Community discussions

MUM Europe 2020
 
bobikas
just joined
Topic Author
Posts: 2
Joined: Sat Feb 08, 2020 9:19 pm

Isolating LAN port

Sat Feb 08, 2020 9:38 pm

Hello friends,
after day or two of googling, I still haven't found solution how to isolate my TV box connected on ether3 from LAN and allow to use only internet.
Now I have standard WISP AP setup when all lan ports are in single bridge.
Tried to move ether3 to separate bridge, assign dhcp... but without success.
I am not sure do I need WLAN or there is easier way for this task. I am stuck.
I was thinking understand a bit networking before first mikrotik :)
Thanks for any help
 
Kaos1337
just joined
Posts: 6
Joined: Tue Feb 04, 2020 8:20 pm

Re: Isolating LAN port

Sun Feb 09, 2020 6:03 pm

Hello,
you could configure another VLAN (read this guide) for your TV box and block the inter-VLAN traffic.
Last edited by Kaos1337 on Sun Feb 09, 2020 8:22 pm, edited 1 time in total.
 
mkx
Forum Guru
Forum Guru
Posts: 3745
Joined: Thu Mar 03, 2016 10:23 pm

Re: Isolating LAN port

Sun Feb 09, 2020 7:40 pm

If it's single port you want to isolate, then you can follow the path you started with (for a single port you don't need another bridge, can attach IP config directly to that port, just make sure it's not member of any bridges). But you definitely need some firewall filter rules to block connectivity from IP TV to the rest of LAN, such as this one:

/ip firewall fiter
add chain=forward action=drop in-interface=ether3 out-interface-list=LAN

The rule above will only block connections initiated by device(s) connected via ether3 targeting the rest of LAN, connections in the other direction will be allowed ... if you want to block hose as well, then construct another filter rule with in-interface-list=LAN and out-interface=ether3.
BR,
Metod
 
bobikas
just joined
Topic Author
Posts: 2
Joined: Sat Feb 08, 2020 9:19 pm

Re: Isolating LAN port

Sat Feb 15, 2020 12:16 am

mkx can you be more specific with some steps.
1. In Bridge->Ports disabled ether3 port (to remove from bridge)
2. In IP->Addresses created new IP Address: 192.168.2.1/24, Network: 192.168.2.0, Interface: ether3
3. firewall left as is (block later)

TV has no internet at all. What else is missing. DHCP? how WAN(ether1) is connected to ether3 without bridge, have no clue.
I see too much trees when not understand the forest :)

Who is online

Users browsing this forum: anav, Google [Bot], ingdaka, MSN [Bot] and 48 guests