Community discussions

MikroTik App
 
5009Owner
newbie
Topic Author
Posts: 33
Joined: Sun Jan 09, 2022 9:09 am

Keept it simple port isolation

Fri Jan 21, 2022 12:03 pm

So, as a beginner, I undestood that there is no need for a bridge If I want to isolate all ports of my RB5009 from each other?
What would be the simpliest config to make it happend?

Eth1 will be my WAN-port to the ISP and ports 2-7 should have access to the internet. Eth8 should be for management only. (And only from Eth8, no remote managenent access from internet).
I guess there should be DHCP and DNS for each port 2-7?
And firewall rules to isolate ports and keep everyhing safe from internet bad guys.

Eth2 network 10.10.20.0/24
Eth3 network 10.10.30.0/24
-------
And so on Eth8 10.10.80.0/24.

So what would be the simpliest way to do this? General ideas are welcome but I don't mind to have details!
There are so many ways to do things, VLANs from interface, switch and bridge. My goal is simple so I want simple solution. Do I even need VLANs?
So far I've been surfing with my mobile phone (4G) but soon I will have 100M connection to my apartment. (as a start, ISP can later offer 10G speed as maximum. But that is another story).
100M is quite slow so if a simple config is using a lot of CPU power, there should be no effect?

Later on I will try to make some other config for my future needs, bu at this point I will survive with the idea above.
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 2865
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: Keept it simple port isolation

Fri Jan 21, 2022 10:47 pm

A. Reset your router with "No default configuration".
B. Decide which port is your WAN one. Let it be Eth1
C. Disable all remaining ports and configure management one (Eth8)
D. Enable the first unconfigured port as LAN one
D. Configure router as you need, cloning configuration with CLI from previous port if it is possible
E. Check if it works
F. Disable current LAN port
G. If there is next unconfigured port, enable it and go to point D else pass to H.
H. Enable all ports and configure interLAN rules
I. Have a cup of coffe
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19100
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Keept it simple port isolation

Fri Jan 21, 2022 11:17 pm

I. Have a cup of coffee with some Baileys :-) (had to fix the spelling error)
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 2865
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: Keept it simple port isolation

Fri Jan 21, 2022 11:27 pm

Gorblimey! Shame on mee :) Count of "e" is fixed.

Who is online

Users browsing this forum: anav, Nospam, qatar2022 and 38 guests