Community discussions

MikroTik App
just joined
Topic Author
Posts: 10
Joined: Sun Sep 30, 2012 5:13 am

Blocking internal traffic between 2 DHCP networks

Wed Sep 10, 2014 11:07 pm

I've spent several hours searching and reading through these forums, and other's I've found online, but can't find what I'm looking for. I've tried several examples on my own as well and it didn't work.

I have 3 VirtualAPs set up on my router. 1 is a hotspot, the other two are wireless networks for two different companies in the same building.

I was successfully able to setup the hotspot with no problem. Using firewall rules, I was able to block traffic to the other two APs.

My other two VirtualAPs are:

WP -

They both have their own DHCP servers as well. They can get online and everything as far as internet access is ok.

I'm trying to keep GTS from communicating with WP. I added a drop rule in the firewall and it didn't work.

For example, for GTS in the firewall I did:


Source as
Destination as

and chose to drop.

For whatever reason, it's not dropping. When I'm on GTS I can ping anything on WPs network.

Any clue as to why the firewall rule isn't working? I'm overlooking something...

Thanks for any help/feedback. I really appreciate it.
User avatar
Posts: 515
Joined: Tue Feb 10, 2009 4:08 pm
Location: UK

Re: Blocking internal traffic between 2 DHCP networks

Thu Sep 11, 2014 7:13 am

If the firewall rule isn't working, the chances are it's because either you specified the rule incorrectly or the traffic is not being routed through the RB. Please can you post output of the following commands:

/ip address print
/ip route print
/ip dhcp-server print
/ip dhcp-server network print
Member Candidate
Member Candidate
Posts: 210
Joined: Fri Mar 21, 2014 8:27 pm
Location: RO

Re: Blocking internal traffic between 2 DHCP networks

Thu Sep 11, 2014 9:08 am

I have a similar issue with 2 subnets and, the fw rule isn;t droping anything from source .50 to dest .10
Having fun with RB850Gx2, RB2011UiAS-2HnD, RB260GSP, RB751U-2HnD, CRS112, RB3011UiAS, hAP ac, cAP ac and hAP ac². More others on the way :-)
just joined
Posts: 7
Joined: Sat Sep 27, 2014 7:56 pm

Re: Blocking internal traffic between 2 DHCP networks

Mon Sep 29, 2014 5:25 am

I am also having this issue. The firewall rules are being ignored.

I have the rb2011 Mikrotik.

ether1 = WAN =
ether2 = LAN/WLAN1 =
WLAN2 = virtual AP =

dhcp1 = bridge-local
dhcp2 = wlan2

hotspot1 Interface = wlan2

I don't want the hotspot clients to access login page of the router, and I don't want the hotspot clients to access any of the LAN/WLAN1

I only want hotspot clients to reach the internet, not internal LAN. And hotspot clients should not be able to see other hotspot clients devices.

What should I look at in my settings.

Who is online

Users browsing this forum: Baidu [Spider], Google [Bot], sistelec and 72 guests