Community discussions

MikroTik App
 
shreekrishna
just joined
Topic Author
Posts: 3
Joined: Wed Nov 21, 2012 11:47 am

Port ( Interface ) isolation in RB450 G /RB750 G ?

Wed Nov 21, 2012 1:01 pm

Hi,

One of my customer needs a solution for physically isolating the traffic between ports.
One of the interface ( in the port 2-5 range ) is connected to the corporate network,
another one to a broadband router and the third one to a printer. The idea is to see that
individually , both the internet and corporate interfaces can send / receive packets to /from
the printer interface , but the two interfaces can't exchange packets between themselves.

Is there anyway this can be done with firewall alone ? or does it need VLAN ?

regards
Shree
 
User avatar
sytex
Trainer
Trainer
Posts: 87
Joined: Fri May 23, 2008 10:35 am
Location: Hungary

Re: Port ( Interface ) isolation in RB450 G /RB750 G ?

Wed Nov 21, 2012 2:07 pm

Are the three interfaces bridged together or is there routing between the interfaces (different ip ranges on each)?
 
shreekrishna
just joined
Topic Author
Posts: 3
Joined: Wed Nov 21, 2012 11:47 am

Re: Port ( Interface ) isolation in RB450 G /RB750 G ?

Thu Nov 22, 2012 12:59 pm

They are on seperate IP range.. I believe bridging will have to removed to get the isolation

Shree
 
User avatar
sytex
Trainer
Trainer
Posts: 87
Joined: Fri May 23, 2008 10:35 am
Location: Hungary

Re: Port ( Interface ) isolation in RB450 G /RB750 G ?

Fri Nov 23, 2012 3:00 pm

Don't delete the bridge!!!

Leave them bridged together, and use Bridge Filters. I haven't used bridge filter many years ago, so I cannot give you the exact solution.
 
shreekrishna
just joined
Topic Author
Posts: 3
Joined: Wed Nov 21, 2012 11:47 am

Re: Port ( Interface ) isolation in RB450 G /RB750 G ?

Tue Nov 27, 2012 1:36 pm

But if we bridge them, there will be broadcast packets received at all the ports , I assume !
How will it give us the physical isoltaion ? The requirement is that the packets arriving at
internet port (say) should not go anywhere else except the print port ..and the ones from
enterprise side should go to the print port and no where else !

Pls correct me if my assumptions on bridge filtering are wrong here..

regards
Shree

Who is online

Users browsing this forum: Baidu [Spider] and 217 guests