Community discussions

MikroTik App
  4. RouterOS
  5. General

set RB450 as managed switch

Post Reply
 
namo
Long time Member
Long time Member
Topic Author
Posts: 530
Joined: Sat Oct 03, 2009 4:44 pm

set RB450 as managed switch

Mon Sep 13, 2010 8:29 am

I have Mikrotik v4.11 with hotspot on intel PC.

I mention in previous post that I want set RB450 as managed switch which do client isolation and block arp-scan that steel the ip and mac address of other clients Or do not allow two computer with same ip and mac address (We know that the second device with the same ip and mac address is for the unauthorized user since I disable cookies and unauthorized can not login first ). I have set client isolation in the APs and now I can not see the client that connected to the same AP but I can see the ip and mac of the client that connected to other AP.

I run the fallowing script on RB450:
Code: Select all
/interface bridge add name=bridge
/interface bridge port add bridge=bridge interface=ether1 horizon=1
/interface bridge port add bridge=bridge interface=ether2 horizon=2
/interface bridge port add bridge=bridge interface=ether3 horizon=3
/interface bridge port add bridge=bridge interface=ether4 horizon=4
/interface bridge port add bridge=bridge interface=ether5 horizon=5
Also I create a different vlan for each port but I still able see other client IP and mac address with arp-scan tools as it was with normal setting. What is wrong?
Top
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7056
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:
Contact mrz

Re: set RB450 as managed switch

Mon Sep 13, 2010 10:54 am

You can set bridge filters to drop communication between bridge ports.
Other than than RB450 cannot be configured as managed switch.
Top
 
namo
Long time Member
Long time Member
Topic Author
Posts: 530
Joined: Sat Oct 03, 2009 4:44 pm

Re: set RB450 as managed switch

Mon Sep 13, 2010 6:10 pm

You can set bridge filters to drop communication between bridge ports.
Other than than RB450 cannot be configured as managed switch.
how to set bridge filters and do I need the vlan
Top
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7056
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:
Contact mrz

Re: set RB450 as managed switch

Tue Sep 14, 2010 8:15 am

No you don't need vlan.
Code: Select all
/interface bridge filter
add in-interface=ether2 out-interface=ether3 action=drop
Do the same for every interface combination.
Top
 
namo
Long time Member
Long time Member
Topic Author
Posts: 530
Joined: Sat Oct 03, 2009 4:44 pm

Re: set RB450 as managed switch

Tue Sep 14, 2010 11:19 am

No you don't need vlan.
Code: Select all
/interface bridge filter
add in-interface=ether2 out-interface=ether3 action=drop
Do the same for every interface combination.
should I also filter port 5 if it is the one connected to the router?
Top
 
namo
Long time Member
Long time Member
Topic Author
Posts: 530
Joined: Sat Oct 03, 2009 4:44 pm

Re: set RB450 as managed switch

Fri Sep 17, 2010 12:49 pm

Code: Select all
/interface bridge add name=bridge
/interface bridge port add bridge=bridge interface=ether1 horizon=1
/interface bridge port add bridge=bridge interface=ether2 horizon=1
/interface bridge port add bridge=bridge interface=ether3 horizon=1
/interface bridge port add bridge=bridge interface=ether4 horizon=1
/interface bridge port add bridge=bridge interface=ether5 

/interface bridge filter
add in-interface=ether1 out-interface=ether2 action=drop chain=forward
add in-interface=ether1 out-interface=ether3 action=drop chain=forward
add in-interface=ether1 out-interface=ether4 action=drop chain=forward
add in-interface=ether2 out-interface=ether1 action=drop chain=forward
add in-interface=ether2 out-interface=ether3 action=drop chain=forward
add in-interface=ether2 out-interface=ether4 action=drop chain=forward
add in-interface=ether3 out-interface=ether1 action=drop chain=forward
add in-interface=ether3 out-interface=ether2 action=drop chain=forward
add in-interface=ether3 out-interface=ether4 action=drop chain=forward
add in-interface=ether4 out-interface=ether1 action=drop chain=forward
add in-interface=ether4 out-interface=ether2 action=drop chain=forward
add in-interface=ether4 out-interface=ether3 action=drop chain=forward
I didn't add port 5 because it is the uplink. Is this correct for switch client isolation?
Top
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:
Contact Chupaka

Re: set RB450 as managed switch

Tue Sep 28, 2010 11:48 am

or, in shorter form,
Code: Select all
/interface bridge filter
add chain=forward in-interface=!ether5 out-interface=!ether5 action=drop
Top
 
Feklar
Forum Guru
Forum Guru
Posts: 1724
Joined: Tue Dec 01, 2009 11:46 pm

Re: set RB450 as managed switch

Tue Sep 28, 2010 5:17 pm

Another option that takes fewer rules is to set the Horizon option on each port to the same number, and leave horizon=none on the uplink port. This prevents any traffic coming in on a port with the same horizon number going out another port with the same horizon number.

Keep in mind however, this is in no way shape or form a real switch it is a router, don't expect it to handle VLANs the same way as a switch will. As far as it's concerned, whenever you add in a VLAN it's just another physical interface that it can use.
Top
 
namo
Long time Member
Long time Member
Topic Author
Posts: 530
Joined: Sat Oct 03, 2009 4:44 pm

Re: set RB450 as managed switch

Wed Sep 29, 2010 9:29 am

will I have better options and setting if I used RB493AH as a router and switch instead of of having Intel PC as router and RB450 as switch?
Top
 
Feklar
Forum Guru
Forum Guru
Posts: 1724
Joined: Tue Dec 01, 2009 11:46 pm

Re: set RB450 as managed switch

Wed Sep 29, 2010 6:11 pm

It all depends on your setup and what your goals are. Having a 493 handle everything definitely makes your life easier since there is only one thing to manage, and hence only one thing to go wrong. You won't have any extra options in this case however, but the setup is definitely less complex. Keep in mind that the RouterOS is for making devices routers, not switches. You can make them act like a layer 2 device to a certain extent, but they really aren't designed for it.

If you plan on a network that requires a switch, invest the money in a decent managed switch, you'll save yourself a ton of time, money, and headaches in the long run by investing in the proper hardware to run your networks now.
Top
 
namo
Long time Member
Long time Member
Topic Author
Posts: 530
Joined: Sat Oct 03, 2009 4:44 pm

Re: set RB450 as managed switch

Fri Oct 01, 2010 10:39 am

It all depends on your setup and what your goals are. Having a 493 handle everything definitely makes your life easier since there is only one thing to manage, and hence only one thing to go wrong. You won't have any extra options in this case however, but the setup is definitely less complex. Keep in mind that the RouterOS is for making devices routers, not switches. You can make them act like a layer 2 device to a certain extent, but they really aren't designed for it.

If you plan on a network that requires a switch, invest the money in a decent managed switch, you'll save yourself a ton of time, money, and headaches in the long run by investing in the proper hardware to run your networks now.
I want exact module for a good 12 port or more switch that can do client isolation. Will this prevent:
1-people from stealing Mac address and ip of active users? (if AP is already set to client isolation)
2- doesn't allow two users with the same mac and ip address
Top
Post Reply

Who is online

Users browsing this forum: almdandi, Google [Bot] and 68 guests
  4. RouterOS
  5. General