Hi,

how to separate network? ether1 - ether4 is my network. ether5 is lan cable to my neighbor. How to isolate him from my network and keep him to access internet?

Thank you

Hi,

how to separate network? ether1 - ether4 is my network. ether5 is lan cable to my neighbor. How to isolate him from my network and keep him to access internet?

Thank you

Firewall rules
it is one of my firewall rules. It keeps subnet 10.10.10.0/24 from getting access to subnet 192.168.3.0/24. Log is enabled to check what is going on possibly

Hi,

how to separate network? ether1 - ether4 is my network. ether5 is lan cable to my neighbor. How to isolate him from my network and keep him to access internet?

Thank you

Simply:
Unplug ether5 and make him install his connection, so that if he does something illegal, even without his knowledge, they don't send you to jail...

I've seen these things with the neighbors, as an ISP I have to report when asked by the police who owns the contract,
then the police don't give a damn if the neighbor used it or not,
usually the end user does not have the means to demonstrate that "in reality" the offender (unconscious or not) was the neighbor...
and the line is under the full responsibility of the owner, not the neighbor...

you are right...it was just example...Im just thinking how to separate one network from another without loosing internet.... I did now how to describe it better...

Find the two @anav topic about VLAN and the starting configuration,
is described step by step.

the @broderick suppose that already you have splitted the networks...

so when we have splitted networks subnets we can use only firewall rules? and when we want separate ether with same subnet we should use VLAN?

There are many possibilities and the lack of focus will drive us all nuts.
So clearly.
a.. spell out the user requirements ( what users or groups of users you have, and their needs for traffic flow) without noting anything about the configuration.
b. draw a network diagram of the MT devices showing subnets, where the internet is ccoming from and what ports you have available for LAN ports etc.......

Once that is done, if you have a config then post it.....
/export file=anynameyouwish ( minus router serial # and any public WANIP information ).

With the requirements and the network understood we can figure out an optimal configuration.
Vlans are convenient in separating users at level2, mac address but different subnets achieves the same thing etc............
Correct, for level3 routing, we almost always need firewall rules to prevent the router from connecting the dots (IP addresses).

Assuming that you have a standard configuration the simplest way from my point of view is:
1. remove ether5 from the LAN bridge
2. create interface list GUEST and add ether5 there
3. add IP address and setup DHCP server for ether5 interface
4. add a firewall rule to block access for your neighbor to all networks other than WAN I would however take seriously @rextended's advice...

Hi,

thank you all who written any guide...

this is only teoretical example...Im not going to share internet but I would like to understand how to do it....

now I do understand how to do it with firewall rule and two subnets...

what is the principle to do it by VLAN? I will create only VLAN for ether5?

Do some reading, both mikrotik documents and stuff like
viewtopic.php?t=143620

meanwhile off to help people with real problems.