Community discussions

MikroTik App
 
moveik
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 54
Joined: Tue Nov 24, 2020 1:16 am

How to have a WAN port without a bridge?

Wed Apr 26, 2023 7:54 pm

Currently I have two bridges:
  • Bridge "bridge-LAN", which is associated with 4 ports: ether1,ether2,ether3,ether4.
  • Bridge "bridge-WAN", which is associated with one port: ether5.

I want port "ether5" to be "standalone" - meaning, not associated with any bridge.

I tried via SSH to de-associate port ether5 from its bridge, but the available options *require* me to use a bridge, see terminal output:
/interface/bridge/port> :put [get [find interface=ether5] bridge]          
bridge-WAN
/interface/bridge/port> set [find interface=ether5] bridge=bridge-
bridge-LAN     bridge-WAN   
/interface/bridge/port> set [find interface=ether5] bridge=""     
ambiguous value of bridge, more than one possible value matches input

Also I tried to delete "bridge-WAN" from menu "/interface bridge" via WebFig, but it forced port "ether5" to be associated with "bridge-LAN", which is NOT desired.

Would appreciate your guidance.
 
User avatar
broderick
Member Candidate
Member Candidate
Posts: 242
Joined: Mon Nov 30, 2020 7:44 pm

Re: How to have a WAN port without a bridge?

Wed Apr 26, 2023 8:31 pm

Not sure if I got it right.

You want to remove ether5 from bridge-WAN, don't you?
Just go to bridge->port and remove the interface from the bridge-WAN, then delete the bridge-WAN too if you want. That's it!
You'd better use Winbox for that.
 
moveik
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 54
Joined: Tue Nov 24, 2020 1:16 am

Re: How to have a WAN port without a bridge?

Wed Apr 26, 2023 9:13 pm

Not sure if I got it right.

You want to remove ether5 from bridge-WAN, don't you?
Just go to bridge->port and remove the interface from the bridge-WAN, then delete the bridge-WAN too if you want. That's it!
You'd better use Winbox for that.
Ahh right thanks!
Got confused, too much work lately.

It worked via Webfig because I was connected via LAN.
 
User avatar
Buckeye
Forum Veteran
Forum Veteran
Posts: 883
Joined: Tue Sep 11, 2018 2:03 am
Location: Ohio, USA

Re: How to have a WAN port without a bridge?

Wed Apr 26, 2023 11:52 pm

You want to remove ether5 from bridge-WAN, don't you?
Just go to bridge->port and remove the interface from the bridge-WAN, then delete the bridge-WAN too if you want. That's it!
You'd better use Winbox for that.
I do think that @anav could make the instructions about how to do this a bit more clear in Config Issues / Locked Out - Accessing Router/AP Config Without Bridge

Once you know how to do it, it seems obvious, but since it is referenced in New User Pathway To Config Success, there should be a bit more explicit instructions when trying to explain how to do something to someone that has zero experience with ROS.

I know as someone that came from Ubiquiti EdgeRouters, knowing how to configure EdgeOS/vyatta isn't much help in configuring ROS.

Here's what the example shows as of 2023-04-26 16:00 EDT

And following it verbatim leads to a bad command on the add.

EXAMPLE - ether5, decide to use 192.168.5.55 as allowed IP.

add interface=ether5 name=ether5-access
/ip address
add interface=ether5-access address=192.168.5.1/24 network=192.168.5.0
/Interface list
add interface=Trusted
/interface list members
add interface=ether5-access list=Trusted
/ip neighbours discovery
add interface-list=Trusted
/tool mac-server mac-winbox
set allowed-interface-list=Trusted
/ip firewall filter
add action=accept chain=input src-address-list=Authorized
add action=accept chain=input in-interface=ether5-access src-address=192.168.5.55
 
User avatar
broderick
Member Candidate
Member Candidate
Posts: 242
Joined: Mon Nov 30, 2020 7:44 pm

Re: How to have a WAN port without a bridge?

Thu Apr 27, 2023 10:28 am

Ahh right thanks!
Got confused, too much work lately.
It worked via Webfig because I was connected via LAN.
You're welcome.
Yeah, got confused. It often happens to me too :)
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: How to have a WAN port without a bridge?

Fri Apr 28, 2023 7:11 pm

Not sure what you mean, there is no danger??
Just in case added a few things............

EXAMPLE - ether5, decide to use 192.168.5.55 as allowed IP.

Note: Since you have defined a subnet 192.168.5.0/24 you can pick any IP to enter into the IPV4 settings on the laptop.
If you can remember which one, feel free to narrow it down to lets say .55 in winbox rules or input chain rules etc.........


add interface=ether5 name=ether5-access
/ip address
add interface=ether5-access address=192.168.5.1/24 network=192.168.5.0
/Interface list
add interface=Trusted
/interface list members
add interface=ether5-access list=Trusted
/ip neighbours discovery
add interface-list=Trusted
/tool mac-server mac-winbox
set allowed-interface-list=Trusted
/ip firewall filter
add action=accept chain=input src-address-list=Authorized
add action=accept chain=input in-interface=ether5-access src-address=192.168.5.55

add action=accept chain=input in-interface=ether5-access src-address=192.168.5.0/24 { if you do not want to narrow down access }


where firewall address list is comprised of all potential Admin IP addresses locally or coming in on VPN.
This one is likely one you will be adjusting from time to time and may screw up.
As long as the separate rule exists not touched for the ether5 port, you can access the config.
 
User avatar
Buckeye
Forum Veteran
Forum Veteran
Posts: 883
Joined: Tue Sep 11, 2018 2:03 am
Location: Ohio, USA

Re: How to have a WAN port without a bridge?

Fri Apr 28, 2023 9:38 pm

There are two things I was trying to indicate, but was not clear about. And here I was complaining that your instructions were not clear, a bit ironic.

The primary (but unfortuneately unstated) one is that you are clear about what the the problem is, what the intended solution concept is, and what needs to be done, but there are no instructions on how to do it. Saying "remove spare etherport from the bridge" may be simple to someone that knows how, but it isn't obvious to someone that has never touched a MikroTik router before other than possibly to use Quick Set or a default config. A bit more guidance it needed. For most users I think doing it with WinBox (or probably can be done with webfig, but I never use that). It is possible with the command line, but you have to know the syntax and what your interfaces are named. Assuming ether5 hasn't been renamed
/interface bridge port remove [ find interface=ether5 ]
This is from posting.php?mode=quote&p=901360

CONCEPT
-ISOLATE PORT { remove from bridge }
...
1. Remove spare etherport (lets use 5) from the bridge and in the case of a capac (two ports - use ether2).

But if there are instruction on how to do step #1, I didn't see it.

Second was about the following

Sorry, I wasn't clear on what I was complaining about. There is no context specified for the first add.

This
EXAMPLE - ether5, decide to use 192.168.5.55 as allowed IP.

add interface=ether5 name=ether5-access

Should be changed to
EXAMPLE - ether5, decide to use 192.168.5.55 as allowed IP.

/interface ethernet
add interface=ether5 name=ether5-access
Or perhaps better at least with recent versions
/interface ethernet
set [ find default-name=ether5 ] name=ether5-access
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: How to have a WAN port without a bridge?

Fri Apr 28, 2023 9:41 pm

super will fix later today

Who is online

Users browsing this forum: Bing [Bot], outtahere and 29 guests