How to set up visibility and isolation of internal vlan on mikrotik?

E

edh_krusher2018-08-14 15:13:04

Mikrotik

edh_krusher, 2018-08-14 15:13:04

There are three vlans inside the network 1,2,3,4
1 management
2 admin
3 cameras
4 company grid.
Vlan 2.4 dhtsp from mikrotik. The rest are static.
How to make 4 vlan not see the first 3.
2 vlan see all the vlans?)) I can’t figure out the connection, I drive the rules into the firewall rules, but for some reason I still can’t see anyone from the 2 vlan. How to configure all this through firewall rules? It is necessary that both smtp and icmp and tcp and arp requests could leave from vlan 2.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

D

Dmitry Shitskov, 2018-08-14
@edh_krusher

By default, all vlans see everyone. If this is not the case, the problems are in the routing, not the Firewall.
Write allowing rules where, for example, an allowing rule in forward with source interface vlan2. You add all other allowing rules, such as access to the Internet from these vlans, or let's say you allow vlan 2 to go to vlan 3. At the end, make a drop rule. Accordingly, everything that is not allowed above will be prohibited.