Community discussions

MikroTik App
 
jaceqp123
just joined
Topic Author
Posts: 19
Joined: Wed Mar 01, 2017 4:42 pm

MT as a separate subnet on internal network

Tue Jan 12, 2021 3:12 pm

Hi there.
I have MT connecten via WAN port on internal network.
Main network: 192.168.1.x (main router/gateway: 192.168.1.252)
MT's network: 192.168.111.x (MT's IP: 192.168.111.111)
MT's wifi (hotspot) network: 192.168.222.x (MT's wifi hotspot ip: 192.168.222.111)

I want to isolate 192.168.1.x from MT's 192.168.222.x/192.168.111.x). MT's gateway on WAN port is 192.168.1.252.
I've created VLAN for MT's lan ports + wifi. Yet that seem not to do the job (perhapse because main network has no vlan @ all). Is VLAN actually a solution on this (without any changes on main network)?
For now I've just created a simple firewall rule:
/ip firewall filter add chain=forward action=drop dst-address=192.168.1.0/24 log=no log-prefix="
But perhapse it would be better to separate traffic on interface layer instead?
 
Sob
Forum Guru
Forum Guru
Posts: 6484
Joined: Mon Apr 20, 2009 9:11 pm

Re: MT as a separate subnet on internal network

Tue Jan 12, 2021 11:36 pm

If you can't or don't want to do anything with main router, VLAN won't help you, if MT's WAN port is still connected to main network as it is now. Firewall filter is good enough, nothing will pass from other networks to main one, as long as you (or anyone else with access to MT) don't disabled it or don't allow access with some other rule(s).
Excessive quoting is useless and annoying. If you use it, please consider if you could do without it.
 
jaceqp123
just joined
Topic Author
Posts: 19
Joined: Wed Mar 01, 2017 4:42 pm

Re: MT as a separate subnet on internal network

Wed Jan 20, 2021 11:55 am

If that's the only reasonable solution I'm ok with it...
My main concern is to secure unauthorised access via wifi. So my MT's wifi works in 'hotspot' mode with additional web login as a 2nd line of defense :P
Also all inputs from wifi to MT itself are dropped. That should be enough for now.

Who is online

Users browsing this forum: kalto and 164 guests