Mikrotik router isolated network

E

epictree

Well-Known Member
Joined
Jun 3, 2015
Messages
118
Reaction score
8
I've got a Mikrotik router that can run of usb so I got it hooked up as part of my loadshedding network. It is connected with a cable from fiber router LAN port into WAN port of HAP Lite. The router then broadcasts wifi and ethernet fine.

My problem is devices connected to the Mikrotik can still see the main router and its devices. I want this as an isolated network because I repair computers and connect unknown computers on this network. I'm a network noob so is this firewall rules? If so what should I do?
 
I assume you have a separate DHCP scope from the mikrotik. If not, configure that.
Use ACL's on the mikrotik denying access to the scope of the other range
 
syntax said:
I assume you have a separate DHCP scope from the mikrotik. If not, configure that.
Use ACL's on the mikrotik denying access to the scope of the other range
Click to expand...
The fibre router has a different DHCP from the Mikrotik. Its double natted. I'll have a look at the ACL on the Mikrotik.
 
epictree said:
The fibre router has a different DHCP from the Mikrotik. Its double natted. I'll have a look at the ACL on the Mikrotik.
Click to expand...

Thats good then, just add a deny to those ranges or any rfc 1918 range and then an allow underneath to all
 
syntax said:
Thats good then, just add a deny to those ranges or any rfc 1918 range and then an allow underneath to all
Click to expand...
I have found the option to use ACL which is a tick box but nowhere to configure it. I'm assuming its somewhere in Webfig but I don't know where.
 
Okay I watched a Youtube video and followed the instructions. I looked under Webfig addresses and looked at the IP addresses from both networks. I inserted a forward firewall rule which seemed to work:
  • Source address 192.xxx.xxx.x/24 (Mikrotik)
  • Destination address 192.xxx.xxx.x/24 (Main fiber router)
  • Set action to drop and apply.
 
I've got another problem but this time on a Hap Ac lite. I have enabled guest network but the guest network can access admin page and other stuff. How do I firewall this from guest without affecting the other normal SSID's?
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter