Isolation

Tue Aug 13, 2019 7:55 am

I'm using a similar approach.. I've got a CRS326 with a single bridge; ports 1-8 are untagged and 9-16 are in a VLAN. All ports on the switch show HW offloaded. I believe you can only HW offload 1 bridge.
https://wiki.mikrotik.com/wiki/Manual:L ... witch_chip

Who is online

Users browsing this forum: No registered users and 19 guests