Community discussions

MikroTik App
 
CamefromEdgeOS
just joined
Topic Author
Posts: 3
Joined: Wed Apr 14, 2021 11:15 pm

Each port a seperate Subnet

Thu Apr 15, 2021 12:49 am

hello. i'm new to microTIK and came from Ubiquitys Edge OS.

I want to set each LAN port as a seperate subnet. I can't find a way to do this.

Of course Port 1 is WAN.
I'd like
LAN 1 to be 192.168.1.1, DHCP off
LAN 2 to be 192.168.2.1, DHCP on
LAN 3 to be 192.168.3.1, DHCP on
LAN 4 to be 192.168.4.1, DHCP on

Where in (preferably the GUI) settings can i do this? Over command line is fine to get it done, but i need to show my subordinates where to set this as well.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11433
Joined: Thu Mar 03, 2016 10:23 pm

Re: Each port a seperate Subnet

Thu Apr 15, 2021 8:57 am

Default configuration depends on mikrotik device type, so are necessary steps to be taken.

Most SOHO type devices come with default config which uses ether1 as WAN interface, other wired and wireless interfaces are made part of a bridge (all ports are bridged/switched) which is then used for LAN. If you want to use ports as interfaces for different subnets (either LAN or WAN), then you have to remove needed interfaces from bridge. That can be done under bridge -> ports. After interface is "freed" from bridge, one can proceed by configuring L3 on it (IP address, DHCP server, ...).
Default firewall on these devices comes with "abstraction layer" ... meaning that certain filter rules target interface-lists ... hence if you're using multiple LAN subnets, then only necessary change is to add appropriate interface to LAN interface list (interfaces -> interface list). E.g. if you'd like to use two WAN links (for failover, load sharing, whatever), configured on ether1 (default) and ether4 (your addition), add ether4 to WAN inteface list (after you've set WAN interface details such as running DHCP client or whatever applies) and SRC NAT etc. is already configured for you.
If you want to block traffic between different LAN subnets, then you'll have to add appropriate firewall filter rules.
Beware that default firewall rules allow management access to router from interface list LAN. If you're constructing "untrusted" LAN subnets, don't add those interfaces to LAN interface list.
 
CamefromEdgeOS
just joined
Topic Author
Posts: 3
Joined: Wed Apr 14, 2021 11:15 pm

Re: Each port a seperate Subnet

Thu Apr 15, 2021 4:26 pm

Thanks for the response. I can see where I can remove the ports from Bridge and have done so.

What do you mean by "configure L3" on them? Where are those settings.

Also unrelated but may be a quick answer. I can only seem to access the WebFig via its static WAN address. How can i enable the ability to access it via its static LAN address?
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Each port a seperate Subnet

Thu Apr 15, 2021 5:07 pm

L3 typically refers to the ip firewall filter rules, to prevent routing between subnets when not wanted.

Who is online

Users browsing this forum: baragoon, bertus, ivicask, tuiespacecorp and 74 guests