Community discussions

MikroTik App
 
lucascar
Trainer
Trainer
Topic Author
Posts: 3
Joined: Sat Mar 23, 2013 4:19 am

Hotel secure ports with CRS125-24G?

Tue Nov 18, 2014 6:16 am

I have a hotel and i want to configure each port as a secure port
example i want DHCP and get internet in each port but no comunication between each port or room (layer 2 or 3)
something similar than client insolation of wifi

thanks for the help
 
User avatar
43north
Member Candidate
Member Candidate
Posts: 208
Joined: Fri Nov 14, 2014 7:06 am

Re: Hotel secure ports with CRS125-24G?

Tue Nov 18, 2014 6:31 am

Seems like you could assign different subnet to each port and use firewall rules to drop between the subnets? Not sure if that would be the best way but just what came to mind for me....
 
lucascar
Trainer
Trainer
Topic Author
Posts: 3
Joined: Sat Mar 23, 2013 4:19 am

Re: Hotel secure ports with CRS125-24G?

Tue Nov 18, 2014 10:03 pm

any idea how to implement the cisco swich "secure port" opcion
all port can comunicate to 1 (output port) but not between them (service ports) all layer 2
 
jarda
Forum Guru
Forum Guru
Posts: 7756
Joined: Mon Oct 22, 2012 4:46 pm

Re: Hotel secure ports with CRS125-24G?

Tue Nov 18, 2014 10:24 pm

You can bridge the ports and switch the bridge firewall on. Then drop all packets between selected ports or address ranges.
 
User avatar
rmmccann
Member Candidate
Member Candidate
Posts: 182
Joined: Tue Sep 25, 2012 11:15 pm
Location: USA

Re: Hotel secure ports with CRS125-24G?

Tue Nov 18, 2014 11:29 pm

Seems like you could assign different subnet to each port and use firewall rules to drop between the subnets? Not sure if that would be the best way but just what came to mind for me....
This is what came to mind for me as well and is how I would do it. Disable switching and bridging, assign a subnet to each port and create firewall rules. A single masquerade rule should allow them to all communicate to WAN.
 
lucascar
Trainer
Trainer
Topic Author
Posts: 3
Joined: Sat Mar 23, 2013 4:19 am

Re: Hotel secure ports with CRS125-24G?

Wed Nov 19, 2014 8:49 am

Thanks for the ideas

I found the solution on CRS examples
http://wiki.mikrotik.com/wiki/Manual:CRS_examples
Isolation
Port Level Isolation

combined with vlan tagged the final config was
port1 connected to router and hotspot server in vlan35
port2 to next CRS 24ports same config than swich1
port2 to 24 fro rooms, use vlan35 untagged, isolated to each other, but get ip and from hotspot server on vlan 35 port1

now testing and almos ready to send to hotel

feel free to comment or make suggestions

attaching the export
You do not have the required permissions to view the files attached to this post.

Who is online

Users browsing this forum: Bing [Bot], FurfangosFrigyes, sybadi and 89 guests