Community discussions

 
Cheredov
just joined
Topic Author
Posts: 1
Joined: Sun Mar 11, 2018 8:44 am

CRS326 port isolation

Wed Mar 14, 2018 3:38 am

Greetings.

On MikroTik CRS326 with SwitchOS there is a port isolation option, which allows to
easily separate client ports from one another. These ports then have access to the
uplink. For example, ports 2-24 can be assigned client hosts, while port 1 is the uplink.

Image

My question is, how can I achieve the same configuration on RouterOS 6.41.3 using
vlan-filtering and hw-offload?

Thank you!
 
blackbox100
newbie
Posts: 36
Joined: Thu Mar 10, 2016 2:20 am

Re: CRS326 port isolation

Wed Apr 25, 2018 1:16 pm

+1

I would also like to know this

I have 30x crs326 that for now is useless

Sincerely

Carsten Larsen
 
cis2131
just joined
Posts: 5
Joined: Fri Mar 30, 2012 12:27 am

Re: CRS326 port isolation

Thu Apr 26, 2018 10:46 pm

Here is how you can do it.

Create a rule in Switch Rule menu like this:

switch=switch1 ports=ether12,ether2,ether3,ether4,ether5,ether24,ether23,
ether6,ether7,ether8,ether9,ether10,ether11,ether13,ether14,ether15,
ether16,ether17,ether18,ether20,ether19,ether21,ether22,ether1
copy-to-cpu=no redirect-to-cpu=no mirror=no new-dst-ports=sfp-sfpplus1

What this does is that it redirects all traffic from the users ports to the uplink port (the one going towards Internet).
That way users traffic can only go to the Internet, and not to each others.

This rule also disabels loop-protect on the lan ports, as the loop-protect packet also gets redirected to uplink, so if you need this feature, then add this before the above rule.

switch=switch1 ports=ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,ether11,
ether12,ether13,ether14,ether15,ether16,ether17,ether18,ether19,ether20,ether21,ether22,ether23,ether24
mac-protocol=loop-protect copy-to-cpu=no redirect-to-cpu=no mirror=no

Hope that helps.

Claus
MTCNA
 
blackbox100
newbie
Posts: 36
Joined: Thu Mar 10, 2016 2:20 am

Re: CRS326 port isolation

Thu Apr 26, 2018 11:34 pm

And i can confirm that this works

Thanks alot

Who is online

Users browsing this forum: MSN [Bot] and 119 guests