Community discussions

 
rodolfo
Long time Member
Long time Member
Topic Author
Posts: 543
Joined: Sat Jul 05, 2008 11:50 am

does disabling Forward but brdging isolate users?

Sun Dec 04, 2011 10:39 am

Hi all.
In one access point rb433ah, I have two wlans.
In each wlan I have Forward=off then users are isolated at L2 one each other.
If I bridge the two wlans, is also true that users of wlan1 are isolated at L2 by users at wlan2 ?

thanks
rodolfo
IZ0UQV
 
User avatar
ojsa
Member Candidate
Member Candidate
Posts: 181
Joined: Tue Jan 27, 2009 8:53 pm
Location: Norway

Re: does disabling Forward but brdging isolate users?

Sun Dec 04, 2011 11:27 am

No, if you bridge those to interfaces the user would be connected on L2
Network professional - Certified MTCNA, MTCWE MTCTCE, MTCRE, MTCUME and MTCINE. - Wiki Profile
 
sup5
Member
Member
Posts: 322
Joined: Sat Jul 10, 2010 12:37 am

Re: does disabling Forward but brdging isolate users?

Sun Dec 04, 2011 11:44 am

if you put ether1, wlan1, and wlan2 in a bridge, there will be no isolation.

but if you specify horizon=1 on each wlan bridge-port, then the wlan interfaces will be isolated from each other.
 
rodolfo
Long time Member
Long time Member
Topic Author
Posts: 543
Joined: Sat Jul 05, 2008 11:50 am

Re: does disabling Forward but brdging isolate users?

Sun Dec 04, 2011 9:15 pm

thanks!

but if I have a bridge with wlan1, wlan2 and an eoip tunnel, and I want L2 connecctivity from wlan1 and eoip and wlan2 and eoip, but not from wlan1 and wla2: is it possible?
rodolfo
IZ0UQV
 
User avatar
ojsa
Member Candidate
Member Candidate
Posts: 181
Joined: Tue Jan 27, 2009 8:53 pm
Location: Norway

Re: does disabling Forward but brdging isolate users?

Sun Dec 04, 2011 9:58 pm

Yes, set horizon to ex. 1 on the the port against wlan1 and wlan2, that would prevent traffic between those two and leave traffic flow between wlan and eoip as you want.
Network professional - Certified MTCNA, MTCWE MTCTCE, MTCRE, MTCUME and MTCINE. - Wiki Profile
 
rodolfo
Long time Member
Long time Member
Topic Author
Posts: 543
Joined: Sat Jul 05, 2008 11:50 am

Re: does disabling Forward but brdging isolate users?

Mon Dec 05, 2011 7:25 pm

Thanks!

do you mean: two or more ports of the same bridge, having the same horizon number, are L2 isolated?
rodolfo
IZ0UQV
 
User avatar
ojsa
Member Candidate
Member Candidate
Posts: 181
Joined: Tue Jan 27, 2009 8:53 pm
Location: Norway

Re: does disabling Forward but brdging isolate users?

Mon Dec 05, 2011 9:54 pm

Yes, ports with the same horizon will prevent traffic in between.

I usually use this function in a mpls/vpls where every vpls participant are directly connected and the bridge only should forward data out to external interfaces.
Network professional - Certified MTCNA, MTCWE MTCTCE, MTCRE, MTCUME and MTCINE. - Wiki Profile
 
rodolfo
Long time Member
Long time Member
Topic Author
Posts: 543
Joined: Sat Jul 05, 2008 11:50 am

Re: does disabling Forward but brdging isolate users?

Tue Dec 06, 2011 11:15 am

karmic!
rodolfo
IZ0UQV
 
rodolfo
Long time Member
Long time Member
Topic Author
Posts: 543
Joined: Sat Jul 05, 2008 11:50 am

Re: does disabling Forward but brdging isolate users?

Sat Dec 10, 2011 8:59 am

and wath about wds interfaces dinamically created and bridged: it is not possible to automatically set an horizon to them?
rodolfo
IZ0UQV
 
User avatar
ojsa
Member Candidate
Member Candidate
Posts: 181
Joined: Tue Jan 27, 2009 8:53 pm
Location: Norway

Re: does disabling Forward but brdging isolate users?

Sat Dec 10, 2011 11:26 am

Mmm.. I haven't tested that.

But according to http://mum.mikrotik.com/presentations/U ... 011-US.pdf is seems possible, but since your interfaces is added dynamically you could try to press the "copy" button on one of the dynamic WDS interfaces under bridge port and set the horizon value. This creates a static entry and replaces the dynamic one. Useful when you wan't special settings for one or several dynamic assigns f.ex interfaces.
Network professional - Certified MTCNA, MTCWE MTCTCE, MTCRE, MTCUME and MTCINE. - Wiki Profile
 
rodolfo
Long time Member
Long time Member
Topic Author
Posts: 543
Joined: Sat Jul 05, 2008 11:50 am

Re: does disabling Forward but brdging isolate users?

Sat Dec 10, 2011 5:46 pm

It doesnt work :(

There is no method to assign an horizon to a dinami WDS interface.

Now I tried to use bridge filter to isolate users between them.
I have a bridge with eoip1, wlan1 and wlan2 (the eoip concentrate pppoe connections)
Then I write three bridge filters:
1. in-interface=eoip1 -> allow
2. out-interface=eoip1 -> allow
3. drop everithing else

I am shure these rules works from users in wlan1 against users in wlan2.

My question is: these rules works between users of the same wlan also if defautl-forward=yes
Or I need to set defautl-forward=no in the wlan interface ?

thanks

Rodolfo Rughi
rodolfo
IZ0UQV

Who is online

Users browsing this forum: No registered users and 109 guests