Home Mikrotik RB951G-2HnD and VLAN - how to achieve Feng Shui?

F

Fumoffu2015-10-23 15:20:53

Mikrotik

Fumoffu, 2015-10-23 15:20:53

Hero of the occasion: Mikrotik RB951G-2HnD, RouterOS 6.32.
Task: move to two different subnets and isolate from each other devices that connect to the router via wires from devices that connect wirelessly.
Tools: VLAN?
How it works now:

1 and 2 ports ( eth1 and eth2 ) - Internet providers, Internet access via PPPoE for both;
port 3 ( eth3 ) - not busy yet;
Ports 4 and 5 ( eth4 and eth5 ) are assigned for PC and similar NAS, " eth3 " is set as "Master Port" in interface settings ;
wlan1 works in " AP Bridge " mode, " Bridge mode: enabled ";
Created a bridge bridge1 , it includes eth3 and wlan1;
A DHCP server is running on bridge1, the subnet 192.168.0.0/24 has been raised, and the masquerade of this subnet to the Internet has been raised.

Actually, the question is - how to use the VLAN here in the most correct and practical way?
Thanks in advance for taking the time to read this question. If something needs to be added - comment.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

M

Melkij, 2015-10-23
@Fumo

Vlans are not needed here.
You disassemble your bridge, hang up your dhcp and subnet on wlan1, and your own on eth3. In the firewall, add rules to drop traffic between these two interfaces.

H

huko, 2015-10-23
@huko

You don't need a VLAN here. Remove the eth3 port from bridge1 and you will have a separate wireless network. Create bridge2 and add eth3 + IP address + DHCP + masquerading there (following the example on bridge1). By default, traffic between two subnets will go through the router, so that this does not happen in ip-firewall-filter, add the necessary rules.