Hi.
I am trying to isolate my TV from the rest of my network. I have removed interface/port 2 from the default bridge and added port 2 to the address list 192.168.87.1/32. Then I have manually added ARP with 192.168.87.1 and the MAC address of the TV. What am I doing wrong, because the TV won't connect to the internet?
I have also tried adding a new DHCP sever with static only, and /31, /30 variants. Adding a 192.168.78.1-192.168.78.2 pool with DHCP and /30 mask doesn't work either.
Re: ARP without DHCP server?
See if this can help:
use 192.168.87.1/24 for your port2 address.
Make sure you have DNS server deploy and gateway setting in your dhcp leasing (both settings should be 192.168.87.1)
use 192.168.87.2 - 192.168.87.3 in your pool address.
Ping from your Mikrotik to your TV
Create new interface list, say LAN2 to include port2
In firewall, allow forward from LAN2 to WAN (maybe its allowed by default, I am not sure of this as I dont use the default firewall rules) and block forward from LAN2 to LAN (and vice versa if needed).
use 192.168.87.1/24 for your port2 address.
Make sure you have DNS server deploy and gateway setting in your dhcp leasing (both settings should be 192.168.87.1)
use 192.168.87.2 - 192.168.87.3 in your pool address.
Ping from your Mikrotik to your TV
Create new interface list, say LAN2 to include port2
In firewall, allow forward from LAN2 to WAN (maybe its allowed by default, I am not sure of this as I dont use the default firewall rules) and block forward from LAN2 to LAN (and vice versa if needed).
Re: ARP without DHCP server?
Why so overly complicated?I am trying to isolate my TV from the rest of my network.
Create a second VLAN -> finished :)
Re: ARP without DHCP server?
If TV is the only device to be isolated and is connected to dedicated port on router, then use of VLANs is un-necessary complication. The way OP started was fine. There are a few gotchas though. The biggest might be the bug in default configuration where ports ether2-etherX are bridged but LAN IP settings (most notably address) are bound to ether2. So before removing ether2 from bridge OP must make sure ether2 is not referenced anywhere in the configuration other than in /interface bridge port. Easiest way to check it is to export configuration to text file (run /export file=anynameyouwish), open it in text editor and search for ether2.
When resolving the problem it is possible to block self from access to router. Usually it is possible to connect using winbox using MAC connectivity, so fetch it beforehand.
When ether2 is "clean of configuration", proceed according to @ykleet post. No need to make TV subnet smaller than /24, I'm sure 256 private /24 subnets are plenty enough for a typical home setup.
When resolving the problem it is possible to block self from access to router. Usually it is possible to connect using winbox using MAC connectivity, so fetch it beforehand.
When ether2 is "clean of configuration", proceed according to @ykleet post. No need to make TV subnet smaller than /24, I'm sure 256 private /24 subnets are plenty enough for a typical home setup.